On Jun 10 2019, Jukka Pakkanen wrote:
We have a strange problem related to DNS services, maybe someone here have
a clue what could be the problem.
[…]
An example, the client domain is raimoasikainenoy.fi.
Well, there is certainly something wrong with ns.datatower.fi [193.184.54.212],
as it consistently returns server cookies that bear no relationship to the
client cookie sent in the query, and in fact I get *exactly* the same one as
you report:
; <<>> DiG 9.14.2 <<>> @193.184.54.212 raimoasikainenoy.fi ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14591
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a0ff0c014f65b471e0b8b271ffffffffe7bab2718129c071 (bad)
every time! (Use +qr to show the client cookie sent by dig.)
I expect you could work around this by specifying
server 193.184.54.212 { send-cookie no; };
in your named.conf, but it seems to me that BIND 9.14 ought to be able to
fall back on using ns.kpk.fi [192.130.183.74] which doesn't have this server
cookie problem.
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
