Question about resolver
Hello, I run BIND 9.18.26 as a recursive, validating resolver. In my logs, I noticed the following: 22-Apr-2024 19:25:59.614 lame-servers: info: chase DS servers resolving '180.96.34.in-addr.arpa/DS/IN': 216.239.34.102#53 What does "chase DS servers" mean ? Thanks, - J -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Observation: BIND 9.18 qname-minimization strict vs dig +trace
They've got a number of problems. click-network.com is one of them. https://dnsviz.net/d/click-network.com/dnssec/ There is some backstory. The City of Tacoma used to run broadband, and that was Click! Network. The origin story is that this had something to do with SCADA or power distribution, but who knows? They have a /16, and it appears half of it is available to broadband customers. Anyway they privatized it and subsequently sole-sourced that. Like many businesses today, IT appears to be outsourced and the suppliers for various services do strange things sometimes. Here's the verbose log that 9.18.21 spits out in conjunction with the SERVFAIL: 24-Apr-2024 08:43:35.587 resolver: notice: DNS format error from 131.191.7.194#53 resolving 85.191.131.in-addr.arpa/NS for : Name 191.131.in-addr.arpa (SOA) not subdomain of zone 85.191.131.in-addr.arpa -- invalid response 24-Apr-2024 08:43:35.587 lame-servers: info: FORMERR resolving '85.191.131.in-addr.arpa/NS/IN': 131.191.7.194#53 24-Apr-2024 08:43:35.603 resolver: notice: DNS format error from 131.191.7.12#53 resolving 85.191.131.in-addr.arpa/NS for : Name 191.131.in-addr.arpa (SOA) not subdomain of zone 85.191.131.in-addr.arpa -- invalid response 24-Apr-2024 08:43:35.603 lame-servers: info: FORMERR resolving '85.191.131.in-addr.arpa/NS/IN': 131.191.7.12#53 I'm not saying it's the wrong thing to do, although to borrow someone else's line that may be like arguing over the particular weasels chosen rather than the decision to stuff rabid weasels down your pants in the first place. -- Fred Morris On Wed, 24 Apr 2024, tale wrote: Hmm, I wonder if qname-minimisation is at issue here. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Observation: BIND 9.18 qname-minimization strict vs dig +trace
Hmm, I wonder if qname-minimisation is at issue here. My trace dies with: 85.191.131.in-addr.arpa. 1800 IN NS fs838.click-network.com. 85.191.131.in-addr.arpa. 1800 IN NS ns102.click-network.com. couldn't get address for 'fs838.click-network.com': not found couldn't get address for 'ns102.click-network.com': not found -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Observation: BIND 9.18 qname-minimization strict vs dig +trace
While BIND 9.18.21 with "qname-minimization strict;" SERVFAILs on the following query, dig with +trace resolves it. Just a data point, and if they fix their s**t and stop impersonating a signed zone then presumably the example will resolve itself (pun intended). dig -x 131.191.85.31 dig -x 131.191.85.31 +trace -- Fred Morris -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users