SERVFAIL when two SOA in the domain
One of my contacts noticed that you cannot query 42.fr's SOA with BIND: SERVFAIL. Querying other types, or using Unbound (or Google Public DNS) instead of BIND works. The only thing special he sees is the double SOA: % dig SOA 42.fr ; DiG 9.9.2-P1 SOA 42.fr ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 9894 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;42.fr. IN SOA ;; ANSWER SECTION: 42.fr. 2907IN SOA ns1.42.fr. postmaster.42.fr. 2013032901 300 300 604800 86400 42.fr. 2907IN SOA ns2.42.fr. postmaster.42.fr. 2013032901 300 300 604800 86400 ;; AUTHORITY SECTION: 42.fr. 2897IN NS ns1.42.fr. 42.fr. 2897IN NS ns2.42.fr. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1)- Unbound ;; WHEN: Thu Aug 29 20:21:51 2013 ;; MSG SIZE rcvd: 153 I'm not sure of what the RFC say about that... ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SERVFAIL when two SOA in the domain
When RFC 1035 was written, the strict rules between SHOULD/MUST didn't yet exist. That should is to be considered a MUST from the standpoint of modern RFCs. - Kevin On 8/29/2013 2:31 PM, Steven Carr wrote: On 29 August 2013 19:22, Stephane Bortzmeyer bortzme...@nic.fr wrote: I'm not sure of what the RFC say about that... While RFC 1035 doesn't seem to explicitely say that multiple are forbidden, or how to handle the case of multiple records, it does state under section 5.2. (Use of master files to define zones): 2. Exactly one SOA RR should be present at the top of the zone. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SERVFAIL when two SOA in the domain
In message 20130829182253.ga13...@laperouse.bortzmeyer.org, Stephane Bortzmey er writes: One of my contacts noticed that you cannot query 42.fr's SOA with BIND: SERVFAIL. Querying other types, or using Unbound (or Google Public DNS) instead of BIND works. The only thing special he sees is the double SOA: % dig SOA 42.fr ; DiG 9.9.2-P1 SOA 42.fr ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 9894 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;42.fr. IN SOA ;; ANSWER SECTION: 42.fr.2907IN SOA ns1.42.fr. postmaster.4 2.fr. 2013032901 300 300 604800 86400 42.fr.2907IN SOA ns2.42.fr. postmaster.4 2.fr. 2013032901 300 300 604800 86400 ;; AUTHORITY SECTION: 42.fr.2897IN NS ns1.42.fr. 42.fr.2897IN NS ns2.42.fr. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1)- Unbound ;; WHEN: Thu Aug 29 20:21:51 2013 ;; MSG SIZE rcvd: 153 I'm not sure of what the RFC say about that... ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Named will reject answers which contain multiple non-identical records at the same name and type that should be singletons. The list of types with that attribute is below. % grep SINGL lib/dns/rdata/*/*.c lib/dns/rdata/generic/cname_5.c:(DNS_RDATATYPEATTR_EXCLUSIVE | DNS_RDATATYPEATTR_SINGLETON) lib/dns/rdata/generic/dname_39.c:#define RRTYPE_DNAME_ATTRIBUTES (DNS_RDATATYPEATTR_SINGLETON) lib/dns/rdata/generic/opt_41.c:#define RRTYPE_OPT_ATTRIBUTES (DNS_RDATATYPEATTR_SINGLETON | \ lib/dns/rdata/generic/soa_6.c:#define RRTYPE_SOA_ATTRIBUTES (DNS_RDATATYPEATTR_SINGLETON) % Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
