Re: [dns-operations] service.gov.scot erroneous NXDOMAIN from "scot" auth servers
On 20.06.23 04:42, Viktor Dukhovni wrote: The gov.scot zone is unsigned, with "service.gov.scot" as a subdomain, but "DS" queries for "service.gov.scot" incorrectly elicit NXDOMAIN, rather than NODATA responses from the "scot" auth servers. $ dig -t ds service.gov.scot @anycast9.irondns.net +norecur +nocmd +noall +nostats +comment +noedns ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22729 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 Hi Viktor, readers of the dns-operations list, I just want to let you know that we fixed the problem and updated our name server infrastructure last Wednesday/Thursday. Regards, Klaus -- ---=== CORE DNS Support Team === dnsmas...@corenic.orgKlaus Malorny Knipp Medien und Kommunikation GmbH obo. CORE Internet Council of Registrars ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] service.gov.scot erroneous NXDOMAIN from "scot" auth servers
On Tue, Jun 20, 2023 at 02:44:34PM +0200, Stephane Bortzmeyer wrote: > On Tue, Jun 20, 2023 at 01:36:10PM +0200, > CORE DNS Support Team wrote > a message of 43 lines which said: > > > since anycast9 is only responsible for scot and not for gov.scot, I > > believe the desired answer is a delegation to the name servers of > > gov.scot, and not, as you wrote, a "NODATA" response > > No, Viktor is right, and a NODATA (the correct answer) is indeed what > the servers return for other query types: Well, a delegation is in some sense a NODATA response that happens to have referral NS records (and no SOA) in the authority section. So in that sense both are correct, but a delegation is I think closer. > % dig @anycast23.irondns.net. A service.gov.scot > > ; <<>> DiG 9.18.12-1-Debian <<>> @anycast23.irondns.net. A service.gov.scot > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30666 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;service.gov.scot.IN A > > ;; AUTHORITY SECTION: > gov.scot. 86400 IN NS ns0.ja.net. > gov.scot. 86400 IN NS ns4.ja.net. > gov.scot. 86400 IN NS ns2.ja.net. > gov.scot. 86400 IN NS ns3.ja.net. That's of course a delegation. -- Viktor. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] service.gov.scot erroneous NXDOMAIN from "scot" auth servers
On Tue, Jun 20, 2023 at 01:36:10PM +0200, CORE DNS Support Team wrote a message of 43 lines which said: > since anycast9 is only responsible for scot and not for gov.scot, I > believe the desired answer is a delegation to the name servers of > gov.scot, and not, as you wrote, a "NODATA" response No, Viktor is right, and a NODATA (the correct answer) is indeed what the servers return for other query types: % dig @anycast23.irondns.net. A service.gov.scot ; <<>> DiG 9.18.12-1-Debian <<>> @anycast23.irondns.net. A service.gov.scot ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30666 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;service.gov.scot. IN A ;; AUTHORITY SECTION: gov.scot. 86400 IN NS ns0.ja.net. gov.scot. 86400 IN NS ns4.ja.net. gov.scot. 86400 IN NS ns2.ja.net. gov.scot. 86400 IN NS ns3.ja.net. ;; Query time: 8 msec ;; SERVER: 2a01:5b0:5::b#53(anycast23.irondns.net.) (UDP) ;; WHEN: Tue Jun 20 14:43:54 CEST 2023 ;; MSG SIZE rcvd: 123 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] service.gov.scot erroneous NXDOMAIN from "scot" auth servers
On Tue, Jun 20, 2023 at 01:36:10PM +0200, CORE DNS Support Team wrote: > > The gov.scot zone is unsigned, with "service.gov.scot" as a subdomain, > > but "DS" queries for "service.gov.scot" incorrectly elicit NXDOMAIN, > > rather than NODATA responses from the "scot" auth servers. > > > > $ dig -t ds service.gov.scot @anycast9.irondns.net +norecur +nocmd > > +noall +nostats +comment +noedns > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22729 > > ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > The answer is indeed not correct. We will investigate the problem and > fix it in the next days. Thanks, that's great. > However, since anycast9 is only responsible for scot and not for > gov.scot, I believe the desired answer is a delegation to the name > servers of gov.scot, and not, as you wrote, a "NODATA" response. Yes, more precisely a delegation is the expected response, ultimately (from gov.scot) the response will be NODATA (neither gov.scot, nor service.gov.scot are signed). -- Viktor. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] service.gov.scot erroneous NXDOMAIN from "scot" auth servers
On 20.06.23 04:42, Viktor Dukhovni wrote: The gov.scot zone is unsigned, with "service.gov.scot" as a subdomain, but "DS" queries for "service.gov.scot" incorrectly elicit NXDOMAIN, rather than NODATA responses from the "scot" auth servers. $ dig -t ds service.gov.scot @anycast9.irondns.net +norecur +nocmd +noall +nostats +comment +noedns ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22729 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 Hi Viktor, thanks for bringing this to our attention. The answer is indeed not correct. We will investigate the problem and fix it in the next days. However, since anycast9 is only responsible for scot and not for gov.scot, I believe the desired answer is a delegation to the name servers of gov.scot, and not, as you wrote, a "NODATA" response. But I will check this to be sure. Regards, Klaus -- ---=== CORE DNS Support Team === dnsmas...@corenic.orgKlaus Malorny Knipp Medien und Kommunikation GmbH obo. CORE Internet Council of Registrars ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] service.gov.scot erroneous NXDOMAIN from "scot" auth servers
The gov.scot zone is unsigned, with "service.gov.scot" as a subdomain, but "DS" queries for "service.gov.scot" incorrectly elicit NXDOMAIN, rather than NODATA responses from the "scot" auth servers. $ dig -t ds service.gov.scot @anycast9.irondns.net +norecur +nocmd +noall +nostats +comment +noedns ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22729 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 -- Viktor. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations