Daisuke HIGASHI,
Thank you for you attention here, as well as to Andreas for chasing this.
Your 0x20 mention, as well as the query with mixed casing indeed gave
some hints, and the issue was actually fixed < 4 hours after your
message yesterday.
-> https://doc.powerdns.com/authoritative/backends/pipe.html
Both the example scripts shown in the bottom of this site, and many
other shared on the public Internet, would apparently have these kind of
issues.
Solution is very simple. Just make sure you are doing case insensitive
comparisons on the QNAME, so if based on the examples shown, adjust all
the if's like this:
BEFORE: if(($qtype eq "SOA" || $qtype eq "ANY") && $qname eq
"example.com") {
AFTER: if(($qtype eq "SOA" || $qtype eq "ANY") && lc($qname) eq
"example.com") {
--
Med venlig hilsen / Kind regards,
Arne Jensen
Den 13-12-2021 kl. 14:40 skrev Daisuke HIGASHI via Unbound-users:
Seems 0x20 problem with darkserv.net -- "use-caps-for-id: no" ?
=====================
% dig @ns2.darkserv.net cDn.darkserv.net
; <<>> DiG 9.10.6 <<>> @ns2.darkserv.net cDn.darkserv.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 17819
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;cDn.darkserv.net. IN A
=====================
A. Schulze via Unbound-users <[email protected]>:
Hello,
unbound-1.14.0 (as well as 1.13.2) can't revolve cdn.darkserv.net.
I seen lots of the folloging messages (verbose: 2)
Dec 13 12:44:53 unbound[22:0] info: query response was THROWAWAY
Dec 13 12:44:53 unbound[22:0] info: response for cdn.darkserv.net. A IN
Dec 13 12:44:53 unbound[22:0] info: reply from <darkserv.net.> 144.217.187.53#53
Dec 13 12:44:53 unbound[22:0] info: query response was THROWAWAY
Dec 13 12:44:54 unbound[22:0] info: response for cdn.darkserv.net. A IN
Dec 13 12:44:54 unbound[22:0] info: reply from <darkserv.net.>
2001:41d0:2:aa69::53#53
I think, the nameservers itself have some kind of "edns-problem" but i don't
understand it in detail.
zonemaster.net and EDNS Compliance Tester report different results for the same
servers
or I simply don't see the difference...
darkserv.net:
- https://zonemaster.net/result/09db767380529a57
- https://ednscomp.isc.org/ednscomp/ee95621712
the same 4 servers are also authoritative for cdn.darkserv.net
and now there are no EDNS errors !?
- https://zonemaster.net/result/3f585012c88f40b9
- https://ednscomp.isc.org/ednscomp/b3bfd09b8b
anyway: this is my unexpected problem:
$ kdig @127.0.0.1 cdn.darkserv.net.
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 39664
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; cdn.darkserv.net. IN A
;; Received 34 B
;; Time 2021-12-13 12:44:51 CET
;; From 127.0.0.1@53(UDP) in 2690.9 ms
any ideas?
Andreas
