[nsd-users] Old NSD, new BIND: unexpected RCODE
lampe at hauke-lampe.de
Mon May 26 03:57:59 UTC 2014
I'm not quite sure what to do with this. I found an incompatibility
between experimental new features in BIND and old versions of NSD.
As this is probably a collision in experimental OPT codes, I expect this
problem to disappear when a new option code is assigned.
BIND 9.10 introduces Source Identity Token (SIT) aka DNS Cookies
Currently, SIT uses experimental EDNS OPT 65,001
If SIT is enabled in a resolver, NSD 2.3.7 refuses queries with RCODE 17
> named: fetch: nsd.dnstest.openchaos.org/TXT
> named: 17 unexpected RCODE resolving 'nsd.dnstest.openchaos.org/TXT/IN': 126.96.36.199#53
> named: query failed (SERVFAIL) for nsd.dnstest.openchaos.org/IN/TXT at query.c:7532
That leaves domains served exclusively by NSD 2.x unresolvable. I first
noticed this with "telekom.at" but there are probably more.
NSD 3 and 4 respond correctly, so maybe this could be an opportunity to
update and be compatible with bleeding-edge BIND resolvers :)
More information about the nsd-users