[nsd-users] Old NSD, new BIND: unexpected RCODE

Hauke Lampe lampe at hauke-lampe.de
Mon May 26 03:57:59 UTC 2014


I'm not quite sure what to do with this. I found an incompatibility
between experimental new features in BIND and old versions of NSD.

As this is probably a collision in experimental OPT codes, I expect this
problem to disappear when a new option code is assigned.

BIND 9.10 introduces Source Identity Token (SIT) aka DNS Cookies

Currently, SIT uses experimental EDNS OPT 65,001

If SIT is enabled in a resolver, NSD 2.3.7 refuses queries with RCODE 17

> named: fetch: nsd.dnstest.openchaos.org/TXT
> named: 17 unexpected RCODE resolving 'nsd.dnstest.openchaos.org/TXT/IN':
> named: query failed (SERVFAIL) for nsd.dnstest.openchaos.org/IN/TXT at query.c:7532

That leaves domains served exclusively by NSD 2.x unresolvable. I first
noticed this with "telekom.at" but there are probably more.

NSD 3 and 4 respond correctly, so maybe this could be an opportunity to
update and be compatible with bleeding-edge BIND resolvers :)


More information about the nsd-users mailing list