[nsd-users] NSD incorrectly logging DNAME as refused?
Jamie Landeg-Jones
jamie at catflap.org
Fri Jul 19 21:20:32 UTC 2024
You were right about the CNAME. I've reproduced this prolem with
a much simpler CNAME only example:
For zone dyslexicfish.net, I've added:
bbc IN CNAME www.bbc.co.uk.
Then, on a third party host, I get this:
| $ dig -4 bbc.dyslexicfish.net. @amnesia.dns.dyslexicfish.net.
|
| ; <<>> DiG 9.18.27 <<>> -4 bbc.dyslexicfish.net. @amnesia.dns.dyslexicfish.net.
| ;; global options: +cmd
| ;; Got answer:
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29321
| ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
| ;; WARNING: recursion requested but not available
|
| ;; OPT PSEUDOSECTION:
| ; EDNS: version: 0, flags:; udp: 4096
| ;; QUESTION SECTION:
| ;bbc.dyslexicfish.net. IN A
|
| ;; ANSWER SECTION:
| bbc.dyslexicfish.net. 86400 IN CNAME www.bbc.co.uk.
|
| ;; Query time: 136 msec
| ;; SERVER: 104.238.172.250#53(amnesia.dns.dyslexicfish.net.) (UDP)
| ;; WHEN: Fri Jul 19 21:15:38 UTC 2024
| ;; MSG SIZE rcvd: 76
So, the answer is correct, and works fine, however, on the dns server, this is logged:
Jul 19 22:15:41 <daemon.info> amnesia nsd[26483]: query bbc.dyslexicfish.net. from 205.166.94.4 refused, no acl matches .
A tcpdump on the server shows no spurious requests from this host, simply:
| % tcpdump -n host 205.166.94.4
| tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
| listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes
| 22:15:41.161045 IP 205.166.94.4.52640 > 104.238.172.250.53: 29321+ [1au] A? bbc.dyslexicfish.net. (61)
| 22:15:41.161536 IP 104.238.172.250.53 > 205.166.94.4.52640: 29321*- 1/0/1 CNAME www.bbc.co.uk. (76)
| ^C
Cheers, Jamie
More information about the nsd-users
mailing list