problem resolving cdn.darkserv.net

Arne Jensen darkdevil at darkdevil.dk
Tue Dec 14 11:56:57 UTC 2021


Daisuke HIGASHI,

Thank you for you attention here, as well as to Andreas for chasing this.

Your 0x20 mention, as well as the query with mixed casing indeed gave 
some hints, and the issue was actually fixed < 4 hours after your 
message yesterday.

-> https://doc.powerdns.com/authoritative/backends/pipe.html

Both the example scripts shown in the bottom of this site, and many 
other shared on the public Internet, would apparently have these kind of 
issues.

Solution is very simple. Just make sure you are doing case insensitive 
comparisons on the QNAME, so if based on the examples shown, adjust all 
the if's like this:

BEFORE: if(($qtype eq "SOA" || $qtype eq "ANY") && $qname eq 
"example.com") {

AFTER: if(($qtype eq "SOA" || $qtype eq "ANY") && lc($qname) eq 
"example.com") {

-- 
Med venlig hilsen / Kind regards,
Arne Jensen


Den 13-12-2021 kl. 14:40 skrev Daisuke HIGASHI via Unbound-users:
> Seems 0x20 problem with darkserv.net -- "use-caps-for-id: no" ?
>
> =====================
> % dig @ns2.darkserv.net cDn.darkserv.net
> ; <<>> DiG 9.10.6 <<>> @ns2.darkserv.net cDn.darkserv.net
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 17819
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
>
> ;; QUESTION SECTION:
> ;cDn.darkserv.net. IN A
> =====================
>
>
> A. Schulze via Unbound-users <unbound-users at lists.nlnetlabs.nl>:
>> Hello,
>>
>> unbound-1.14.0 (as well as 1.13.2) can't revolve cdn.darkserv.net.
>> I seen lots of the folloging messages (verbose: 2)
>>
>> Dec 13 12:44:53 unbound[22:0] info: query response was THROWAWAY
>> Dec 13 12:44:53 unbound[22:0] info: response for cdn.darkserv.net. A IN
>> Dec 13 12:44:53 unbound[22:0] info: reply from <darkserv.net.> 144.217.187.53#53
>> Dec 13 12:44:53 unbound[22:0] info: query response was THROWAWAY
>> Dec 13 12:44:54 unbound[22:0] info: response for cdn.darkserv.net. A IN
>> Dec 13 12:44:54 unbound[22:0] info: reply from <darkserv.net.> 2001:41d0:2:aa69::53#53
>>
>> I think, the nameservers itself have some kind of "edns-problem" but i don't understand it in detail.
>>
>> zonemaster.net and EDNS Compliance Tester report different results for the same servers
>> or I simply don't see the difference...
>>
>> darkserv.net:
>>
>> - https://zonemaster.net/result/09db767380529a57
>> - https://ednscomp.isc.org/ednscomp/ee95621712
>>
>> the same 4 servers are also authoritative for cdn.darkserv.net
>> and now there are no EDNS errors !?
>>
>> - https://zonemaster.net/result/3f585012c88f40b9
>> - https://ednscomp.isc.org/ednscomp/b3bfd09b8b
>>
>> anyway: this is my unexpected problem:
>>
>> $ kdig @127.0.0.1 cdn.darkserv.net.
>> ;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 39664
>> ;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;; cdn.darkserv.net.            IN      A
>>
>> ;; Received 34 B
>> ;; Time 2021-12-13 12:44:51 CET
>> ;; From 127.0.0.1 at 53(UDP) in 2690.9 ms
>>
>> any ideas?
>>
>> Andreas


More information about the Unbound-users mailing list