problem resolving cdn.darkserv.net
Arne Jensen
darkdevil at darkdevil.dk
Tue Dec 14 11:56:57 UTC 2021
Daisuke HIGASHI,
Thank you for you attention here, as well as to Andreas for chasing this.
Your 0x20 mention, as well as the query with mixed casing indeed gave
some hints, and the issue was actually fixed < 4 hours after your
message yesterday.
-> https://doc.powerdns.com/authoritative/backends/pipe.html
Both the example scripts shown in the bottom of this site, and many
other shared on the public Internet, would apparently have these kind of
issues.
Solution is very simple. Just make sure you are doing case insensitive
comparisons on the QNAME, so if based on the examples shown, adjust all
the if's like this:
BEFORE: if(($qtype eq "SOA" || $qtype eq "ANY") && $qname eq
"example.com") {
AFTER: if(($qtype eq "SOA" || $qtype eq "ANY") && lc($qname) eq
"example.com") {
--
Med venlig hilsen / Kind regards,
Arne Jensen
Den 13-12-2021 kl. 14:40 skrev Daisuke HIGASHI via Unbound-users:
> Seems 0x20 problem with darkserv.net -- "use-caps-for-id: no" ?
>
> =====================
> % dig @ns2.darkserv.net cDn.darkserv.net
> ; <<>> DiG 9.10.6 <<>> @ns2.darkserv.net cDn.darkserv.net
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 17819
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
>
> ;; QUESTION SECTION:
> ;cDn.darkserv.net. IN A
> =====================
>
>
> A. Schulze via Unbound-users <unbound-users at lists.nlnetlabs.nl>:
>> Hello,
>>
>> unbound-1.14.0 (as well as 1.13.2) can't revolve cdn.darkserv.net.
>> I seen lots of the folloging messages (verbose: 2)
>>
>> Dec 13 12:44:53 unbound[22:0] info: query response was THROWAWAY
>> Dec 13 12:44:53 unbound[22:0] info: response for cdn.darkserv.net. A IN
>> Dec 13 12:44:53 unbound[22:0] info: reply from <darkserv.net.> 144.217.187.53#53
>> Dec 13 12:44:53 unbound[22:0] info: query response was THROWAWAY
>> Dec 13 12:44:54 unbound[22:0] info: response for cdn.darkserv.net. A IN
>> Dec 13 12:44:54 unbound[22:0] info: reply from <darkserv.net.> 2001:41d0:2:aa69::53#53
>>
>> I think, the nameservers itself have some kind of "edns-problem" but i don't understand it in detail.
>>
>> zonemaster.net and EDNS Compliance Tester report different results for the same servers
>> or I simply don't see the difference...
>>
>> darkserv.net:
>>
>> - https://zonemaster.net/result/09db767380529a57
>> - https://ednscomp.isc.org/ednscomp/ee95621712
>>
>> the same 4 servers are also authoritative for cdn.darkserv.net
>> and now there are no EDNS errors !?
>>
>> - https://zonemaster.net/result/3f585012c88f40b9
>> - https://ednscomp.isc.org/ednscomp/b3bfd09b8b
>>
>> anyway: this is my unexpected problem:
>>
>> $ kdig @127.0.0.1 cdn.darkserv.net.
>> ;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 39664
>> ;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;; cdn.darkserv.net. IN A
>>
>> ;; Received 34 B
>> ;; Time 2021-12-13 12:44:51 CET
>> ;; From 127.0.0.1 at 53(UDP) in 2690.9 ms
>>
>> any ideas?
>>
>> Andreas
More information about the Unbound-users
mailing list