[Pdns-users] implementing hyperlocal root-zone (IETF 103) concept using pdns_recursor and pdns authoritative
Thomas Mieslinger
miesi at india.com
Thu Mar 14 11:36:25 UTC 2019
On 13.03.19 15:34, Thomas Mieslinger wrote:
> [..]
> I'll prepare a trace-regex.
Her you are:
> [921] bbc.co.uk: Trying to resolve NS 'ns4.bbc.co.uk' (1/4)
> [921] ns4.bbc.co.uk: Wants DNSSEC processing, NO auth data in query for A
> [921] ns4.bbc.co.uk: Looking for CNAME cache hit of 'ns4.bbc.co.uk|CNAME'
> [921] ns4.bbc.co.uk: No CNAME cache hit of 'ns4.bbc.co.uk|CNAME' found
> [921] ns4.bbc.co.uk: Found cache hit for A: 156.154.67.17[ttl=30]
> [921] ns4.bbc.co.uk: updating validation state with cache content for ns4.bbc.co.uk to Indeterminate
> [921] Nameserver ns4.bbc.co.uk IPs: 2001:502:4612::17(0.00ms), 156.154.67.17(0.00ms)
> [921] bbc.co.uk: Resolved 'bbc.co.uk' NS ns4.bbc.co.uk to: 2001:502:4612::17, 156.154.67.17
> [921] bbc.co.uk: Trying IP [2001:502:4612::17]:53, asking 'bbc.co.uk|A'
> [921] bbc.co.uk: hit a local resource limit resolving, probable error: Network is unreachable
> [921] bbc.co.uk: Trying IP 156.154.67.17:53, asking 'bbc.co.uk|A'
> [921] bbc.co.uk: Got 9 answers from ns4.bbc.co.uk (156.154.67.17), rcode=0 (No Error), aa=1, in 16ms
> [921] bbc.co.uk: accept answer 'bbc.co.uk|A|151.101.128.81' from 'bbc.co.uk' nameservers? ttl=300, place=1 YES!
> [921] bbc.co.uk: accept answer 'bbc.co.uk|A|151.101.192.81' from 'bbc.co.uk' nameservers? ttl=300, place=1 YES!
> [921] bbc.co.uk: accept answer 'bbc.co.uk|A|151.101.0.81' from 'bbc.co.uk' nameservers? ttl=300, place=1 YES!
> [921] bbc.co.uk: accept answer 'bbc.co.uk|A|151.101.64.81' from 'bbc.co.uk' nameservers? ttl=300, place=1 YES!
> [921] bbc.co.uk: accept answer 'bbc.co.uk|NS|ns3.bbc.co.uk.' from 'bbc.co.uk' nameservers? ttl=900, place=2 YES!
> [921] bbc.co.uk: accept answer 'bbc.co.uk|NS|ns4.bbc.co.uk.' from 'bbc.co.uk' nameservers? ttl=900, place=2 YES!
> [921] bbc.co.uk: accept answer 'bbc.co.uk|NS|ns3.bbc.net.uk.' from 'bbc.co.uk' nameservers? ttl=900, place=2 YES!
> [921] bbc.co.uk: accept answer 'bbc.co.uk|NS|ns4.bbc.net.uk.' from 'bbc.co.uk' nameservers? ttl=900, place=2 YES!
> [921] bbc.co.uk: OPT answer '.' from 'bbc.co.uk' nameservers
> [921] : got status Secure for name bbc.co.uk (from uk)
> [921] : got initial zone status Secure for record bbc.co.uk
> [921] Validating non-additional record for bbc.co.uk
> [921] Bogus!
> [921] validation state was Secure, state update is Bogus, validation state is now Bogus
> [921] : got status Secure for name bbc.co.uk (from uk)
> [921] : got initial zone status Secure for record bbc.co.uk
> [921] Validating non-additional record for bbc.co.uk
> [921] Bogus!
I don't why the algorithmn behind "Validating non-additional record for
bbc.co.uk" decides Bogus when . is a forwarded zone.
Best regards
Thomas
More information about the Pdns-users
mailing list