[Pdns-users] implementing hyperlocal root-zone (IETF 103) concept using pdns_recursor and pdns authoritative

Thomas Mieslinger miesi at india.com
Thu Mar 14 11:36:25 UTC 2019 

On 13.03.19 15:34, Thomas Mieslinger wrote:
> [..]
> I'll prepare a trace-regex.

Her you are:

>  [921] bbc.co.uk: Trying to resolve NS 'ns4.bbc.co.uk' (1/4)
>  [921]    ns4.bbc.co.uk: Wants DNSSEC processing, NO auth data in query for A
>  [921]    ns4.bbc.co.uk: Looking for CNAME cache hit of 'ns4.bbc.co.uk|CNAME'
>  [921]    ns4.bbc.co.uk: No CNAME cache hit of 'ns4.bbc.co.uk|CNAME' found
>  [921]    ns4.bbc.co.uk: Found cache hit for A: 156.154.67.17[ttl=30]
>  [921]    ns4.bbc.co.uk: updating validation state with cache content for ns4.bbc.co.uk to Indeterminate
>  [921]   Nameserver ns4.bbc.co.uk IPs: 2001:502:4612::17(0.00ms), 156.154.67.17(0.00ms)
>  [921] bbc.co.uk: Resolved 'bbc.co.uk' NS ns4.bbc.co.uk to: 2001:502:4612::17, 156.154.67.17
>  [921] bbc.co.uk: Trying IP [2001:502:4612::17]:53, asking 'bbc.co.uk|A'
>  [921] bbc.co.uk: hit a local resource limit resolving, probable error: Network is unreachable
>  [921] bbc.co.uk: Trying IP 156.154.67.17:53, asking 'bbc.co.uk|A'
>  [921] bbc.co.uk: Got 9 answers from ns4.bbc.co.uk (156.154.67.17), rcode=0 (No Error), aa=1, in 16ms
>  [921] bbc.co.uk: accept answer 'bbc.co.uk|A|151.101.128.81' from 'bbc.co.uk' nameservers? ttl=300, place=1 YES!
>  [921] bbc.co.uk: accept answer 'bbc.co.uk|A|151.101.192.81' from 'bbc.co.uk' nameservers? ttl=300, place=1 YES!
>  [921] bbc.co.uk: accept answer 'bbc.co.uk|A|151.101.0.81' from 'bbc.co.uk' nameservers? ttl=300, place=1 YES!
>  [921] bbc.co.uk: accept answer 'bbc.co.uk|A|151.101.64.81' from 'bbc.co.uk' nameservers? ttl=300, place=1 YES!
>  [921] bbc.co.uk: accept answer 'bbc.co.uk|NS|ns3.bbc.co.uk.' from 'bbc.co.uk' nameservers? ttl=900, place=2 YES!
>  [921] bbc.co.uk: accept answer 'bbc.co.uk|NS|ns4.bbc.co.uk.' from 'bbc.co.uk' nameservers? ttl=900, place=2 YES!
>  [921] bbc.co.uk: accept answer 'bbc.co.uk|NS|ns3.bbc.net.uk.' from 'bbc.co.uk' nameservers? ttl=900, place=2 YES!
>  [921] bbc.co.uk: accept answer 'bbc.co.uk|NS|ns4.bbc.net.uk.' from 'bbc.co.uk' nameservers? ttl=900, place=2 YES!
>  [921] bbc.co.uk: OPT answer '.' from 'bbc.co.uk' nameservers
>  [921] : got status Secure for name bbc.co.uk (from uk)
>  [921] : got initial zone status Secure for record bbc.co.uk
>  [921] Validating non-additional record for bbc.co.uk
>  [921] Bogus!
>  [921] validation state was Secure, state update is Bogus, validation state is now Bogus
>  [921] : got status Secure for name bbc.co.uk (from uk)
>  [921] : got initial zone status Secure for record bbc.co.uk
>  [921] Validating non-additional record for bbc.co.uk
>  [921] Bogus!

I don't why the algorithmn behind "Validating non-additional record for 
bbc.co.uk" decides Bogus when . is a forwarded zone.

Best regards

Thomas

More information about the Pdns-users mailing list