[Pdns-users] implementing hyperlocal root-zone (IETF 103) concept using pdns_recursor and pdns authoritative

Thomas Mieslinger miesi at india.com
Mon Mar 25 13:04:25 UTC 2019 

Hi List,

I'm still struggling with this issue.

If I host . on a bind (9.10.6-P1) then resolving bbc.co.uk and all other 
.co.uk with pdns-recursor-4.1.8 work immediately.

Back with . on pdns-4.1.5 I tested which 3rd level domains do work and 
which not:
OK facebook.co.nz
OK facebook.co.at
OK facebook.co.id
OK facebook.com.ua
OK facebook.co.kr

FAIL facebook.co.za
FAIL facebook.co.uk

So I think
- it is more likely that this problem can be solved in authoritative 
code and not in recursor code.
- it is likely that the problem is only with .co.uk and .co.za

For what it is worth, according to dnsviz both .co.uk and .co.za are 
legally signed.

When doing a dig A co.uk  I get an authority section for uk including 
DS, but when I query for DS directly I get a root referral?

This is different from how bind behaves. It replies consistently for dig 
A and dig DS (example below).

Interestingly dig DS co.id @217.160.80.248 returns the expected DS record.

The mysql backend table hosting '.' zone contains a 'co.uk NULL NULL' 
record because it inserted non empty terminals after the axfr of '.' . 
(For whatever reason there are A/AAAA records for hosts like 
tld6.ultradns.co.uk and barney.advsys.co.uk)

Reading through the commit messages for 4.1.6 , 4.1.7 and 4.1.8 I don't 
thnik this behavior has changed, but I will repeat my tests with a 
freshly built pdns-4.1.8.

Best regards Thomas


----snip----
dig co.uk @217.160.80.248

; <<>> DiG 9.10.6-P1 <<>> co.uk @217.160.80.248
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 620
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 14
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;co.uk.                         IN      A

;; AUTHORITY SECTION:
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
uk.                     172800  IN      NS      dns1.nic.uk.
uk.                     172800  IN      NS      dns2.nic.uk.
uk.                     172800  IN      NS      dns3.nic.uk.
uk.                     172800  IN      NS      dns4.nic.uk.
uk.                     86400   IN      DS      43876 8 2 
A107ED2AC1BD14D924173BC7E827A1153582072394F9272BA37E2353 BC659603

;; ADDITIONAL SECTION:
nsa.nic.uk.             172800  IN      A       156.154.100.3
nsa.nic.uk.             172800  IN      AAAA    2001:502:ad09::3
nsb.nic.uk.             172800  IN      A       156.154.101.3
nsc.nic.uk.             172800  IN      A       156.154.102.3
nsd.nic.uk.             172800  IN      A       156.154.103.3
dns1.nic.uk.            172800  IN      A       213.248.216.1
dns1.nic.uk.            172800  IN      AAAA    2a01:618:400::1
dns2.nic.uk.            172800  IN      A       103.49.80.1
dns2.nic.uk.            172800  IN      AAAA    2401:fd80:400::1
dns3.nic.uk.            172800  IN      A       213.248.220.1
dns3.nic.uk.            172800  IN      AAAA    2a01:618:404::1
dns4.nic.uk.            172800  IN      A       43.230.48.1
dns4.nic.uk.            172800  IN      AAAA    2401:fd80:404::1

----snip----
dig DS co.uk @217.160.80.248

; <<>> DiG 9.10.6-P1 <<>> DS co.uk @217.160.80.248
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47057
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;co.uk.                         IN      DS

;; AUTHORITY SECTION:
.                       86400   IN      SOA     a.root-servers.net. 
nstld.verisign-grs.com. 2019032500 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 217.160.80.248#53(217.160.80.248)
;; WHEN: Mon Mar 25 13:36:05 CET 2019
;; MSG SIZE  rcvd: 109
----snip----
dig DS co.uk @2001:470:1f0b:10cc::d5:10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3563
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 14
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;co.uk.                         IN      DS

;; AUTHORITY SECTION:
uk.                     172800  IN      NS      dns2.nic.uk.
uk.                     172800  IN      NS      dns4.nic.uk.
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
uk.                     172800  IN      NS      dns1.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
uk.                     172800  IN      NS      dns3.nic.uk.

;; ADDITIONAL SECTION:
nsa.nic.uk.             172800  IN      AAAA    2001:502:ad09::3
dns1.nic.uk.            172800  IN      AAAA    2a01:618:400::1
dns2.nic.uk.            172800  IN      AAAA    2401:fd80:400::1
dns3.nic.uk.            172800  IN      AAAA    2a01:618:404::1
dns4.nic.uk.            172800  IN      AAAA    2401:fd80:404::1
nsa.nic.uk.             172800  IN      A       156.154.100.3
nsb.nic.uk.             172800  IN      A       156.154.101.3
nsc.nic.uk.             172800  IN      A       156.154.102.3
nsd.nic.uk.             172800  IN      A       156.154.103.3
dns1.nic.uk.            172800  IN      A       213.248.216.1
dns2.nic.uk.            172800  IN      A       103.49.80.1
dns3.nic.uk.            172800  IN      A       213.248.220.1
dns4.nic.uk.            172800  IN      A       43.230.48.1
----snip----

More information about the Pdns-users mailing list