[Pdns-users] implementing hyperlocal root-zone (IETF 103) concept using pdns_recursor and pdns authoritative
Thomas Mieslinger
miesi at india.com
Mon Mar 25 13:25:44 UTC 2019
Hi List,
as expected, 4.1.8 (now active on 217.160.80.248) does not change
behavior when queried for DS instead A.
Best regards
Thomas
On 25.03.19 14:04, Thomas Mieslinger wrote:
> Hi List,
>
> I'm still struggling with this issue.
>
> If I host . on a bind (9.10.6-P1) then resolving bbc.co.uk and all other
> .co.uk with pdns-recursor-4.1.8 work immediately.
>
> Back with . on pdns-4.1.5 I tested which 3rd level domains do work and
> which not:
> OK facebook.co.nz
> OK facebook.co.at
> OK facebook.co.id
> OK facebook.com.ua
> OK facebook.co.kr
>
> FAIL facebook.co.za
> FAIL facebook.co.uk
>
> So I think
> - it is more likely that this problem can be solved in authoritative
> code and not in recursor code.
> - it is likely that the problem is only with .co.uk and .co.za
>
> For what it is worth, according to dnsviz both .co.uk and .co.za are
> legally signed.
>
> When doing a dig A co.uk I get an authority section for uk including
> DS, but when I query for DS directly I get a root referral?
>
> This is different from how bind behaves. It replies consistently for dig
> A and dig DS (example below).
>
> Interestingly dig DS co.id @217.160.80.248 returns the expected DS record.
>
> The mysql backend table hosting '.' zone contains a 'co.uk NULL NULL'
> record because it inserted non empty terminals after the axfr of '.' .
> (For whatever reason there are A/AAAA records for hosts like
> tld6.ultradns.co.uk and barney.advsys.co.uk)
>
> Reading through the commit messages for 4.1.6 , 4.1.7 and 4.1.8 I don't
> thnik this behavior has changed, but I will repeat my tests with a
> freshly built pdns-4.1.8.
>
> Best regards Thomas
>
>
> ----snip----
> dig co.uk @217.160.80.248
>
> ; <<>> DiG 9.10.6-P1 <<>> co.uk @217.160.80.248
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 620
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 14
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1680
> ;; QUESTION SECTION:
> ;co.uk. IN A
>
> ;; AUTHORITY SECTION:
> uk. 172800 IN NS nsa.nic.uk.
> uk. 172800 IN NS nsb.nic.uk.
> uk. 172800 IN NS nsc.nic.uk.
> uk. 172800 IN NS nsd.nic.uk.
> uk. 172800 IN NS dns1.nic.uk.
> uk. 172800 IN NS dns2.nic.uk.
> uk. 172800 IN NS dns3.nic.uk.
> uk. 172800 IN NS dns4.nic.uk.
> uk. 86400 IN DS 43876 8 2
> A107ED2AC1BD14D924173BC7E827A1153582072394F9272BA37E2353 BC659603
>
> ;; ADDITIONAL SECTION:
> nsa.nic.uk. 172800 IN A 156.154.100.3
> nsa.nic.uk. 172800 IN AAAA 2001:502:ad09::3
> nsb.nic.uk. 172800 IN A 156.154.101.3
> nsc.nic.uk. 172800 IN A 156.154.102.3
> nsd.nic.uk. 172800 IN A 156.154.103.3
> dns1.nic.uk. 172800 IN A 213.248.216.1
> dns1.nic.uk. 172800 IN AAAA 2a01:618:400::1
> dns2.nic.uk. 172800 IN A 103.49.80.1
> dns2.nic.uk. 172800 IN AAAA 2401:fd80:400::1
> dns3.nic.uk. 172800 IN A 213.248.220.1
> dns3.nic.uk. 172800 IN AAAA 2a01:618:404::1
> dns4.nic.uk. 172800 IN A 43.230.48.1
> dns4.nic.uk. 172800 IN AAAA 2401:fd80:404::1
>
> ----snip----
> dig DS co.uk @217.160.80.248
>
> ; <<>> DiG 9.10.6-P1 <<>> DS co.uk @217.160.80.248
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47057
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1680
> ;; QUESTION SECTION:
> ;co.uk. IN DS
>
> ;; AUTHORITY SECTION:
> . 86400 IN SOA a.root-servers.net.
> nstld.verisign-grs.com. 2019032500 1800 900 604800 86400
>
> ;; Query time: 18 msec
> ;; SERVER: 217.160.80.248#53(217.160.80.248)
> ;; WHEN: Mon Mar 25 13:36:05 CET 2019
> ;; MSG SIZE rcvd: 109
> ----snip----
> dig DS co.uk @2001:470:1f0b:10cc::d5:10
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3563
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 14
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;co.uk. IN DS
>
> ;; AUTHORITY SECTION:
> uk. 172800 IN NS dns2.nic.uk.
> uk. 172800 IN NS dns4.nic.uk.
> uk. 172800 IN NS nsa.nic.uk.
> uk. 172800 IN NS nsb.nic.uk.
> uk. 172800 IN NS nsc.nic.uk.
> uk. 172800 IN NS dns1.nic.uk.
> uk. 172800 IN NS nsd.nic.uk.
> uk. 172800 IN NS dns3.nic.uk.
>
> ;; ADDITIONAL SECTION:
> nsa.nic.uk. 172800 IN AAAA 2001:502:ad09::3
> dns1.nic.uk. 172800 IN AAAA 2a01:618:400::1
> dns2.nic.uk. 172800 IN AAAA 2401:fd80:400::1
> dns3.nic.uk. 172800 IN AAAA 2a01:618:404::1
> dns4.nic.uk. 172800 IN AAAA 2401:fd80:404::1
> nsa.nic.uk. 172800 IN A 156.154.100.3
> nsb.nic.uk. 172800 IN A 156.154.101.3
> nsc.nic.uk. 172800 IN A 156.154.102.3
> nsd.nic.uk. 172800 IN A 156.154.103.3
> dns1.nic.uk. 172800 IN A 213.248.216.1
> dns2.nic.uk. 172800 IN A 103.49.80.1
> dns3.nic.uk. 172800 IN A 213.248.220.1
> dns4.nic.uk. 172800 IN A 43.230.48.1
> ----snip----
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list