[Pdns-users] Understanding why pdns-recursor 4.8.6 queries DS extremely often

Otto Moerbeek otto at drijf.net
Tue Mar 12 13:45:22 UTC 2024 

On Tue, Mar 12, 2024 at 08:43:20AM +0100, Thomas Mieslinger via Pdns-users wrote:

> While analyzing a spam run, I found the following queries and responses
> for the not delegated domain YALRDRK.net
> 
> For _dmarc.ja<> the queries and responses look as expected.
> 
> For default._bimi.jaqg<> a SERVFAIL is returned by instead of the
> expected NXDOMAIN.
> 
> For _bimi.jaqgs<> the gtld nameserver is queried once which is what I
> expect.
> 
> For default._bimi.jaqg<> the gtld nameservers are queried 5 times for
> the DS Record. Is there a good reason to torture .net gtld Nameservers?
> 
> > "PacketTime","Server","SrcIP","DstIP","QR","ResponseCode","Type","Question"
> > "2024-03-09 19:31:23","::ffff:10.74.42.28","::ffff:172.19.254.2",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:23","::ffff:172.19.254.2","::ffff:10.74.42.28",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:10.74.42.31","::ffff:172.19.255.2",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:172.19.255.2","::ffff:10.74.42.31",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:10.74.42.31","::ffff:172.19.255.2",0,0,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:172.19.255.2","::ffff:10.74.42.31",1,2,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:23","::ffff:82.165.226.66","::ffff:192.42.93.30",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:23","::ffff:192.42.93.30","::ffff:82.165.226.66",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"_bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"_bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","2001:8d8:5c1:453:82:165:226:66","2001:502:8cc::30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> > "2024-03-09 19:31:55","2001:502:8cc::30","2001:8d8:5c1:453:82:165:226:66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> 
> dnssec=process
> root-nx-trust=on
> nothing-below-nxdomain=no
> qname-minimization=no
> 
> If you need the full config or packetcapture, please ask.
> 
> Thanks for your insights
> 
> Cheers
> 
> Thomas

Hoi,

Probably the full config plus a trace doing the query will help more,
as it gives insight in the decision process of the recursor. I'm also
a bit confused. You say YALRDRK.net is not delegated, but I do see NS
records for it in the .net zone. Or did the delegation status of the domain change
recently?

;; AUTHORITY SECTION:
YALRDRK.net.            172800  IN      NS      ns11.abovedomains.com.
YALRDRK.net.            172800  IN      NS      ns12.abovedomains.com.

	-Otto

More information about the Pdns-users mailing list