[Pdns-users] Understanding why pdns-recursor 4.8.6 queries DS extremely often

Thomas Mieslinger miesi at mail.com
Thu Mar 14 07:20:35 UTC 2024 

Hi Otto,

thank you for making me aware that abovenet blocked AS8560 on their DNS.
As of now 14MAR2024 08:16 CET they have unblocked us.

We still have Problems, but not yet enough material to describe it
precisely.

Cheers
Thomas

Am 12.03.24 um 14:45 schrieb Otto Moerbeek:
> On Tue, Mar 12, 2024 at 08:43:20AM +0100, Thomas Mieslinger via Pdns-users wrote:
>
>> While analyzing a spam run, I found the following queries and responses
>> for the not delegated domain YALRDRK.net
>>
>> For _dmarc.ja<> the queries and responses look as expected.
>>
>> For default._bimi.jaqg<> a SERVFAIL is returned by instead of the
>> expected NXDOMAIN.
>>
>> For _bimi.jaqgs<> the gtld nameserver is queried once which is what I
>> expect.
>>
>> For default._bimi.jaqg<> the gtld nameservers are queried 5 times for
>> the DS Record. Is there a good reason to torture .net gtld Nameservers?
>>
>>> "PacketTime","Server","SrcIP","DstIP","QR","ResponseCode","Type","Question"
>>> "2024-03-09 19:31:23","::ffff:10.74.42.28","::ffff:172.19.254.2",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:23","::ffff:172.19.254.2","::ffff:10.74.42.28",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:10.74.42.31","::ffff:172.19.255.2",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:172.19.255.2","::ffff:10.74.42.31",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:10.74.42.31","::ffff:172.19.255.2",0,0,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:172.19.255.2","::ffff:10.74.42.31",1,2,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:23","::ffff:82.165.226.66","::ffff:192.42.93.30",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:23","::ffff:192.42.93.30","::ffff:82.165.226.66",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"_bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"_bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","2001:8d8:5c1:453:82:165:226:66","2001:502:8cc::30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>> "2024-03-09 19:31:55","2001:502:8cc::30","2001:8d8:5c1:453:82:165:226:66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
>>
>> dnssec=process
>> root-nx-trust=on
>> nothing-below-nxdomain=no
>> qname-minimization=no
>>
>> If you need the full config or packetcapture, please ask.
>>
>> Thanks for your insights
>>
>> Cheers
>>
>> Thomas
>
> Hoi,
>
> Probably the full config plus a trace doing the query will help more,
> as it gives insight in the decision process of the recursor. I'm also
> a bit confused. You say YALRDRK.net is not delegated, but I do see NS
> records for it in the .net zone. Or did the delegation status of the domain change
> recently?
>
> ;; AUTHORITY SECTION:
> YALRDRK.net.            172800  IN      NS      ns11.abovedomains.com.
> YALRDRK.net.            172800  IN      NS      ns12.abovedomains.com.
>
> 	-Otto

More information about the Pdns-users mailing list