BIND 8 bug? (Protocol not supported)

Pavel V. Knyazev pasha at comp.protocols.dns.bind
Sat Feb 14 16:48:23 UTC 2004


Hi!

I'm setting up a caching only server under BIND 8.3.7-REL,
that comes with a fresh snapshot of FreeBSD 4.9 security branch.

Here's what i got. As long as BIND returns nothing for a first
query, it can be considered a bug, i think. Here we go (look also
at the bottom, there are some examples and comments):

9:30pm phobos:~# /usr/sbin/named -u bind -g bind -t /etc/namedb /etc/named.conf
9:30pm phobos:~# dig 194.in-addr.arpa ns

; <<>> DiG 8.3 <<>> 194.in-addr.arpa ns
;; res options: init recurs defnam dnsrch
;; res_nsend: Protocol not supported
9:31pm phobos:~# dig 194.in-addr.arpa ns

; <<>> DiG 8.3 <<>> 194.in-addr.arpa ns
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52669
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 7, ADDITIONAL: 7
;; QUERY SECTION:
;;      194.in-addr.arpa, type = NS, class = IN

;; ANSWER SECTION:
194.in-addr.arpa.       5D IN NS        auth03.ns.uu.net.
194.in-addr.arpa.       5D IN NS        tinnie.arin.net.
194.in-addr.arpa.       5D IN NS        ns.ripe.net.
194.in-addr.arpa.       5D IN NS        ns2.nic.fr.
194.in-addr.arpa.       5D IN NS        sec1.apnic.net.
194.in-addr.arpa.       5D IN NS        sec3.apnic.net.
194.in-addr.arpa.       5D IN NS        sunic.sunet.se.

;; AUTHORITY SECTION:
194.in-addr.arpa.       5D IN NS        auth03.ns.uu.net.
194.in-addr.arpa.       5D IN NS        tinnie.arin.net.
194.in-addr.arpa.       5D IN NS        ns.ripe.net.
194.in-addr.arpa.       5D IN NS        ns2.nic.fr.
194.in-addr.arpa.       5D IN NS        sec1.apnic.net.
194.in-addr.arpa.       5D IN NS        sec3.apnic.net.
194.in-addr.arpa.       5D IN NS        sunic.sunet.se.

;; ADDITIONAL SECTION:
auth03.ns.uu.net.       1d23h59m24s IN A  198.6.1.83
tinnie.arin.net.        2h59m26s IN A   63.146.182.189
ns.ripe.net.            1d23h59m24s IN A  193.0.0.193
ns2.nic.fr.             3d23h59m24s IN A  192.93.0.4
sec1.apnic.net.         1d23h59m24s IN A  202.12.29.59
sec3.apnic.net.         1d23h59m24s IN A  202.12.28.140
sunic.sunet.se.         23h59m23s IN A  192.36.125.2

;; Total query time: 644 msec
;; FROM: phobos.surnet.ru to SERVER: 127.0.0.1
;; WHEN: Sat Feb 14 21:31:38 2004
;; MSG SIZE  sent: 34  rcvd: 434

9:31pm phobos:~# dig 194.in-addr.arpa ns @ns.ripe.net.

; <<>> DiG 8.3 <<>> 194.in-addr.arpa ns @ns.ripe.net.
; (2 servers found)
;; res options: init recurs defnam dnsrch
;; res_nsend: Protocol not supported
9:34pm phobos:~# dig 194.in-addr.arpa ns @193.0.0.193

; <<>> DiG 8.3 <<>> 194.in-addr.arpa ns @193.0.0.193
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11896
;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 6
;; QUERY SECTION:
;;      194.in-addr.arpa, type = NS, class = IN

;; ANSWER SECTION:
194.in-addr.arpa.       5D IN NS        sec1.apnic.net.
194.in-addr.arpa.       5D IN NS        sec3.apnic.net.
194.in-addr.arpa.       5D IN NS        sunic.sunet.se.
194.in-addr.arpa.       5D IN NS        auth03.ns.uu.net.
194.in-addr.arpa.       5D IN NS        tinnie.arin.net.
194.in-addr.arpa.       5D IN NS        ns.ripe.net.
194.in-addr.arpa.       5D IN NS        ns2.nic.fr.

;; ADDITIONAL SECTION:
ns.ripe.net.            2D IN A         193.0.0.193
ns.ripe.net.            2D IN AAAA      2001:610:240:0:53::193
ns2.nic.fr.             4D IN A         192.93.0.4
sec1.apnic.net.         1H IN A         202.12.29.59
sec3.apnic.net.         1H IN A         202.12.28.140
sec3.apnic.net.         1H IN AAAA      2001:dc0:1:0:4777:140::

;; Total query time: 321 msec
;; FROM: phobos.surnet.ru to SERVER: 193.0.0.193
;; WHEN: Sat Feb 14 21:36:26 2004
;; MSG SIZE  sent: 34  rcvd: 328

9:36pm phobos:~#

As far as i understand, there are issues with IPv6,
in particular BIND 8 doesn't know how to deal with
such sites (look up and see how it works with IPv6
of ns.ripe.net).

There are no problems with BIND 9 on the same machine.
It works just fine although it sees IPv6 RRs also.

Please, what is the cure for BIND 8?

--
Pavel V. Knyazev


More information about the bind-users mailing list