synthetic DNS64 response for sync-na.dyn.itg.com

Stephan Lagerholm stephan at pi.nxs.se
Fri Jan 20 20:47:50 UTC 2017 

I'm having trouble getting Bind to create a synthetic DNS64 response for
sync-na.dyn.itg.com. although an A record exist. My Bind is configured
with DNS64:

        dns64 64:ff9b::/96 { break-dnssec yes; };

The auth nameservers for the domain are busted for sure. They are
returning SERVFAIL for the AAAA query
(dig @dds1.itginc.com. sync-na.dyn.itg.com. AAAA). But I would
expect Bind to fall over to creating a synthetic response,
as that is required according to RFC6147 section 5.1.2.

Am I missing something or is this a bug in Bind? I'm running bind.x86_64
32:9.9.4-29.el7_2.4

I have added three digs below, one that shows that DNS64 works properly,
then one for AAAA and one for the A record.

Many thanks /Stephan


[view at CNODAL01]> dig @x.x.x.x ipv4only.arpa AAAA
; <<>> DiG SourceT 3.x <<>> @ x.x.x.x ipv4only.arpa AAAA
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58145
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ipv4only.arpa.                           IN       AAAA

;; ANSWER SECTION:
ipv4only.arpa.                 60 IN       AAAA         64:ff9b::c000:ab
ipv4only.arpa.                 60 IN       AAAA         64:ff9b::c000:aa

;; Query time: 58 msec
;; SERVER: x.x.x.x #53 (x.x.x.x)
;; WHEN: Fri Jan 20 18:56:56 2017
;; MSG SIZE  rcvd: 87


[view at CNODAL01]> dig @ x.x.x.x sync-na.dyn.itg.com. AAAA
; <<>> DiG SourceT 3.x <<>> @ x.x.x.x sync-na.dyn.itg.com. AAAA
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53139
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sync-na.dyn.itg.com.                     IN       AAAA

;; Query time: 2010 msec
;; SERVER: x.x.x.x #53 (x.x.x.x)
;; WHEN: Fri Jan 20 18:58:12 2017
;; MSG SIZE  rcvd: 37

[view at CNODAL01]> dig @ x.x.x.x sync-na.dyn.itg.com. A
; <<>> DiG SourceT 3.x <<>> @ x.x.x.x sync-na.dyn.itg.com. A
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61005
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sync-na.dyn.itg.com.                     IN       A

;; ANSWER SECTION:
sync-na.dyn.itg.com.           30 IN       A            65.172.71.41

;; Query time: 201 msec
;; SERVER: x.x.x.x #53 (x.x.x.x)
;; WHEN: Fri Jan 20 18:58:14 2017
;; MSG SIZE  rcvd: 53

More information about the bind-users mailing list