DNS-resolution failed for "www.gracenote.com" when "qname-minimization relaxed|strict;"
Tom
tomtux007 at gmail.com
Mon May 13 11:36:16 UTC 2019
Hi list
Using BIND-9.14.1 as a resolver and qname-minimization set to "relaxed":
The following A-record resp. CNAME could not be resolved, when
qname-minimization is enabled (strict or relaxed):
www.gracenote.com
With qname-minimization enabled, BIND tries to get the NS record for
"glb.gracenote.com" (after BIND received the CNAME
"web.glb.gracenote.com") which results in:
$ dig @bind-9.14.1 +noall +answer ns glb.gracenote.com
glb.gracenote.com. 0 IN NS sc-gtm-1a.globix-sc.gracenote.com.
Then BIND tries to get the ip address for the mentioned NS
(sc-gtm-1a.globix-sc.gracenote.com.) above, which results in NXDOMAIN:
$ dig @bind-9.14.1 +noall +answer +comment
sc-gtm-1a.globix-sc.gracenote.com.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17096
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 9b42859a64d8ace1d701a0565cd94f43afdf5dc2a0368d96 (good)
From the client-perspective, the whole query results in SERVFAIL:
$ dig @bind-9.14.1 +noall +comment www.gracenote.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47277
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: ffb32844e0c268e28df22c8a5cd9528e2dfff5e5f2f857cf (good)
Question:
Is there a simple way, where I can configure a zone-wide exception for
"qname-minimization" in a (pseudo)-way like this:
zone "gracenote.com." { qname-minimization off; };
What's the best way to "enable" resolution for the mentioned zone
without disabling qname-minimization?
Many thanks for any hints.
Kind regards,
Tom
More information about the bind-users
mailing list