bind resolver zone delegation

Frank Patzig fp at mdlink.de
Wed May 15 13:27:14 UTC 2019


Hi,

my bind is 9.14-1.

I check the zone

dig @NS-EAST.CERF.NET any  vpn.smiths.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @NS-EAST.CERF.NET any
vpn.smiths.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47937
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com.                        IN      ANY

;; AUTHORITY SECTION:
vpn.smiths.com.         86400   IN      NS      resolve01.sslra.com.
vpn.smiths.com.         86400   IN      NS      resolve02.sslra.com.

;; Query time: 119 msec
;; SERVER: 2001:1890:1ff:9f1:99:99:99:136#53(2001:1890:1ff:9f1:99:99:99:136)
;; WHEN: Mi Mai 15 13:42:26 CEST 2019
;; MSG SIZE  rcvd: 97

this is fine


dig @resolve01.sslra.com any  vpn.smiths.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @resolve01.sslra.com any
vpn.smiths.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22398
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com.                        IN      ANY

;; ANSWER SECTION:
vpn.smiths.com.         30      IN      A       194.105.113.242

;; AUTHORITY SECTION:
smiths.com.             500     IN      NS      resolve01.sslvpndemo.com.

;; Query time: 171 msec
;; SERVER: 216.132.83.124#53(216.132.83.124)
;; WHEN: Mi Mai 15 13:43:04 CEST 2019
;; MSG SIZE  rcvd: 94

OK

dig @resolve01.sslra.com MX  vpn.smiths.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @resolve01.sslra.com MX
vpn.smiths.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21258
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com.                        IN      MX

;; AUTHORITY SECTION:
smiths.com.             60      IN      SOA     resolve01.sslvpndemo.com.
hostmaster.resolve01.sslvpndemo.com. 5 10800 3600 604800 60

;; Query time: 169 msec
;; SERVER: 216.132.83.124#53(216.132.83.124)
;; WHEN: Mi Mai 15 13:44:04 CEST 2019
;; MSG SIZE  rcvd: 111

-----------------------------------------------------------------------


I check my bind:

dig @localhost  any  vpn.smiths.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @localhost any vpn.smiths.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27551
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com.                        IN      ANY

;; ANSWER SECTION:
vpn.smiths.com.         30      IN      A       194.105.113.242
vpn.smiths.com.         1583    IN      NS      resolve01.sslra.com.
vpn.smiths.com.         1583    IN      NS      resolve02.sslra.com.

;; AUTHORITY SECTION:
vpn.smiths.com.         1583    IN      NS      resolve01.sslra.com.
vpn.smiths.com.         1583    IN      NS      resolve02.sslra.com.

;; ADDITIONAL SECTION:
resolve01.sslra.com.    506     IN      A       216.132.83.124
resolve02.sslra.com.    258     IN      A       64.7.11.138

;; Query time: 172 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mi Mai 15 13:44:38 CEST 2019
;; MSG SIZE  rcvd: 173


dig @localhost  MX  vpn.smiths.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @localhost MX vpn.smiths.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8396
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com.                        IN      MX

;; Query time: 272 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mi Mai 15 13:45:34 CEST 2019
;; MSG SIZE  rcvd: 43


In status is SERVFAIL

In my log

DNS format error from 64.7.11.138#53 resolving vpn.smiths.com/MX for 
client 127.0.0.1#47512: Name smiths.com (SOA) not subdomain of zone 
vpn.smiths.com -- invalid response

What is the problem.


Test with Google is OK:

dig @8.8.8.8  MX  vpn.smiths.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @8.8.8.8 MX vpn.smiths.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21066
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;vpn.smiths.com.                        IN      MX

;; AUTHORITY SECTION:
smiths.com.             59      IN      SOA 
resolve01.sslvpndemo.com. hostmaster.resolve01.sslvpndemo.com. 5 10800 
3600 604800 60

;; Query time: 180 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mi Mai 15 15:26:28 CEST 2019
;; MSG SIZE  rcvd: 111


Can i help you.

Regards
-- 
Frank



More information about the bind-users mailing list