"not subdomain of zone {XXXX} -- invalid response" errors found in named.run log

同屋 39223722 at qq.com
Wed Jan 6 13:57:31 UTC 2021

Actually, the background is a little bit complicated. In short, the topo is as belows. dns1 were swapped by a new one (say dns1*), then the issue happened. After that, we dropped all the AAAA request from dns1*, then the issue was gone.

There is no config change during the whole process, no idea why the caching server has such log.

--------       ---------
|dns1  |      | dns2 |
--------       ---------
    |                 |
  |caching server|  (where the log was observed)

------------------ Original ------------------
From:  "同屋";<39223722 at qq.com>;
Send time: Wednesday, Jan 6, 2021 8:43 PM
To: "同屋"<39223722 at qq.com>; "marka"<marka at isc.org>; 
Cc: "Bind-users"<Bind-users at lists.isc.org>; 
Subject:  re:Re: "not subdomain of zone {XXXX} -- invalid response" errors found in named.run log

Thanks mark, but why this issue is related to load balancer? 

------------------ Original Message ------------------
From: "Mark Andrews";
Date: 2021-01-06 19:09
To: "同屋"<39223722 at qq.com>;

Subject: Re: "not subdomain of zone {XXXX} -- invalid response" errors found in named.run log

Complain to the administrators of the zone. They have not properly delegated it.  We see this often with load balancers. 

The zone a.b.example has been delegated but the answer is as if it is from b.example. 

-- Mark Andrews

On 6 Jan 2021, at 21:02, 同屋 <39223722 at qq.com> wrote:

The version of bind is BIND 9.10.5-P3 id:7d5676f 

One day, I found that the size of named.run is increasing very quickly. And a lot of "invalid response" entries were spotted in the log. Details is as follows (I replace the sensitive info with  {xxxx},{AAA} etc.)
DNS format error from {IP}#53 resolving {XXXX}.bf.bf.node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org/AAAA for client Name epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org (SOA) not subdomain of zone node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org -- invalid response
The response related to the above log is as follows:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  50664 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;{XXXX}.bf.bf.node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org. IN AAAA
;; AUTHORITY SECTION: ;epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org. 86400 IN SOA	.mnc{AAA}.mcc{BBB}.gprs. dns-admin. ( ;						2020122704 ; serial ;						10800      ; refresh (3 hours) ;						3600       ; retry (1 hour) ;						604800     ; expire (1 week) ;						86400      ; minimum (1 day) ;						)

Normally, the FQDN should be cached as a NXRRSET record as follows: 

{XXXX}.bf.bf.node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org. 8412 -AAAA ;-$NXRRSET
But when the issue happens, it cannot be cached, I guess it's related to the "invalid response" log.
From the error log, it mentions "zone node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org", but I'm wondering where the zone "node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org" comes from? I cannot found the related SOA record in the dump file.

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210106/46c6d7fa/attachment-0001.htm>

More information about the bind-users mailing list