Problem resolving
Danilo Godec
danilo.godec at agenda.si
Thu Sep 16 09:42:57 UTC 2021
Hello,
I recently stumbled upon a problem trying to update my root hints file
from *ftp.rs.internic.net*. For some reason, one of my DNS servers
running on Alpine Linux, can't resolve this name properly and always fails:
# ping ftp.rs.internic.net
ping: ftp.rs.internic.net: Try again
nslookup starts off fine, it prints the A record, but then it fails to:
# nslookup ftp.rs.internic.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
ftp.rs.internic.net canonical name = ftp.rs.verisigndns.com.
Name: ftp.rs.verisigndns.com
Address: 69.58.179.79
** server can't find ftp.rs.verisigndns.com: SERVFAIL
It seems the problem is with AAAA records, as apparently musl libc tries
to resolve both A and AAAA record and fails if either of them are not
available. Unfortunately, I couldn't find a way to configure the musl
resolver not to try AAAA records.
Digging a bit deeper I found out that these queries cause BIND to log
errors:
named[12737]: DNS format error from 185.100.2.22#53 resolving ftp.rs.verisigndns.com/AAAA for 127.0.0.1#39521: Name rs.verisigndns.com (SOA) not subdomain of zone ftp.rs.verisigndns.com -- invalid response
named[12737]: DNS format error from 72.13.39.22#53 resolving ftp.rs.verisigndns.com/AAAA for 127.0.0.1#39521: Name rs.verisigndns.com (SOA) not subdomain of zone ftp.rs.verisigndns.com -- invalid response
named[12737]: DNS format error from 69.36.158.22#53 resolving ftp.rs.verisigndns.com/AAAA for 127.0.0.1#39521: Name rs.verisigndns.com (SOA) not subdomain of zone ftp.rs.verisigndns.com -- invalid response
named[12737]: DNS format error from 199.16.87.22#53 resolving ftp.rs.verisigndns.com/AAAA for 127.0.0.1#39521: Name rs.verisigndns.com (SOA) not subdomain of zone ftp.rs.verisigndns.com -- invalid response
However, if I point the system resolver (or nslookup) to some other DNS
(my ISP's DNS, for examle), neither ping or nslookup fail.
Is there anything I can do on my BIND to make musl libc happy and not
fail in such a case?
Thanks,
Danilo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210916/542f3d21/attachment-0001.htm>
More information about the bind-users
mailing list