Problem resolving

Danilo Godec danilo.godec at agenda.si
Thu Sep 16 09:42:57 UTC 2021 

Hello,


I recently stumbled upon a problem trying to update my root hints file
from *ftp.rs.internic.net*. For some reason, one of my DNS servers
running on Alpine Linux, can't resolve this name properly and always fails:

# ping ftp.rs.internic.net
ping: ftp.rs.internic.net: Try again

nslookup starts off fine, it prints the A record, but then it fails to:

# nslookup ftp.rs.internic.net
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
ftp.rs.internic.net     canonical name = ftp.rs.verisigndns.com.
Name:   ftp.rs.verisigndns.com
Address: 69.58.179.79
** server can't find ftp.rs.verisigndns.com: SERVFAIL


It seems the problem is with AAAA records, as apparently musl libc tries
to resolve both A and AAAA record and fails if either of them are not
available. Unfortunately, I couldn't find a way to configure the musl
resolver not to try AAAA records.

Digging a bit deeper I found out that these queries cause BIND to log
errors:

named[12737]: DNS format error from 185.100.2.22#53 resolving ftp.rs.verisigndns.com/AAAA for 127.0.0.1#39521: Name rs.verisigndns.com (SOA) not subdomain of zone ftp.rs.verisigndns.com -- invalid response
named[12737]: DNS format error from 72.13.39.22#53 resolving ftp.rs.verisigndns.com/AAAA for 127.0.0.1#39521: Name rs.verisigndns.com (SOA) not subdomain of zone ftp.rs.verisigndns.com -- invalid response
named[12737]: DNS format error from 69.36.158.22#53 resolving ftp.rs.verisigndns.com/AAAA for 127.0.0.1#39521: Name rs.verisigndns.com (SOA) not subdomain of zone ftp.rs.verisigndns.com -- invalid response
named[12737]: DNS format error from 199.16.87.22#53 resolving ftp.rs.verisigndns.com/AAAA for 127.0.0.1#39521: Name rs.verisigndns.com (SOA) not subdomain of zone ftp.rs.verisigndns.com -- invalid response


However, if I point the system resolver (or nslookup) to some other DNS
(my ISP's DNS, for examle), neither ping or nslookup fail.


Is there anything I can do on my BIND to make musl libc happy and not
fail in such a case?


     Thanks,

    Danilo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210916/542f3d21/attachment-0001.htm>

More information about the bind-users mailing list