question about resolving of AAAA amazoses.com

Ondřej Surý ondrej at isc.org
Sat Jul 5 04:02:54 UTC 2025 

Specifically in this case the incorrect chain starts here:

> $ dig IN AAAA feedback-smtp.us-east-1.amazonses.com @ns-265.awsdns-33.com.
> 
> ; <<>> DiG 9.21.8-1+0~20250521.138+debian12~1.gbpefbbeb-Debian <<>> IN AAAA feedback-smtp.us-east-1.amazonses.com @ns-265.awsdns-33.com.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11817
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;feedback-smtp.us-east-1.amazonses.com. IN AAAA
> 
> ;; AUTHORITY SECTION:
> feedback-smtp.us-east-1.amazonses.com. 60 IN NS ns-1244.awsdns-27.org.
> feedback-smtp.us-east-1.amazonses.com. 60 IN NS ns-1739.awsdns-25.co.uk.
> feedback-smtp.us-east-1.amazonses.com. 60 IN NS ns-82.awsdns-10.com.
> feedback-smtp.us-east-1.amazonses.com. 60 IN NS ns-968.awsdns-57.net.
> 
> ;; Query time: 28 msec
> ;; SERVER: 2600:9000:5301:900::1#53(ns-265.awsdns-33.com.) (UDP)
> ;; WHEN: Sat Jul 05 05:59:17 CEST 2025
> ;; MSG SIZE  rcvd: 202


This delegates the whole **feedback-smtp.us-east-1.amazonses.com.** to the set of
these 4 nameservers, but if you ask one of these:

$ dig IN AAAA feedback-smtp.us-east-1.amazonses.com @ns-1244.awsdns-27.org.

> ; <<>> DiG 9.21.8-1+0~20250521.138+debian12~1.gbpefbbeb-Debian <<>> IN AAAA feedback-smtp.us-east-1.amazonses.com @ns-1244.awsdns-27.org.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16354
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;feedback-smtp.us-east-1.amazonses.com. IN AAAA
> 
> ;; AUTHORITY SECTION:
> us-east-1.amazonses.com. 900    IN      SOA     ns-968.awsdns-57.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
> 
> ;; Query time: 32 msec
> ;; SERVER: 2600:9000:5304:dc00::1#53(ns-1244.awsdns-27.org.) (UDP)
> ;; WHEN: Sat Jul 05 06:00:39 CEST 2025
> ;; MSG SIZE  rcvd: 147


It returns soa with **us-east-1.amazonses.com.** as the owner of the SOA record. As the previous
delegation also included "feedback.", this is matches the log message you've been seeing as

> us-east-1.amazonses.com.

can't really be subdomain of something deeper in the tree:

> feedback-smtp.us-east-1.amazonses.com.


Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 4. 7. 2025, at 10:17, Florian Piekert via bind-users <bind-users at lists.isc.org> wrote:
> 
> Hello and many thanks for the quick all-answering response!
> 
> Thanks for Greg as well, I leave it to Petr's answer then :-)
> 
> 
> Am 04.07.2025 um 10:13 schrieb Petr Špaček:
>> On 04. 07. 25 9:56, Florian Piekert via bind-users wrote:
>>> Hello all,
>>> 
>>> I frequently have this in my logs
>>> 
>>> May  4 14:29:16 sonne named[4035767]: DNS format error from 2600:9000:5303:c800::1#53 resolving feedback-smtp.us- east-1.amazonses.com/AAAA for 127.0.0.1#44099: Name us- east-1.amazonses.com (SOA) not subdomain of zone feedback-smtp.us- east-1.amazonses.com -- invalid response
> ...
>>> May  4 14:29:16 sonne named[4035767]: DNS format error from 205.251.192.82#53 resolving feedback-smtp.us-east-1.amazonses.com/AAAA for 127.0.0.1#44099: Name us-east-1.amazonses.com (SOA) not subdomain of zone feedback-smtp.us-east-1.amazonses.com -- invalid response
>>> 
>>> and was wondering IF there is a misconfiguration on my bind?
>> No, it's misconfiguration on the auth side. See e.g.
>> https://lists.isc.org/pipermail/bind-users/2021-January/104064.html
>> for an explanation.
> 
> Florian
> 
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list