sorry for replying directly, still have some problems with gmail UI.<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Michal Wesolowski</b> <span dir="ltr"><<a href="mailto:gmickyw@gmail.com">gmickyw@gmail.com</a>></span><br>
Date: Tue, Feb 23, 2010 at 2:47 PM<br>Subject: Re: IPv6 client and negative cache - some doubts<br>To: Sam Wilson <<a href="mailto:Sam.Wilson@ed.ac.uk">Sam.Wilson@ed.ac.uk</a>><br><br><br><div class="gmail_quote"><div>
<div></div><div class="h5">On Tue, Feb 23, 2010 at 1:33 PM, Sam Wilson <span dir="ltr"><<a href="mailto:Sam.Wilson@ed.ac.uk" target="_blank">Sam.Wilson@ed.ac.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
In article <<a href="mailto:mailman.529.1266923597.21153.bind-users@lists.isc.org" target="_blank">mailman.529.1266923597.21153.bind-users@lists.isc.org</a>>,<br>
Michal Wesolowski <<a href="mailto:gmickyw@gmail.com" target="_blank">gmickyw@gmail.com</a>> wrote:<br>
<br>
> Hello Everyone<br>
><br>
> I have a problem with Bind 9.3.6-P1 (included in Solaris 10) but honestly I<br>
> don't even understand if it is wrong Bind behaviour or my ignorance. It does<br>
> apply only to some specific cases when external domain delegation is also<br>
> somewhat broken. My server is caching only. Let me show it by the example:<br>
><br>
> Host "<a href="http://www.goleszow.pl" target="_blank">www.goleszow.pl</a>" has bad NS delegation on country root servers level<br>
> because <a href="http://virtual.sincom.pl" target="_blank">virtual.sincom.pl</a> is not resolvable:<br>
><br>
> <a href="http://goleszow.pl" target="_blank">goleszow.pl</a>. 86400 IN NS <a href="http://virtual.sincom.pl" target="_blank">virtual.sincom.pl</a>.<br>
> <a href="http://goleszow.pl" target="_blank">goleszow.pl</a>. 86400 IN NS <a href="http://virtual.jasnet.pl" target="_blank">virtual.jasnet.pl</a>.<br>
> ;; Received 91 bytes from 149.156.1.6#53(G-DNS.pl) in 19 ms<br>
<br>
That may be part of the problem, and it needs to be fixed, but I don't<br>
think that's all of it.<br></blockquote><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
> When dns client asks my server for A record of "<a href="http://www.goleszow.pl" target="_blank">www.goleszow.pl</a>" -<br>
> everything is fine. But when first query (after cache is flushed) asks for<br>
> AAAA record - my server seems to cache negative answer and all subsequent<br>
> queries for A record also fails. ...<br>
> [snip]<br>
> This is what I found in the Bind cache:<br>
> # rndc dumpdb -all<br>
> # cat /var/named/log/named_dump.db | grep virt<br>
> <a href="http://goleszow.pl" target="_blank">goleszow.pl</a>. 85994 NS <a href="http://virtual.jasnet.pl" target="_blank">virtual.jasnet.pl</a>.<br>
> 85994 NS <a href="http://virtual.sincom.pl" target="_blank">virtual.sincom.pl</a>.<br>
> <a href="http://virtual.jasnet.pl" target="_blank">virtual.jasnet.pl</a>. 3194 A 85.202.208.254<br>
> <a href="http://virtual.sincom.pl" target="_blank">virtual.sincom.pl</a>. 3194 \-ANY ;-$NXDOMAIN<br>
> ; <a href="http://virtual.jasnet.pl" target="_blank">virtual.jasnet.pl</a> alias <a href="http://jasnet.pl" target="_blank">jasnet.pl</a> [v4 TTL 3194] [target TTL 3194] [v4<br>
> success] [v6 unexpected]<br>
> ; <a href="http://virtual.sincom.pl" target="_blank">virtual.sincom.pl</a> [v4 TTL 3194] [v6 TTL 3194] [v4 nxdomain] [v6 nxdomain]<br>
><br>
> Which for me doesn't explain this behaviour. Please advice.<br>
<br>
Note that line beginning "<a href="http://virtual.jasnet.pl" target="_blank">virtual.jasnet.pl</a> alias <a href="http://jasnet.pl" target="_blank">jasnet.pl</a>". <a href="http://jasnet.pl" target="_blank">jasnet.pl</a><br>
is delegated to <a href="http://ns10.az.pl" target="_blank">ns10.az.pl</a> and <a href="http://ns11.az.pl" target="_blank">ns11.az.pl</a>. If you ask them for an A<br>
record for <a href="http://virtual.jasnet.pl" target="_blank">virtual.jasnet.pl</a> you get an A record; if you ask for AAAA<br>
you get a CNAME pointing to <a href="http://jasnet.pl" target="_blank">jasnet.pl</a>. I can't imagine what sort of<br>
configuration could cause that to happen. I'm also not sure how that<br>
might be screwing up your lookups, but it's certainly weird. On the<br>
'fix what you know to be broken' principle I'd try to get that and the<br>
broken delegation sorted first before looking any further.<br>
<br>
Sam<br>
<br></blockquote><div> </div></div></div>Thank you Sam for pointing this out. This is probably real source of the problem. I looked over what could cause such situation and so far found old bug in PowerDNS (but don't know if they use it!) which generated such answers when using wildcards.<br>
<br>After some reading my present understanding is that correct response to AAAA query when there is such record in the zone and there exists another record of different type for the same name - is to reply with empty answer and no error (this applies to authoritative NS). So what <a href="http://ns10.az.pl" target="_blank">ns10.az.pl</a> does is not consistent with specification.<br>
However I'm still not sure if bind shouldn't cope with this somehow. I understand that if it applied to final query for "<a href="http://www.goliszew.pl" target="_blank">www.goliszew.pl</a>" than it would be correct for bind to cache it as negative for all types of records. But if it concerns bad respond for NS? - I don't know.<br>
<br>Thanks<br><br>Michal<br></div>
</div><br>