<div dir="ltr">Dear Bind-Users,<div><br></div><div>Greetings of the Day!!!</div><div><br></div><div>I have faced an issue on my RPZ Server.</div><div>I have added the A record Entry & AAAA record entry for some domains.</div><div>The RPZ Policy is running fine.</div><div>But the werired response that i am getting with few domains are that when I have quered the A record for that domain, the answer is OK.</div><div>When I have quered for AAAA record, it is not given the answer.</div><div>When I have run the dig query using any option, it has shown me the A record as well as AAAA record too.</div><div>I have facing this issue while querying following domains:</div><div>1. <a href="http://gim8.pl">gim8.pl</a></div><div>2. <a href="http://ns-cnc1.qq.com">ns-cnc1.qq.com</a></div><div>3. <a href="http://ns-tel1.qq.com">ns-tel1.qq.com</a></div><div><br></div><div>Lets take an example of first doamin:</div><div>I have sharing the dig o/p here with different options:</div><div>A. querying A Record:</div><div>-----------------------------</div><div><div>; <<>> DiG 9.10.3-P3 <<>> <a href="http://gim8.pl">gim8.pl</a></div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19768</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2</div><div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>;; QUESTION SECTION:</div><div>;<a href="http://gim8.pl">gim8.pl</a>. IN A</div><div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://gim8.pl">gim8.pl</a>. 5 IN A 10.40.124.13</div><div><br></div><div>;; AUTHORITY SECTION:</div><div><a href="http://rpz.nkn.in">rpz.nkn.in</a>. 3600 IN NS <a href="http://ns1.rpz.nkn.in">ns1.rpz.nkn.in</a>.</div><div><br></div><div>;; ADDITIONAL SECTION:</div><div><a href="http://ns1.rpz.nkn.in">ns1.rpz.nkn.in</a>. 3600 IN A 10.199.88.2</div><div><br></div><div>;; Query time: 4406 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Tue May 22 17:22:57 IST 2018</div><div>;; MSG SIZE rcvd: 96</div></div><div><br></div><div>B: Query the AAAA Record:</div><div>-------------------------------------</div><div><div>; <<>> DiG 9.10.3-P3 <<>> <a href="http://gim8.pl">gim8.pl</a> AAAA</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60907</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1</div><div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>;; QUESTION SECTION:</div><div>;<a href="http://gim8.pl">gim8.pl</a>. IN AAAA</div><div><br></div><div>;; Query time: 517 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Tue May 22 17:24:13 IST 2018</div><div>;; MSG SIZE rcvd: 36</div></div><div><br></div><div>C: Query the Record with ANY option:</div><div>--------------------------------------------------</div><div><div>; <<>> DiG 9.10.3-P3 <<>> <a href="http://gim8.pl">gim8.pl</a> any</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 583</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2</div><div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>;; QUESTION SECTION:</div><div>;<a href="http://gim8.pl">gim8.pl</a>. IN ANY</div><div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://gim8.pl">gim8.pl</a>. 5 IN AAAA 2001:4408:5240::13</div><div><a href="http://gim8.pl">gim8.pl</a>. 5 IN A 10.40.124.13</div><div><br></div><div>;; AUTHORITY SECTION:</div><div><a href="http://rpz.nkn.in">rpz.nkn.in</a>. 3600 IN NS <a href="http://ns1.rpz.nkn.in">ns1.rpz.nkn.in</a>.</div><div><br></div><div>;; ADDITIONAL SECTION:</div><div><a href="http://ns1.rpz.nkn.in">ns1.rpz.nkn.in</a>. 3600 IN A 10.199.88.2</div><div><br></div><div>;; Query time: 821 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Tue May 22 17:24:42 IST 2018</div><div>;; MSG SIZE rcvd: 124</div></div><div> Last o/p shows the AAAA record too...but alone its not working.</div><div><br></div><div>I am sharing you the messages that i received when I hit the AAAA query using dig:</div><div><div>May 22 17:24:13 RPZ named[17245]: FORMERR resolving '<a href="http://gim8.pl/AAAA/IN">gim8.pl/AAAA/IN</a>': 104.130.132.112#53</div><div>May 22 17:24:13 RPZ named[17245]: FORMERR resolving '<a href="http://gim8.pl/AAAA/IN">gim8.pl/AAAA/IN</a>': 198.245.62.20#53</div><div>May 22 17:25:46 RPZ named[17245]: FORMERR resolving '<a href="http://gim8.pl/AAAA/IN">gim8.pl/AAAA/IN</a>': 104.130.132.112#53</div><div>May 22 17:25:46 RPZ named[17245]: FORMERR resolving '<a href="http://gim8.pl/AAAA/IN">gim8.pl/AAAA/IN</a>': 198.245.62.20#53</div></div><div><br></div><div><br></div><div>Can anyone suggest, what goes wrong & why the RPZ policy is not throuugh the AAAA result when the dig alone run with AAAA query?</div><div><br></div><div><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><font face="tahoma, sans-serif"><font style="color:rgb(0,0,102);font-family:verdana,sans-serif" size="2">Thanks & Regards,<br><br>Saurabh Srivastava,<br>Mobile: +91-9958399291</font></font></div><div><font face="tahoma, sans-serif"><font style="color:rgb(0,0,102);font-family:verdana,sans-serif" size="2">Email: <a href="mailto:jp.saurabh@gmail.com" target="_blank">jp.saurabh@gmail.com</a> </font><b><br></b></font></div></div></div></div></div></div></div></div>
</div></div>