<meta http-equiv="Content-Type" content="text/html; charset=GB18030"><div><p data-sourcepos="1:1-2:201" dir="auto">The version of bind is BIND 9.10.5-P3 <a>id:7d5676f</a> </p><p data-sourcepos="1:1-2:201" dir="auto">One day, I found that the size of named.run is increasing very quickly. And a lot of "invalid response" entries were spotted in the log. Details is as follows (I replace the sensitive info with  {xxxx},{AAA} etc.)</p>
<p data-sourcepos="4:1-4:265" dir="auto">DNS format error from {IP}<a href="/isc-projects/bind9/-/issues/53" data-original="#53" data-link="false" data-link-reference="false" data-project="1" data-issue="76" data-reference-type="issue" data-container="body" data-placement="top" title="Implement "NXDOMAIN cut" (RFC 8020)" class="gfm gfm-issue has-tooltip">#53</a> resolving {XXXX}.bf.bf.node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org/AAAA for client 169.254.4.50#51099: Name epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org (SOA) not subdomain of zone node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org -- invalid response</p>
<p data-sourcepos="6:1-6:52" dir="auto">The response related to the above log is as follows:</p>
<p data-sourcepos="8:1-13:65" dir="auto">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  50664
;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;{XXXX}.bf.bf.node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org. IN AAAA</p>
<p data-sourcepos="15:1-22:8" dir="auto">;; AUTHORITY SECTION:
;epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org. 86400 IN SOA    .mnc{AAA}.mcc{BBB}.gprs. dns-admin. (
;                                               2020122704 ; serial
;                                               10800      ; refresh (3 hours)
;                                               3600       ; retry (1 hour)
;                                               604800     ; expire (1 week)
;                                               86400      ; minimum (1 day)
;                                               )</p>
<p data-sourcepos="25:1-26:79" dir="auto">============================================</p><p data-sourcepos="25:1-26:79" dir="auto">Normally, the FQDN should be cached as a NXRRSET record as follows: </p><p data-sourcepos="25:1-26:79" dir="auto">{XXXX}.bf.bf.node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org. 8412 -AAAA ;-$NXRRSET</p>
<p data-sourcepos="28:1-28:100" dir="auto">But when the issue happens, it cannot be cached, I guess it's related to the "invalid response" log.</p>
<p data-sourcepos="30:1-30:228" dir="auto">From the error log, it mentions "zone node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org", but I'm wondering where the zone "node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org" comes from? I cannot found the related SOA record in the dump file.</p></div>