<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p>Is there any specific reason, why don't you use nsupdate to
manage updated dynamic zone within bind9? What are requirements of
your application? Why don't you include just NS, NAPTR and CNAME
in existing zone, where only top level SOA and NS records would be
static?</p>
<p>Is speed of changes critical? How many records might your
application serve? Is it required to analyze incoming queries?<br>
</p>
<p>If you return Not implemented error to A query, what else should
BIND9 forward? A record is just the basic record type defined by
the very first RFC. It did not receive positive nor negative
response to it. Please stop guessing what would make it work.
Whatever you would create this way would be broken. You would have
to fix bugs in it for years. Please accept tips from people
working on DNS for years and use something they already spent a
lot of time on.</p>
<p>Please avoid developing any new project on RHEL/CentOS 6 too. It
is quite old, I do not think any new deployment with a new
application should start on it. Even RHEL 7 already receives
critical updates only.</p>
<p>Regards,<br>
Petr<br>
</p>
<div class="moz-cite-prefix">On 9/15/21 9:40 AM, Sonal Pahuja wrote:<br>
</div>
<blockquote type="cite"
cite="mid:MWHPR1001MB214174C3129779B8108B34D1A8DB9@MWHPR1001MB2141.namprd10.prod.outlook.com">
<pre class="moz-quote-pre" wrap="">Hi Mark,
Thanks for the response. Now NS query is working fine!!
But I have one more query-
we have our application to resolve e164 domain queries i.e NS, NAPTR and CNAME queries only. If user give any other query type then application sends RCODE=4(NOT_IMPLEMENTED) in response.
But bind9 is rejecting our response and sends SERVFAIL.
Attached is the PCAP.
Please share your views again on this. Thanks in advance!
Regards,
Sonal
-----Original Message-----
From: Mark Andrews [<a class="moz-txt-link-freetext" href="mailto:marka@isc.org">mailto:marka@isc.org</a>]
Sent: Wednesday, September 15, 2021 1:51 AM
To: Sonal Pahuja <a class="moz-txt-link-rfc2396E" href="mailto:sonal.s.pahuja@oracle.com"><sonal.s.pahuja@oracle.com></a>
Cc: <a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
Subject: [External] : Re: NS query on bind9
Named is very picky about returned SOA records in negative responses. If it has followed/seen a delegation then the returned SOA record in the response needs to be at or below that point.
I suspect that named has a cached NS RRset between e164.arpa and 4.0.4.5.2.4.1.4.2.0.2.4.e164.arpa which is causing the returned response to be rejected.
Mark
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at <a class="moz-txt-link-freetext" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Petr Menšík
Software Engineer
Red Hat, <a class="moz-txt-link-freetext" href="http://www.redhat.com/">http://www.redhat.com/</a>
email: <a class="moz-txt-link-abbreviated" href="mailto:pemensik@redhat.com">pemensik@redhat.com</a>
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB</pre>
</body>
</html>