<div dir="ltr">Hi Jason.<div>I just tried this on my server (9.18.11) and it does indeed appear to be qname minimisation. The following servers (NS for <a href="http://tn.gov">tn.gov</a>) just don't respond to the query "_.<a href="http://edison.tn.gov">edison.tn.gov</a>":</div><div><br></div><div><a href="http://dns4.tn.gov">dns4.tn.gov</a>: type A, class IN, addr 170.141.167.222<br><a href="http://dns5.tn.gov">dns5.tn.gov</a>: type A, class IN, addr 170.141.168.22<br></div><div><br></div><div>QM can't be disabled per destination server, only globally.</div><div>I would recommend you contact the NS administrators and inform them they have a problem. According to the SOA the RNAME is <a href="mailto:named-mgr@wannms.state.tn.us">named-mgr@wannms.state.tn.us</a></div><div><br></div><div>Cheers, Greg</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 27 Mar 2023 at 18:54, <<a href="mailto:jmurray@pdknox.org">jmurray@pdknox.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
Recursive queries to a pair of matching bind 9.16 servers on openbsd 7.0 are timing out unexpectedly for only two names: "<a href="http://www.edison.tn.gov" rel="noreferrer" target="_blank">www.edison.tn.gov</a>" and "<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>". Both bind instances are otherwise working fine, and have been for some time.<br>
<br>
The query returns a CNAME, and there's a delegation to another set of nameservers on <a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>, but as you can see below in the pcap and the named.run excerpt, bind never seems to follow up. <br>
<br>
If I disable qname minimization this is no longer an issue, but I'd rather not, and I don't understand the behavior at all.<br>
<br>
Queries for either <a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a> subdomain from other hosts on other networks to which I have access (all using Unbound for recursion unfortunately) are working as expected. And I'm seeing no other unexplained failures. I keep thinking I should be able to find some other domain which will trigger this behavior, but haven't yet.<br>
<br>
According to users this has been going on since last Wednesday or late last Friday. The domains were resolving week before last based on my own experience, but I don't have logs from more than a few days ago, so I can't demonstrate that conclusively.<br>
<br>
There's some relevant text from named.run below, also a bit of a packet capture, and I'm happy to supply whatever else may be helpful. Trimmed named.conf just a bit, marked where I've done so. All material is from before I thought to turn off qname minimisation.<br>
<br>
I'm totally lost, any thoughts or suggestions are very very welcome.<br>
<br>
Thanks,<br>
<br>
Jason<br>
<br>
<br>
### named.conf:<br>
<br>
acl internals {<br>
<a href="http://127.0.0.0/8" rel="noreferrer" target="_blank">127.0.0.0/8</a>;<br>
<a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a>;<br>
<a href="http://172.16.28.0/24" rel="noreferrer" target="_blank">172.16.28.0/24</a>;<br>
<a href="http://128.25.10.0/24" rel="noreferrer" target="_blank">128.25.10.0/24</a>;<br>
<a href="http://172.16.20.16/28" rel="noreferrer" target="_blank">172.16.20.16/28</a>;<br>
};<br>
<br>
acl nameservers {<br>
<a href="http://172.16.20.23/32" rel="noreferrer" target="_blank">172.16.20.23/32</a>;<br>
<a href="http://172.16.20.22/32" rel="noreferrer" target="_blank">172.16.20.22/32</a>;<br>
<a href="http://172.16.20.30/32" rel="noreferrer" target="_blank">172.16.20.30/32</a>;<br>
};<br>
<br>
logging {<br>
channel rpz.log {<br>
file "/var/log/rpz.log" versions 3 size 5m;<br>
severity info;<br>
print-time yes;<br>
print-severity yes;<br>
print-category yes;<br>
};<br>
channel updates.log {<br>
file "/var/log/ddns.log" versions 3 size 5m;<br>
severity info;<br>
print-time yes;<br>
print-severity yes;<br>
print-category yes;<br>
};<br>
channel query.log {<br>
file "/var/log/query.log" versions 1 size 5m;<br>
severity debug 3;<br>
print-time yes;<br>
print-severity yes;<br>
print-category yes;<br>
};<br>
category queries { query.log; };<br>
category update { updates.log; };<br>
category rpz { rpz.log; };<br>
category lame-servers { null; };<br>
category edns-disabled { null; };<br>
};<br>
<br>
options {<br>
directory "/tmp";<br>
listen-on { 172.16.20.22; 172.16.20.30; };<br>
check-names master warn ;<br>
allow-transfer { nameservers; };<br>
also-notify { 172.16.20.30; 172.16.20.23; };<br>
allow-query { any; };<br>
allow-recursion { internals; };<br>
recursion 1;<br>
dnssec-validation no;<br>
#dnssec-validation auto;<br>
#response-policy { zone rpz.local; };<br>
#response-policy { zone rpz.local; } break-dnssec yes;<br>
};<br>
<br>
key "<a href="http://example.org" rel="noreferrer" target="_blank">example.org</a>" {<br>
# trimmed<br>
};<br>
<br>
key "rndc-key" {<br>
# trimmed<br>
};<br>
<br>
key "external" {<br>
# trimmed<br>
};<br>
<br>
controls {<br>
inet 127.0.0.1 port 953<br>
allow { 127.0.0.1; } keys { "rndc-key"; };<br>
};<br>
<br>
view "internal" {<br>
match-clients { !key external; internals; };<br>
allow-recursion { internals; };<br>
allow-query { any; };<br>
recursion yes;<br>
zone "." {<br>
type hint;<br>
file "/etc/<a href="http://named.ca" rel="noreferrer" target="_blank">named.ca</a>";<br>
};<br>
#zone "rpz.local" {<br>
# type master;<br>
# file "/master/rpz.local.hosts";<br>
# allow-query { localhost; };<br>
# allow-transfer { nameservers; };<br>
# notify yes;<br>
#};<br>
zone "<a href="http://example.org" rel="noreferrer" target="_blank">example.org</a>" {<br>
type master;<br>
file "/master/example.org.internal.hosts";<br>
allow-update { key "<a href="http://example.org" rel="noreferrer" target="_blank">example.org</a>"; };<br>
allow-transfer { nameservers; };<br>
notify yes;<br>
};<br>
#trimmed spare zones<br>
};<br>
<br>
view "external" {<br>
match-clients { key external; any; };<br>
server 172.16.20.23 {<br>
keys external;<br>
provide-ixfr yes;<br>
};<br>
allow-transfer { nameservers; };<br>
allow-query { any; };<br>
allow-recursion { none; };<br>
recursion no;<br>
zone "." {<br>
type hint;<br>
file "/etc/<a href="http://named.ca" rel="noreferrer" target="_blank">named.ca</a>";<br>
};<br>
zone "<a href="http://example.org" rel="noreferrer" target="_blank">example.org</a>" {<br>
type master;<br>
file "/master/example.org.external.hosts";<br>
allow-transfer { nameservers; };<br>
notify yes;<br>
};<br>
#trimmed spare zones<br>
};<br>
<br>
<br>
### trace:<br>
<br>
; <<>> dig 9.10.8-P1 <<>> +trace <a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a><br>
;; global options: +cmd<br>
. 518400 IN NS <a href="http://a.root-servers.net" rel="noreferrer" target="_blank">a.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://b.root-servers.net" rel="noreferrer" target="_blank">b.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://c.root-servers.net" rel="noreferrer" target="_blank">c.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://d.root-servers.net" rel="noreferrer" target="_blank">d.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://e.root-servers.net" rel="noreferrer" target="_blank">e.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://f.root-servers.net" rel="noreferrer" target="_blank">f.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://g.root-servers.net" rel="noreferrer" target="_blank">g.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://h.root-servers.net" rel="noreferrer" target="_blank">h.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://i.root-servers.net" rel="noreferrer" target="_blank">i.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://j.root-servers.net" rel="noreferrer" target="_blank">j.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://k.root-servers.net" rel="noreferrer" target="_blank">k.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://l.root-servers.net" rel="noreferrer" target="_blank">l.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://m.root-servers.net" rel="noreferrer" target="_blank">m.root-servers.net</a>.<br>
. 518400 IN RRSIG NS 8 0 518400 20230409050000 20230327040000 951 . t+KnpQ8krckGR1TKbbnXS0SpqIrkwc6BaloU5aYOAPTLKHIKUqIEF9Iy QmO6dRmqnc83gemskilawqXVZhVj7gxESBCUjagPGBiNIk4gviuUQRVN G+/RhghXu9hj/CXUNEBZOjPK4pqzSu6c16ke5Vqq08HNQ/BGLmKvqaeT Qbr4X90/Q4CUw96KsikR4CLnTE7cH4uVDMSiKCq0tffU0mpoNW9b7Tmu impzaelhnrQf8LFuoXjjZZYqh1wLvrA1idHIcNxGThlTjXEP0do//jx2 Lu+b6qg0DXhvKq9V13j/buoykYIUqQfwptaRE47A0tuYkxJ2vIdDcPBw WrwP7Q==<br>
;; Received 1097 bytes from 198.41.0.4#53(198.41.0.4) in 31 ms<br>
<br>
gov. 172800 IN NS <a href="http://a.gov-servers.net" rel="noreferrer" target="_blank">a.gov-servers.net</a>.<br>
gov. 172800 IN NS <a href="http://b.gov-servers.net" rel="noreferrer" target="_blank">b.gov-servers.net</a>.<br>
gov. 172800 IN NS <a href="http://c.gov-servers.net" rel="noreferrer" target="_blank">c.gov-servers.net</a>.<br>
gov. 172800 IN NS <a href="http://d.gov-servers.net" rel="noreferrer" target="_blank">d.gov-servers.net</a>.<br>
gov. 86400 IN DS 7698 8 2 6BC949E638442EAD0BDAF0935763C8D003760384FF15EBBD5CE86BB5 559561F0<br>
gov. 86400 IN RRSIG DS 8 1 86400 20230409050000 20230327040000 951 . pG2IqTXzt6d59WSPYZhix1N+8+Ho1USjAkK0TLVNDxH/BWWm5KDO1gu+ Ncl2v4u3JAV/0rhzsHCuuEaNwE5yYpjQ4ZBwHAerM61RApO0M8Sll+yy s3Fv/5LtYq0Tga03CmcOYOhqq7XZY8hcsyZKzx9kBz71bWOspEQPhqBV 9KdqNBIhJUEB1+UvB3h+XMHHUNp+rXU9e2XoLdg+0XCWAeAuvSgF03X4 pLfW9n87u6rdVOPum3llk30OUcdmPksSejfNV6ql51Vb6+i5gzaiRfPo 8xmnnzCiznRRJinOIIRICWXPtVzzYzhHOMtyOfi7y5zFnEMrLgO4WvO4 n95HMw==<br>
;; Received 632 bytes from 192.36.148.17#53(<a href="http://i.root-servers.net" rel="noreferrer" target="_blank">i.root-servers.net</a>) in 51 ms<br>
<br>
<a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>. 86400 IN NS <a href="http://dns5.tn.gov" rel="noreferrer" target="_blank">dns5.tn.gov</a>.<br>
<a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>. 86400 IN NS <a href="http://dns4.tn.gov" rel="noreferrer" target="_blank">dns4.tn.gov</a>.<br>
<a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>. 3600 IN DS 57846 7 2 8090B0ABEFE816562BBEA62C42425B20508C9D686D9B61CE8A4A1D56 B29EC37C<br>
<a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>. 3600 IN DS 16161 7 2 688FB0A9319F5C0308CAA3F28DCC81C18B91B622626B7A626D5CCB5F 610B63F4<br>
<a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>. 3600 IN DS 16161 7 1 0C4B91101A1D20CE97068A63C7CD4E8864A4F2F1<br>
<a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>. 3600 IN DS 57846 7 1 85561664845E11764CC868182B2D683084E74365<br>
<a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>. 3600 IN RRSIG DS 8 2 3600 20230401044223 20230325044223 24250 gov. GkK/PcYR7uUkrai1Q3T4W9fulCEVDThEIzZsxrBzujmn0hcfKNB5LCTC SlbheJGtNxss7xGZ+cr44XWDXcL8URc2hc0pVz4zrCTsAgqpcqv0RNJC ZdNXFTKKtDacEnhi4l1JCOG6nWTUeofZFlD++W4TQibRLjTehnna31/V M0Ppx0w5z3BeICN4wnFPSng5hXce9aGSuzVnxBiw7l61IQ==<br>
;; Received 472 bytes from 69.36.153.30#53(<a href="http://c.gov-servers.net" rel="noreferrer" target="_blank">c.gov-servers.net</a>) in 38 ms<br>
<br>
<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>. 300 IN CNAME <a href="http://www.extglb.tn.gov" rel="noreferrer" target="_blank">www.extglb.tn.gov</a>.<br>
<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>. 300 IN RRSIG CNAME 7 3 300 20230407012735 20230308002943 16643 <a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>. DPr9spOSdQs/8zK2DlnGFFk0v8H+16o7g4l7yPcMns7U6txVpnclWrp8 UvLQiPCejVFhSZ0By7sM166vs8c0ar7VBfOzt84zW7cdtkGTZEvB2Nue KDw2gP00MRu7914b+4xawGyzhiuU0tcABn2nElhb2dIrwpF05InxUckq SL0=<br>
<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. 300 IN NS <a href="http://sdcgtm02.tn.gov" rel="noreferrer" target="_blank">sdcgtm02.tn.gov</a>.<br>
<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. 300 IN NS <a href="http://ndcgtm02.tn.gov" rel="noreferrer" target="_blank">ndcgtm02.tn.gov</a>.<br>
<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. 300 IN NS <a href="http://ndcgtm01.tn.gov" rel="noreferrer" target="_blank">ndcgtm01.tn.gov</a>.<br>
<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. 300 IN NS <a href="http://sdcgtm01.tn.gov" rel="noreferrer" target="_blank">sdcgtm01.tn.gov</a>.<br>
<a href="http://7VIFF5QRM0PHTVOHKKJ31SMHH09RAE81.tn.gov" rel="noreferrer" target="_blank">7VIFF5QRM0PHTVOHKKJ31SMHH09RAE81.tn.gov</a>. 600 IN NSEC3 1 0 100 D317AC7ABABEF654 7VP1VJA5RP6KBKTVVS2IP1FCA30S4GF4 NS<br>
<a href="http://7VIFF5QRM0PHTVOHKKJ31SMHH09RAE81.tn.gov" rel="noreferrer" target="_blank">7VIFF5QRM0PHTVOHKKJ31SMHH09RAE81.tn.gov</a>. 600 IN RRSIG NSEC3 7 3 600 20230416173711 20230317173148 16643 <a href="http://tn.gov" rel="noreferrer" target="_blank">tn.gov</a>. ZxWY7y+RLEifC89LyPAtq0TQIPFuH0mrSbSCb3K44IJfqIwM8z7BuKb/ aM7gtPmApI2zxw2XpKaN7AK+XtBXdHJ29IRJQgQTnatIc+v8rU/hws/g fW8C5uQkq0XOU/YAzUGjOmtNdnzSEQZVi9CCYSsw7AqhVlUYssvAMbXE M5I=<br>
;; Received 576 bytes from 170.141.168.22#53(<a href="http://dns5.tn.gov" rel="noreferrer" target="_blank">dns5.tn.gov</a>) in 49 ms<br>
<br>
<br>
### named.run:<br>
<br>
27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386: UDP request<br>
27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386: view internal: using view 'internal'<br>
27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386: view internal: request is not signed<br>
27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386: view internal: recursion available<br>
27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: query (cache) '<a href="http://www.tn.gov/A/IN" rel="noreferrer" target="_blank">www.tn.gov/A/IN</a>' approved<br>
27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_DELEGATION, fname=0x5c37daf000(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.349 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.349 fctx 0x5cc34ea000(<a href="http://www.tn.gov/A" rel="noreferrer" target="_blank">www.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.488 client @0x5c28fe12d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_CNAME, fname=0x5c37daf000(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0<br>
27-Mar-2023 09:46:41.488 client @0x5c28fe12d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_DELEGATION, fname=0x5c37dae840(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0<br>
27-Mar-2023 09:46:41.488 fctx 0x5cc34cb800(<a href="http://www.extglb.tn.gov/A" rel="noreferrer" target="_blank">www.extglb.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:41.488 fctx 0x5cc34cb800(<a href="http://www.extglb.tn.gov/A" rel="noreferrer" target="_blank">www.extglb.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386: UDP request<br>
27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386: view internal: using view 'internal'<br>
27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386: view internal: request is not signed<br>
27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386: view internal: recursion available<br>
27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: query (cache) '<a href="http://www.tn.gov/A/IN" rel="noreferrer" target="_blank">www.tn.gov/A/IN</a>' approved<br>
27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_CNAME, fname=0x5c81007840(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0<br>
27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_DELEGATION, fname=0x5c81008000(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0<br>
27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: request failed: duplicate query<br>
27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: reset client<br>
27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386: UDP request<br>
27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386: view internal: using view 'internal'<br>
27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386: view internal: request is not signed<br>
27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386: view internal: recursion available<br>
27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: query (cache) '<a href="http://www.tn.gov/A/IN" rel="noreferrer" target="_blank">www.tn.gov/A/IN</a>' approved<br>
27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_CNAME, fname=0x5c9a060c60(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0<br>
27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_DELEGATION, fname=0x5c9a060840(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0<br>
27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: request failed: duplicate query<br>
27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: reset client<br>
27-Mar-2023 09:46:51.502 fctx 0x5cc34cb800(<a href="http://www.extglb.tn.gov/A" rel="noreferrer" target="_blank">www.extglb.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:51.502 fctx 0x5cc34cb800(<a href="http://www.extglb.tn.gov/A" rel="noreferrer" target="_blank">www.extglb.tn.gov/A</a>): createfind for 10.0.2.3#26386/6215 - success<br>
27-Mar-2023 09:46:51.502 client @0x5c28fe12d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: rrl=0x0, HAVECOOKIE=0, result=ISC_R_TIMEDOUT, fname=0x5c37dae840(0), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0<br>
27-Mar-2023 09:46:51.502 client @0x5c28fe12d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: query failed (timed out) for <a href="http://www.tn.gov/IN/A" rel="noreferrer" target="_blank">www.tn.gov/IN/A</a> at query.c:7365<br>
27-Mar-2023 09:46:51.502 client @0x5c28fe12d0 10.0.2.3#26386 (<a href="http://www.tn.gov" rel="noreferrer" target="_blank">www.tn.gov</a>): view internal: reset client<br>
<br>
### pcap from bind host:<br>
<br>
10:01:29.932858 172.16.20.30.55396 > 170.141.167.222.53: [bad udp cksum e0f9! -> 1d95] 51443% [1au] A? _.<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 3035, len 84)<br>
0000: 4500 0054 0bdb 0000 4011 752f 6005 471e E..T....@.u/`.G.<br>
0010: aa8d a7de d864 0035 0040 f9e0 c8f3 0010 .....d.5.@......<br>
0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl<br>
0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)<br>
0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..<br>
0050: 9932 9282 .2..<br>
<br>
10:01:30.734907 172.16.20.30.54357 > 170.141.168.22.53: [bad udp cksum 28fa! -> 6fbf] 26020% [1au] A? _.<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(72) (ttl 64, id 31451, len 100)<br>
0000: 4500 0064 7adb 0000 4011 05e7 6005 471e E..dz...@...`.G.<br>
0010: aa8d a816 d455 0035 0050 fa28 65a4 0010 .....U.5.P.(e...<br>
0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl<br>
0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)<br>
0040: 0200 0000 8000 001c 000a 0018 9958 916a .............X.j<br>
0050: a74b b667 0100 0000 6421 a18c e289 661d .K.g....d!....f.<br>
0060: bcb1 c1fd ....<br>
<br>
10:01:31.544914 172.16.20.30.54313 > 170.141.167.222.53: [bad udp cksum e0f9! -> a0ef] 29355% [1au] A? _.<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 50399, len 84)<br>
0000: 4500 0054 c4df 0000 4011 bc2a 6005 471e E..T....@..*`.G.<br>
0010: aa8d a7de d429 0035 0040 f9e0 72ab 0010 .....).5.@..r...<br>
0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl<br>
0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)<br>
0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..<br>
0050: 9932 9282 .2..<br>
<br>
10:01:32.364921 172.16.20.30.53749 > 170.141.168.22.53: [bad udp cksum 28fa! -> 57a9] 32284% [1au] A? _.<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(72) (ttl 64, id 11987, len 100)<br>
0000: 4500 0064 2ed3 0000 4011 51ef 6005 471e E..d....@.Q.`.G.<br>
0010: aa8d a816 d1f5 0035 0050 fa28 7e1c 0010 .......5.P.(~...<br>
0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl<br>
0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)<br>
0040: 0200 0000 8000 001c 000a 0018 9958 916a .............X.j<br>
0050: a74b b667 0100 0000 6421 a18c e289 661d .K.g....d!....f.<br>
0060: bcb1 c1fd ....<br>
<br>
10:01:33.184946 172.16.20.30.58249 > 170.141.167.222.53: [bad udp cksum e0f9! -> b0d8] 31291% [1au] A? _.<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 13338, len 84)<br>
0000: 4500 0054 341a 0000 4011 4cf0 6005 471e E..T4...@.L.`.G.<br>
0010: aa8d a7de e389 0035 0040 f9e0 7a3b 0010 .......5.@..z;..<br>
0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl<br>
0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)<br>
0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..<br>
0050: 9932 9282 .2..<br>
<br>
10:01:33.994938 172.16.20.30.52629 > 170.141.168.22.53: [bad udp cksum 28fa! -> df64] 50932% [1au] A? _.<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(72) (ttl 64, id 42050, len 100)<br>
0000: 4500 0064 a442 0000 4011 dc7f 6005 471e E..d.B..@...`.G.<br>
0010: aa8d a816 cd95 0035 0050 fa28 c6f4 0010 .......5.P.(....<br>
0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl<br>
0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)<br>
0040: 0200 0000 8000 001c 000a 0018 9958 916a .............X.j<br>
0050: a74b b667 0100 0000 6421 a18c e289 661d .K.g....d!....f.<br>
0060: bcb1 c1fd ....<br>
<br>
10:01:34.804940 172.16.20.30.63268 > 170.141.167.222.53: [bad udp cksum e0f9! -> a7a3] 39849% [1au] A? _.<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 34673, len 84)<br>
0000: 4500 0054 8771 0000 4011 f998 6005 471e E..T.q..@...`.G.<br>
0010: aa8d a7de f724 0035 0040 f9e0 9ba9 0010 .....$.5.@......<br>
0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl<br>
0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)<br>
0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..<br>
0050: 9932 9282 .2..<br>
<br>
10:01:36.424895 172.16.20.30.56217 > 170.141.168.22.53: [bad udp cksum 28fa! -> 8669] 46153% [1au] A? _.<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(72) (ttl 64, id 945, len 100)<br>
0000: 4500 0064 03b1 0000 4011 7d11 6005 471e E..d....@.}.`.G.<br>
0010: aa8d a816 db99 0035 0050 fa28 b449 0010 .......5.P.(.I..<br>
0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl<br>
0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)<br>
0040: 0200 0000 8000 001c 000a 0018 9958 916a .............X.j<br>
0050: a74b b667 0100 0000 6421 a18c e289 661d .K.g....d!....f.<br>
0060: bcb1 c1fd ....<br>
<br>
10:01:38.035027 172.16.20.30.53192 > 170.141.167.222.53: [bad udp cksum e0f9! -> 0633] 13223% [1au] A? _.<a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 33306, len 84)<br>
0000: 4500 0054 821a 0000 4011 feef 6005 471e E..T....@...`.G.<br>
0010: aa8d a7de cfc8 0035 0040 f9e0 33a7 0010 .......5.@..3...<br>
0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl<br>
0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)<br>
0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..<br>
0050: 9932 9282 .2..<br>
<br>
10:01:39.945218 172.16.20.30.58268 > 170.141.167.222.53: [bad udp cksum e2f9! -> 7f9c] 15558% [1au] A? <a href="http://www.extglb.tn.gov" rel="noreferrer" target="_blank">www.extglb.tn.gov</a>. ar: . OPT UDPsize=512 DO(58) (ttl 64, id 46842, len 86)<br>
0000: 4500 0056 b6fa 0000 4011 ca0d 6005 471e E..V....@...`.G.<br>
0010: aa8d a7de e39c 0035 0042 f9e2 3cc6 0010 .......5.B..<...<br>
0020: 0001 0000 0000 0001 0377 7777 0665 7874 .........www.ext<br>
0030: 676c 6202 746e 0367 6f76 0000 0100 0100 glb.tn.gov......<br>
0040: 0029 0200 0000 8000 000c 000a 0008 5971 .)............Yq<br>
0050: 94c0 9932 9282 ...2..<br>
<br>
10:01:39.992119 170.141.167.222.53 > 172.16.20.30.58268: 15558- q: A? <a href="http://www.extglb.tn.gov" rel="noreferrer" target="_blank">www.extglb.tn.gov</a>. 0/6/1 ns: <a href="http://extglb.tn.gov" rel="noreferrer" target="_blank">extglb.tn.gov</a>. [5m] NS <a href="http://ndcgtm01.tn.gov" rel="noreferrer" target="_blank">ndcgtm01.tn.gov</a>., extglb.tn.gov.[|domain] (DF) (ttl 43, id 35970, len 448)<br>
0000: 4500 01c0 8c82 4000 2b11 c81b aa8d a7de E.....@.+.......<br>
0010: 6005 471e 0035 e39c 01ac aa2f 3cc6 8010 `.G..5...../<...<br>
0020: 0001 0000 0006 0001 0377 7777 0665 7874 .........www.ext<br>
0030: 676c 6202 746e 0367 6f76 0000 0100 01c0 glb.tn.gov......<br>
0040: 1000 0200 0100 0001 2c00 1108 6e64 6367 ........,...ndcg<br>
0050: 746d 3031 0274 6e03 676f 7600 c010 0002 tm01.tn.gov.....<br>
0060: 0001 0000 012c .....,<br>
<br>
-- <br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>