<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Doing some checking on this locally trying to understand what may
be happening. I stumbled across this:</p>
<p>view.bankeasy.com is a cname to view.gtm.bankeasy.com</p>
<p>However if I try to dig for gtm.bankeasy.com that is where the
oddities show up:</p>
<p><span style="color:#000000;background-color:#ffffff;">dig
@ns1.dakotanames.com gtm.bankeasy.com </span><br>
<br>
; <<>> DiG 9.18.18 <<>>
@ns1.dakotanames.com gtm.bankeasy.com
<br>
; (1 server found)
<br>
;; global options: +cmd
<br>
;; Got answer:
<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
5025
<br>
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
1
<br>
;; WARNING: recursion requested but not available
<br>
<br>
;; OPT PSEUDOSECTION:
<br>
; EDNS: version: 0, flags:; udp: 4096
<br>
;; QUESTION SECTION:
<br>
;gtm.bankeasy.com. IN A
<br>
<br>
;; AUTHORITY SECTION:
<br>
gtm.bankeasy.com. 60 IN SOA
bkx-bigip1-out.ffc.local. hos<br>
tmaster.bkx-bigip1-out.ffc.local. 2023102501 10800 3600 604800 60
<br>
<br>
;; Query time: 52 msec
<br>
;; SERVER: 96.2.250.214#53(ns1.dakotanames.com) (UDP)
<br>
;; WHEN: Fri Oct 27 18:03:58 CDT 2023
<br>
;; MSG SIZE rcvd: 116<br>
<span style="font-family:monospace"><br>
</span></p>
<p><span style="font-family:monospace"></span>Not sure how this
effects things, but the SOA record shows bad info '.local.' I
wonder if this is where the issue is. The authoritive nameserver
and responsible party records are not resolvable.</p>
<p>Maybe someone with more knowledge of DNS and the use of .local.
domain name can shed some light on this.<br>
</p>
<p>Lyle Giese<br>
</p>
<p><br>
<span style="font-family:monospace"></span></p>
<div class="moz-cite-prefix">On 10/27/23 10:36, Michael Martinell
via bind-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:58061a24703e477688b7e49db57c46e5@itccoop.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">At this point I am hoping that somebody
might have a workaround so that we can exclude domains from
this behavior if they are broken on the far end. Does anybody
have a workaround for this?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We are a small ISP and run BIND compiled
from source. We currently run 9.16.x<o:p></o:p></p>
<p class="MsoNormal">Every time we try to move forward with 9.18
customers start to complain that they are unable to reach
certain websites. This includes banks, universities, and
other organizations.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I understand the goal is to get all DNS to
RFC 6891, but from a practical standpoint, this isn’t working
for customers, so we are prevented from upgrading either.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Related website:<o:p></o:p></p>
<p class="MsoNormal"><a
href="https://gitlab.isc.org/isc-projects/bind9/-/issues/3152"
moz-do-not-send="true" class="moz-txt-link-freetext">https://gitlab.isc.org/isc-projects/bind9/-/issues/3152</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Our source code compile options:<o:p></o:p></p>
<p class="MsoNormal">./configure --with-gnu-ld --with-libxml2
--with-json-c --with-openssl=/usr/local/openssl &&
make && make install && ldconfig<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">When I do a dig against a server running
9.18 I get the following:<o:p></o:p></p>
<p style="margin:0in">dig @dns1.itctel.com view.bankeasy.com<o:p></o:p></p>
<p style="margin:0in">; <<>> DiG 9.16.42
<<>> @dns1.itctel.com view.bankeasy.com<o:p></o:p></p>
<p style="margin:0in">; (2 servers found)<o:p></o:p></p>
<p style="margin:0in">;; global options: +cmd<o:p></o:p></p>
<p style="margin:0in">;; Got answer:<o:p></o:p></p>
<p style="margin:0in">;; ->>HEADER<<- opcode: QUERY,
status: SERVFAIL, id: 46906<o:p></o:p></p>
<p style="margin:0in">;; flags: qr rd ra; QUERY: 1, ANSWER: 0,
AUTHORITY: 0, ADDITIONAL: 1<o:p></o:p></p>
<p style="margin:0in">;; OPT PSEUDOSECTION:<o:p></o:p></p>
<p style="margin:0in">; EDNS: version: 0, flags:; udp: 1232<o:p></o:p></p>
<p style="margin:0in">; COOKIE:
d8ce8161641fbfdf01000000653bcf9ad1fff99d24914278 (good)<o:p></o:p></p>
<p style="margin:0in">;; QUESTION SECTION:<o:p></o:p></p>
<p style="margin:0in">;view.bankeasy.com. IN A<o:p></o:p></p>
<p style="margin:0in">;; Query time: 8 msec<o:p></o:p></p>
<p style="margin:0in">;; SERVER:
2607:d600:1000:330:75:102:161:227#53(2607:d600:1000:330:75:102:161:227)<o:p></o:p></p>
<p style="margin:0in">;; WHEN: Fri Oct 27 09:56:26 CDT 2023<o:p></o:p></p>
<p style="margin:0in">;; MSG SIZE rcvd: 74<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The same command resolves just fine when I
run it against 9.16<o:p></o:p></p>
<p class="MsoNormal">dig @dns2.itctel.com view.bankeasy.com<o:p></o:p></p>
<p style="margin:0in">; <<>> DiG 9.16.42
<<>> @dns2.itctel.com view.bankeasy.com<o:p></o:p></p>
<p style="margin:0in">; (2 servers found)<o:p></o:p></p>
<p style="margin:0in">;; global options: +cmd<o:p></o:p></p>
<p style="margin:0in">;; Got answer:<o:p></o:p></p>
<p style="margin:0in">;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id: 30969<o:p></o:p></p>
<p style="margin:0in">;; flags: qr rd ra; QUERY: 1, ANSWER: 2,
AUTHORITY: 0, ADDITIONAL: 1<o:p></o:p></p>
<p style="margin:0in">;; OPT PSEUDOSECTION:<o:p></o:p></p>
<p style="margin:0in">; EDNS: version: 0, flags:; udp: 1232<o:p></o:p></p>
<p style="margin:0in">; COOKIE:
b0ec30c4ddfeacd301000000653bcf9ff140c249344242e0 (good)<o:p></o:p></p>
<p style="margin:0in">;; QUESTION SECTION:<o:p></o:p></p>
<p style="margin:0in">;view.bankeasy.com. IN A<o:p></o:p></p>
<p style="margin:0in">;; ANSWER SECTION:<o:p></o:p></p>
<p style="margin:0in">view.bankeasy.com. 3133 IN CNAME
view.gtm.bankeasy.com.<o:p></o:p></p>
<p style="margin:0in">view.gtm.bankeasy.com. 300 IN A
96.2.250.200<o:p></o:p></p>
<p style="margin:0in">;; Query time: 11 msec<o:p></o:p></p>
<p style="margin:0in">;; SERVER:
2607:d600:9000:330:75:102:160:227#53(2607:d600:9000:330:75:102:160:227)<o:p></o:p></p>
<p style="margin:0in">;; WHEN: Fri Oct 27 09:56:31 CDT 2023<o:p></o:p></p>
<p style="margin:0in">;; MSG SIZE rcvd: 125<o:p></o:p></p>
<p style="margin:0in">[root@brkr-dns2 bind-9.18.12]#<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p style="FONT-SIZE: 10pt; FONT-FAMILY: ARIAL"><strong
style="FONT-FAMILY: Calibri"><span
style="FONT-SIZE: 10pt; FONT-FAMILY: Calibri"><span
style="FONT-FAMILY: Calibri">Michael Martinell</span></span></strong><br
style="FONT-FAMILY: Calibri">
<span style="FONT-SIZE: 9pt; FONT-FAMILY: Calibri"><span
style="FONT-FAMILY: Calibri">Network/Broadband Technician</span></span><br
style="FONT-SIZE: 9pt; FONT-FAMILY: Calibri">
<br style="FONT-FAMILY: Calibri">
<strong style="FONT-FAMILY: Calibri">Interstate
Telecommunications Coop., Inc.<br style="FONT-FAMILY: Calibri">
</strong><span style="FONT-SIZE: 8pt; FONT-FAMILY: Calibri">312
4th Street West • Clear Lake, SD 57226</span><br
style="FONT-FAMILY: Calibri">
<span style="FONT-SIZE: 8pt; FONT-FAMILY: Calibri">Phone: (605)
874-8313</span><br style="FONT-FAMILY: Calibri">
<span style="FONT-SIZE: 8pt; FONT-FAMILY: Calibri"><a class="moz-txt-link-abbreviated" href="mailto:michael.martinell@itccoop.com">michael.martinell@itccoop.com</a></span><br
style="FONT-FAMILY: Calibri">
<span style="FONT-SIZE: 8pt; FONT-FAMILY: Calibri"><a class="moz-txt-link-abbreviated" href="http://www.itc-web.com">www.itc-web.com</a></span></p>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
</blockquote>
</body>
</html>