broken trust chain
Josef Moellers
jmoellers at suse.de
Wed Sep 30 06:27:20 UTC 2020
On 30.09.20 01:23, Mark Andrews wrote:
>
>
>> On 29 Sep 2020, at 18:28, Josef Moellers <jmoellers at suse.de> wrote:
>>
>> On 29.09.20 09:48, Mark Andrews wrote:
>>> Since you are using forwarders
>>>
>>> What does “dig dnskey . +dnssec @217.0.43.1” return?
>>> What does "dig dnskey . +dnssec @192.168.122.1” return?
>>>
>>> If you don’t get ad=1 and a response with signatures like the following
>>> you need to fix your forwarders. DNSSEC requires that forwarders support
>>> DNSSEC and also validate responses to recover from bad answers being sent
>>> to the forwarders unless the only zones being lookup up through them are
>>> unsigned.
>>
>> The first one returns "ad", the second one doesn’t.
>
> Really, you couldn’t cut and paste the responses? I asked what do
> they return, not your interpretation of what they returned.
Excuse me!
# dig dnskey . +dnssec @217.0.43.1
; <<>> DiG 9.11.22 <<>> dnskey . +dnssec @217.0.43.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52582
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;. IN DNSKEY
;; ANSWER SECTION:
. 6548 IN DNSKEY 256 3 8
AwEAAdauOGxLhfAKFTTZwGhBXbk793QKdWIQRjiSftWdusCwkPhNyJrI
jwtNffCWXGLlZAbpcs414RE3oS1qVwV+AdXsO92SBu5haGlxMUk0NqZO
7Xlf84/wrzGZVRRouPo5pNX/CKS8Mv9UOi0olKGCu31dNfh8qCszWZcl
oLDgeLzSnQSkvFoGe69vNCfh7feESKedkBC2qRz0BZv9+oJI0IY/3D7W
EnV0NOlf8gSHozhfJFJ/ZAKtvw/Q3ogrVJFk0LyVaU/NVtVA5FM4pVMI
RID7pfrPi78aAzG7b/Wh/Pce4jPAIpS3dApq25YkvMuPvfB91NMf9Fem Kwlp78PBVcM=
. 6548 IN DNSKEY 257 3 8
AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU=
. 6548 IN DNSKEY 256 3 8
AwEAAfC/6HLClwss6h7rPfoG2cliv4/SPJRd2HPEglRsvKZRbPP2RLfi
obeAkczcdqaD5q8loEt14lcTgDqwzOISZ3YvSVkM4JRMFwKzcjukKo5C
sDVbMmhTD0C0yxWICRQ1M+Y5/XkZAT7mt4cb3fWcN9xgyq1wEXQX+zdL
QHrNEVQSiL5SoA5cOtCSoQ45n8bKDXdw/0jjP9Rw1FVKsdzLVkQSrVMm
8k30WUkHm/SK/n/954KENkdQOA6Li2vO9nicQdegyAkDeNJCdPN/p3jE
hCTQLyO4AlAmyaPcDHeeo7OXr/VsYu4NTDde9hBuS0zx/rewD+BvSnmn NHNmH2FjUE8=
. 6548 IN RRSIG DNSKEY 8 0 172800
20201010000000 20200919000000 20326 .
gNV6AU+66kB5XldvckVd/ldhaWTu0rO589zdyHDODOwQ1murJshvt8cj
Bw3G3G4xO06I1gCKT2HWIJLEEhhvQSRvowbcIW3EocWtTZjeQvCp4U14
49doRAiUblpQi7EIstdOxIzcttvh0VcIRecWV7Fl3kvBzEhpwX42EKXa
WUV58Rrn/43o/bRSgh3XBSDwIuIsZVJiMMvHdgm0a5FM6jNHxuuXT1DL
lXgLQyggm/PFciUKTXAo91f6HiyWGNZY9AfAAlvprPiyFOCjBotvk7F5
Bi5ss1p8mxl522t/8UuSKcFzqE1J3U4IisgEjTkyxnbCJqY/vKJcyPU8 fCzxEg==
;; Query time: 7 msec
;; SERVER: 217.0.43.1#53(217.0.43.1)
;; WHEN: Mi Sep 30 08:25:05 CEST 2020
;; MSG SIZE rcvd: 1139
# dig dnskey . +dnssec @192.168.122.1
; <<>> DiG 9.11.22 <<>> dnskey . +dnssec @192.168.122.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36909
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN DNSKEY
;; ANSWER SECTION:
. 6525 IN DNSKEY 257 3 8
AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU=
. 6525 IN DNSKEY 256 3 8
AwEAAfC/6HLClwss6h7rPfoG2cliv4/SPJRd2HPEglRsvKZRbPP2RLfi
obeAkczcdqaD5q8loEt14lcTgDqwzOISZ3YvSVkM4JRMFwKzcjukKo5C
sDVbMmhTD0C0yxWICRQ1M+Y5/XkZAT7mt4cb3fWcN9xgyq1wEXQX+zdL
QHrNEVQSiL5SoA5cOtCSoQ45n8bKDXdw/0jjP9Rw1FVKsdzLVkQSrVMm
8k30WUkHm/SK/n/954KENkdQOA6Li2vO9nicQdegyAkDeNJCdPN/p3jE
hCTQLyO4AlAmyaPcDHeeo7OXr/VsYu4NTDde9hBuS0zx/rewD+BvSnmn NHNmH2FjUE8=
. 6525 IN DNSKEY 256 3 8
AwEAAdauOGxLhfAKFTTZwGhBXbk793QKdWIQRjiSftWdusCwkPhNyJrI
jwtNffCWXGLlZAbpcs414RE3oS1qVwV+AdXsO92SBu5haGlxMUk0NqZO
7Xlf84/wrzGZVRRouPo5pNX/CKS8Mv9UOi0olKGCu31dNfh8qCszWZcl
oLDgeLzSnQSkvFoGe69vNCfh7feESKedkBC2qRz0BZv9+oJI0IY/3D7W
EnV0NOlf8gSHozhfJFJ/ZAKtvw/Q3ogrVJFk0LyVaU/NVtVA5FM4pVMI
RID7pfrPi78aAzG7b/Wh/Pce4jPAIpS3dApq25YkvMuPvfB91NMf9Fem Kwlp78PBVcM=
;; Query time: 0 msec
;; SERVER: 192.168.122.1#53(192.168.122.1)
;; WHEN: Mi Sep 30 08:25:28 CEST 2020
;; MSG SIZE rcvd: 853
>
>> The problem lies definitely with the local named:
>> sles12-sp4:~ # dig @localhost www.google.com +short
>> sles12-sp4:~ # dig @217.0.43.1 www.google.com +short
>> 172.217.21.196
>> sles12-sp4:~ #
>
> Actually, no it doesn’t. You have already indicated that one of your
> forwarders isn’t doing DNSSEC validation. Remove it from the
> configuration. Named will validate through forwarders but it needs
> forwarders that validate themselves.
The forwarders do not change between tests: I just restart named a few
times and 1 in four times it says "managed-keys-zone: No DNSKEY RRSIGs
found for '.': success" and not addresses are returned by "dig".
Josef
>>> [beetle:~/git/bind9] marka% dig dnskey . +dnssec
>>> ;; BADCOOKIE, retrying.
>>>
>>> ; <<>> DiG 9.15.4 <<>> dnskey . +dnssec
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30449
>>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags: do; udp: 4096
>>> ; COOKIE: fbba811391d46622010000005f72e55e3e7865221fd8a395 (good)
>>> ;; QUESTION SECTION:
>>> ;. IN DNSKEY
>>>
>>> ;; ANSWER SECTION:
>>> . 139753 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU=
>>> . 139753 IN DNSKEY 256 3 8 AwEAAdauOGxLhfAKFTTZwGhBXbk793QKdWIQRjiSftWdusCwkPhNyJrI jwtNffCWXGLlZAbpcs414RE3oS1qVwV+AdXsO92SBu5haGlxMUk0NqZO 7Xlf84/wrzGZVRRouPo5pNX/CKS8Mv9UOi0olKGCu31dNfh8qCszWZcl oLDgeLzSnQSkvFoGe69vNCfh7feESKedkBC2qRz0BZv9+oJI0IY/3D7W EnV0NOlf8gSHozhfJFJ/ZAKtvw/Q3ogrVJFk0LyVaU/NVtVA5FM4pVMI RID7pfrPi78aAzG7b/Wh/Pce4jPAIpS3dApq25YkvMuPvfB91NMf9Fem Kwlp78PBVcM=
>>> . 139753 IN DNSKEY 256 3 8 AwEAAfC/6HLClwss6h7rPfoG2cliv4/SPJRd2HPEglRsvKZRbPP2RLfi obeAkczcdqaD5q8loEt14lcTgDqwzOISZ3YvSVkM4JRMFwKzcjukKo5C sDVbMmhTD0C0yxWICRQ1M+Y5/XkZAT7mt4cb3fWcN9xgyq1wEXQX+zdL QHrNEVQSiL5SoA5cOtCSoQ45n8bKDXdw/0jjP9Rw1FVKsdzLVkQSrVMm 8k30WUkHm/SK/n/954KENkdQOA6Li2vO9nicQdegyAkDeNJCdPN/p3jE hCTQLyO4AlAmyaPcDHeeo7OXr/VsYu4NTDde9hBuS0zx/rewD+BvSnmn NHNmH2FjUE8=
>>> . 139753 IN RRSIG DNSKEY 8 0 172800 20201010000000 20200919000000 20326 . gNV6AU+66kB5XldvckVd/ldhaWTu0rO589zdyHDODOwQ1murJshvt8cj Bw3G3G4xO06I1gCKT2HWIJLEEhhvQSRvowbcIW3EocWtTZjeQvCp4U14 49doRAiUblpQi7EIstdOxIzcttvh0VcIRecWV7Fl3kvBzEhpwX42EKXa WUV58Rrn/43o/bRSgh3XBSDwIuIsZVJiMMvHdgm0a5FM6jNHxuuXT1DL lXgLQyggm/PFciUKTXAo91f6HiyWGNZY9AfAAlvprPiyFOCjBotvk7F5 Bi5ss1p8mxl522t/8UuSKcFzqE1J3U4IisgEjTkyxnbCJqY/vKJcyPU8 fCzxEg==
>>>
>>> ;; Query time: 0 msec
>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>>> ;; WHEN: Tue Sep 29 17:42:22 AEST 2020
>>> ;; MSG SIZE rcvd: 1169
>>>
>>> [beetle:~/git/bind9] marka%
>>>
>>>
>>>
>>>> On 29 Sep 2020, at 17:14, Josef Moellers <jmoellers at suse.de> wrote:
>>>>
>>>> On 28.09.20 16:35, Jeremy C. Reed wrote:
>>>>> Let's get more logging. Enable more debugging in named.
>>>>
>>>> It is already running with -d 5
>>>>
>>>>> What made named think that name should be DNSSEC signed in the first
>>>>> place?
>>>>
>>>> Because the default is "dnssec-validation yes" and there is no other
>>>> directive.
>>>> Also, in 3 out of 4 test runs it works flawlessly ("Key 20326 for zone .
>>>> acceptance timer complete: key now trusted"), in the one case in 4 it
>>>> complains about "No DNSKEY RRSIGs found for '.'"
>>>>
>>>>>
>>>>> Do you only have the problem resolving the single name and it doesn't
>>>>> happen every time?
>>>>
>>>> It happens every time when the error message about the DNSKEY RRSIGs is
>>>> issued and it does not happen at all when the message about the trusted
>>>> key is issued.
>>>> And it is independent upon the name searched for:
>>>>
>>>> sles12-sp4:~ # dig @192.168.122.1 www.google.com +short
>>>> 216.58.208.36
>>>> sles12-sp4:~ # dig @localhost www.google.com +short
>>>> sles12-sp4:~ #
>>>>
>>>>> Does the problem ever happen without using your forwarders?
>>>>
>>>> No:
>>>>
>>>> sles12-sp4:~ # dig @192.168.122.1 www.suse.de +short
>>>> redirector.suse.com.
>>>> fra-alb-p-redirector-01-1686471185.eu-central-1.elb.amazonaws.com.
>>>> 18.157.240.156
>>>> 52.28.35.86
>>>> sles12-sp4:~ # dig @localhost www.suse.de +short
>>>> sles12-sp4:~ #
>>>>
>>>>> Also do the query with delv -d99 and record that verbose output.
>>>>
>>>> ;; socket 0x7ff2a4000010: created
>>>>
>>>> ;; socket 0x7ff2a4000010 0.0.0.0#57450: bound
>>>>
>>>> ;; dispatchmgr 0x7ff2a3ffb010: dns_dispatch_createudp: Created UDP
>>>> dispatch for 0.0.0.0#0 with socket fd 20
>>>> ;; dispatchmgr 0x7ff2a3ffb010: created UDP dispatcher 0x22536f0
>>>>
>>>> ;; dispatch 0x22536f0: created task 0x7ff2a3fef1a0
>>>>
>>>> ;; dispatch 0x22536f0: created socket 0x7ff2a4000010
>>>>
>>>> ;; socket 0x7ff2a4000270: created
>>>>
>>>> ;; socket 0x7ff2a4000270 ::#39765: bound
>>>>
>>>> ;; dispatchmgr 0x7ff2a3ffb010: dns_dispatch_createudp: Created UDP
>>>> dispatch for ::#0 with socket fd 21
>>>> ;; dispatchmgr 0x7ff2a3ffb010: created UDP dispatcher 0x2253120
>>>> ;; dispatch 0x2253120: created task 0x7ff2a3fef268
>>>> ;; dispatch 0x2253120: created socket 0x7ff2a4000270
>>>> ;; adb: task-exclusive mode unavailable, initializing table sizes to 49193
>>>>
>>>> ;; dns_requestmgr_create
>>>> ;; dns_requestmgr_create: 0x7ff2a4021010
>>>> ;; dns_requestmgr_whenshutdown
>>>> ;; socket 0x7ff2a3ead010: created
>>>> ;; socket 0x7ff2a3ead010 0.0.0.0#40118: bound
>>>> ;; dispatchmgr 0x7ff2a3ea7010: dns_dispatch_createudp: Created UDP
>>>> dispatch for 0.0.0.0#0 with socket fd 22
>>>> ;; dispatchmgr 0x7ff2a3ea7010: created UDP dispatcher 0x3968290
>>>> ;; dispatch 0x3968290: created task 0x7ff2a3ea0268
>>>> ;; dispatch 0x3968290: created socket 0x7ff2a3ead010
>>>> ;; socket 0x7ff2a3ead270: created
>>>> ;; socket 0x7ff2a3ead270 ::#54166: bound
>>>> ;; dispatchmgr 0x7ff2a3ea7010: dns_dispatch_createudp: Created UDP
>>>> dispatch for ::#0 with socket fd 23
>>>> ;; dispatchmgr 0x7ff2a3ea7010: created UDP dispatcher 0x3967cc0
>>>> ;; dispatch 0x3967cc0: created task 0x7ff2a3ea0330
>>>> ;; dispatch 0x3967cc0: created socket 0x7ff2a3ead270
>>>> ;; adb: task-exclusive mode unavailable, initializing table sizes to 49193
>>>>
>>>> ;; dns_requestmgr_create
>>>> ;; dns_requestmgr_create: 0x7ff2a3ed1010
>>>> ;; dns_requestmgr_whenshutdown
>>>> ;; fetch: localhost/A
>>>> ;; log_ns_ttl: fctx 0x4fd6ca0: fctx_create: localhost (in '.'?): 0 0
>>>> ;; findaddrinfo: new entry 0x7ff29cadf128
>>>> ;; findaddrinfo: new entry 0x7ff29cadf010
>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbe98 217.0.43.1#53: attached to
>>>> task 0x7ff2a3ea0970
>>>> ;; socket 0x7ff2a3ead010: socket_recv: event 0x7ff2a3edc6f0 -> task
>>>> 0x7ff2a3ea0268
>>>> ;; sending packet to 217.0.43.1#53
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52687
>>>> ;; flags: rd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>> ; COOKIE: fb39bcd1c3e747d5
>>>> ;; QUESTION SECTION:
>>>> ;localhost. IN A
>>>>
>>>>
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -3 for socket 22
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>> ;; fetch: localhost/AAAA
>>>> ;; log_ns_ttl: fctx 0x4fd9140: fctx_create: localhost (in '.'?): 0 0
>>>> ;; findaddrinfo: found entry 0x7ff29cadf128
>>>> ;; findaddrinfo: found entry 0x7ff29cadf010
>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbda0 217.0.43.1#53: attached to
>>>> task 0x7ff2a3ea0970
>>>> ;; sending packet to 217.0.43.1#53
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50536
>>>> ;; flags: rd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>> ; COOKIE: fb39bcd1c3e747d5
>>>> ;; QUESTION SECTION:
>>>> ;localhost. IN AAAA
>>>>
>>>>
>>>> ;; socket 0x7ff2a3ead010: dispatch_recv: event 0x7ff2a3edc6f0 -> task
>>>> 0x7ff2a3ea0268
>>>> ;; socket 0x7ff2a3ead010: internal_recv: task 0x7ff2a3ea0268 got event
>>>> 0x7ff2a3ead0d8
>>>> ;; socket 0x7ff2a3ead010 217.0.43.1#53: packet received correctly
>>>> ;; socket 0x7ff2a3ead010: processing cmsg 0x7ff29e387c50
>>>> ;; socket 0x7ff2a3ead010: processing cmsg 0x7ff29e387c70
>>>> ;; dispatch 0x3968290: got packet: requests 2, buffers 1, recvs 1
>>>> ;; dispatch 0x3968290: got valid DNS message header, /QR 1, id 52687
>>>> ;; dispatch 0x3968290: search for response in bucket 6561: found
>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbe98 217.0.43.1#53: [a] Sent
>>>> event 0x7ff2a3eac9e8 buffer 0x7ff298021ac0 len 4096 to task 0x7ff2a3ea0970
>>>> ;; socket 0x7ff2a3ead010: socket_recv: event 0x7ff2a3edc590 -> task
>>>> 0x7ff2a3ea0268
>>>> ;; received packet from 217.0.43.1#53
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52687
>>>> ;; flags: qr rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>> ;; QUESTION SECTION:
>>>> ;localhost. IN A
>>>>
>>>> ;; ANSWER SECTION:
>>>> ;localhost. 86400 IN A 127.0.0.1
>>>>
>>>>
>>>> ;; log_ns_ttl: fctx 0x4fd6ca0: answer_response: localhost (in '.'?): 0 0
>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbe98 217.0.43.1#53: detaching
>>>> from task 0x7ff2a3ea0970
>>>> ;; dispatch 0x3968290: detach: refcount 5
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -3 for socket 22
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>> ;; socket 0x7ff2a3ead010: dispatch_recv: event 0x7ff2a3edc590 -> task
>>>> 0x7ff2a3ea0268
>>>> ;; socket 0x7ff2a3ead010: internal_recv: task 0x7ff2a3ea0268 got event
>>>> 0x7ff2a3ead0d8
>>>> ;; socket 0x7ff2a3ead010 217.0.43.1#53: packet received correctly
>>>> ;; socket 0x7ff2a3ead010: processing cmsg 0x7ff29e387c50
>>>> ;; socket 0x7ff2a3ead010: processing cmsg 0x7ff29e387c70
>>>> ;; dispatch 0x3968290: got packet: requests 1, buffers 1, recvs 1
>>>> ;; dispatch 0x3968290: got valid DNS message header, /QR 1, id 50536
>>>> ;; dispatch 0x3968290: search for response in bucket 4142: found
>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbda0 217.0.43.1#53: [a] Sent
>>>> event 0x7ff2a3eac9e8 buffer 0x7ff298020ab0 len 4096 to task 0x7ff2a3ea0970
>>>> ;; socket 0x7ff2a3ead010: socket_recv: event 0x7ff2a3edc6f0 -> task
>>>> 0x7ff2a3ea0268
>>>> ;; received packet from 217.0.43.1#53
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50536
>>>> ;; flags: qr rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>> ;; QUESTION SECTION:
>>>> ;localhost. IN AAAA
>>>>
>>>> ;; ANSWER SECTION:
>>>> ;localhost. 86400 IN AAAA ::1
>>>>
>>>>
>>>> ;; log_ns_ttl: fctx 0x4fd9140: answer_response: localhost (in '.'?): 0 0
>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbda0 217.0.43.1#53: detaching
>>>> from task 0x7ff2a3ea0970
>>>> ;; dispatch 0x3968290: detach: refcount 3
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -3 for socket 22
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>> ;; dns_requestmgr_shutdown: 0x7ff2a3ed1010
>>>> ;; send_shutdown_events: 0x7ff2a3ed1010
>>>> ;; dispatch 0x3968290: detach: refcount 2
>>>> ;; dispatch 0x3967cc0: detach: refcount 2
>>>> ;; dispatchmgr 0x7ff2a3ea7010: destroy_mgr_ok: shuttingdown=1,
>>>> listnonempty=1, depool=2, rpool=0, dpool=2
>>>> ;; dispatchmgr 0x7ff2a3ea7010: destroy: killit=0
>>>> ;; dispatch 0x3968290: detach: refcount 1
>>>> ;; dispatch 0x3967cc0: detach: refcount 1
>>>> ;; dns_requestmgr_detach: 0x7ff2a3ed1010: eref 0 iref 0
>>>> ;; mgr_destroy
>>>> ;; dispatch 0x3968290: detach: refcount 0
>>>> ;; dispatch 0x3967cc0: detach: refcount 0
>>>> ;; dispatch 0x3968290: got packet: requests 0, buffers 1, recvs 1
>>>> ;; dispatch 0x3968290: shutting down; detaching from sock
>>>> 0x7ff2a3ead010, task 0x7ff2a3ea0268
>>>> ;; socket 0x7ff2a3ead010: destroying
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -5 for socket 22
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>> ;; dispatchmgr 0x7ff2a3ea7010: destroy_mgr_ok: shuttingdown=1,
>>>> listnonempty=1, depool=1, rpool=0, dpool=1
>>>> ;; dispatch 0x3967cc0: shutting down; detaching from sock
>>>> 0x7ff2a3ead270, task 0x7ff2a3ea0330
>>>> ;; socket 0x7ff2a3ead270: destroying
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -5 for socket 23
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>> ;; dispatchmgr 0x7ff2a3ea7010: destroy_mgr_ok: shuttingdown=1,
>>>> listnonempty=0, depool=0, rpool=0, dpool=0
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -1 for socket 0
>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher exiting
>>>> ;; adding trust anchor .
>>>> ;; fetch: www.suse.de/A
>>>> ;; log_ns_ttl: fctx 0x38fac90: fctx_create: www.suse.de (in '.'?): 0 0
>>>> ;; findaddrinfo: new entry 0x7ff2a3f48128
>>>> ;; findaddrinfo: new entry 0x7ff2a3f48010
>>>> ;; dispatch 0x22536f0 response 0x38c0b08 127.0.0.1#53: attached to task
>>>> 0x7ff2a401c970
>>>> ;; socket 0x7ff2a4000010: socket_recv: event 0x38c1360 -> task
>>>> 0x7ff2a3fef1a0
>>>> ;; sending packet to 127.0.0.1#53
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45107
>>>> ;; flags: rd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>> ; COOKIE: fbbf2d870fd1a427
>>>> ;; QUESTION SECTION:
>>>> ;www.suse.de. IN A
>>>>
>>>>
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -3 for socket 20
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>> ;; socket 0x7ff2a4000010: dispatch_recv: event 0x38c1360 -> task
>>>> 0x7ff2a3fef1a0
>>>> ;; socket 0x7ff2a4000010: internal_recv: task 0x7ff2a3fef1a0 got event
>>>> 0x7ff2a40000d8
>>>> ;; socket 0x7ff2a4000010 127.0.0.1#53: packet received correctly
>>>> ;; socket 0x7ff2a4000010: processing cmsg 0x7ff2a0250c50
>>>> ;; socket 0x7ff2a4000010: processing cmsg 0x7ff2a0250c70
>>>> ;; dispatch 0x22536f0: got packet: requests 1, buffers 1, recvs 1
>>>> ;; dispatch 0x22536f0: got valid DNS message header, /QR 1, id 45107
>>>> ;; dispatch 0x22536f0: search for response in bucket 10407: found
>>>> ;; dispatch 0x22536f0 response 0x38c0b08 127.0.0.1#53: [a] Sent event
>>>> 0x7ff2a3fff9e8 buffer 0x7ff298021ac0 len 4096 to task 0x7ff2a401c970
>>>> ;; socket 0x7ff2a4000010: socket_recv: event 0x38c1200 -> task
>>>> 0x7ff2a3fef1a0
>>>> ;; received packet from 127.0.0.1#53
>>>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45107
>>>> ;; flags: qr rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags: do; udp: 4096
>>>> ; COOKIE: fbbf2d870fd1a427a559e12a5f72de0d1f7d573673bd484f
>>>> ;; QUESTION SECTION:
>>>> ;www.suse.de. IN A
>>>>
>>>>
>>>> ;; dispatch 0x22536f0 response 0x38c0b08 127.0.0.1#53: detaching from
>>>> task 0x7ff2a401c970
>>>> ;; dispatch 0x22536f0: detach: refcount 3
>>>> ;; dispatch 0x2253120 response 0x38c0b08 ::1#53: attached to task
>>>> 0x7ff2a401c970
>>>> ;; socket 0x7ff2a4000270: socket_recv: event 0x38c2a40 -> task
>>>> 0x7ff2a3fef268
>>>> ;; sending packet to ::1#53
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58627
>>>> ;; flags: rd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>> ; COOKIE: 07a6fee537d54a89
>>>> ;; QUESTION SECTION:
>>>> ;www.suse.de. IN A
>>>>
>>>>
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -3 for socket 20
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -3 for socket 21
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>> ;; socket 0x7ff2a4000270: dispatch_recv: event 0x38c2a40 -> task
>>>> 0x7ff2a3fef268
>>>> ;; socket 0x7ff2a4000270: internal_recv: task 0x7ff2a3fef268 got event
>>>> 0x7ff2a4000338
>>>> ;; socket 0x7ff2a4000270 ::1#53: packet received correctly
>>>> ;; socket 0x7ff2a4000270: processing cmsg 0x7ff2a0250c50
>>>> ;; socket 0x7ff2a4000270: processing cmsg 0x7ff2a0250c70
>>>> ;; socket 0x7ff2a4000270: interface received on ifindex 1
>>>> ;; socket 0x7ff2a4000270: processing cmsg 0x7ff2a0250c98
>>>> ;; dispatch 0x2253120: got packet: requests 1, buffers 2, recvs 1
>>>> ;; dispatch 0x2253120: got valid DNS message header, /QR 1, id 58627
>>>> ;; dispatch 0x2253120: search for response in bucket 14157: found
>>>> ;; dispatch 0x2253120 response 0x38c0b08 ::1#53: [a] Sent event
>>>> 0x7ff2a3fff9e8 buffer 0x7ff298021ac0 len 4096 to task 0x7ff2a401c970
>>>> ;; socket 0x7ff2a4000270: socket_recv: event 0x38c28e0 -> task
>>>> 0x7ff2a3fef268
>>>> ;; received packet from ::1#53
>>>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58627
>>>> ;; flags: qr rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags: do; udp: 4096
>>>> ; COOKIE: 07a6fee537d54a89e5d496475f72de0d19ecfdc75acdcb42
>>>> ;; QUESTION SECTION:
>>>> ;www.suse.de. IN A
>>>>
>>>>
>>>> ;; dispatch 0x2253120 response 0x38c0b08 ::1#53: detaching from task
>>>> 0x7ff2a401c970
>>>> ;; dispatch 0x2253120: detach: refcount 3
>>>> ;; findaddrinfo: found entry 0x7ff2a3f48128
>>>> ;; findaddrinfo: found entry 0x7ff2a3f48010
>>>> ;; resolution failed: SERVFAIL
>>>> ;; dns_requestmgr_shutdown: 0x7ff2a4021010
>>>> ;; send_shutdown_events: 0x7ff2a4021010
>>>> ;; dispatch 0x22536f0: detach: refcount 2
>>>> ;; dispatch 0x2253120: detach: refcount 2
>>>> ;; dispatchmgr 0x7ff2a3ffb010: destroy_mgr_ok: shuttingdown=1,
>>>> listnonempty=1, depool=2, rpool=0, dpool=2
>>>> ;; dispatchmgr 0x7ff2a3ffb010: destroy: killit=0
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -3 for socket 21
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>> ;; dispatch 0x22536f0: detach: refcount 1
>>>> ;; dispatch 0x2253120: detach: refcount 1
>>>> ;; dns_requestmgr_detach: 0x7ff2a4021010: eref 0 iref 0
>>>> ;; mgr_destroy
>>>> ;; dispatch 0x22536f0: detach: refcount 0
>>>> ;; dispatch 0x2253120: detach: refcount 0
>>>> ;; calling free_rbtdb(.)
>>>> ;; done free_rbtdb(.)
>>>> ;; dispatch 0x22536f0: got packet: requests 0, buffers 2, recvs 1
>>>> ;; dispatch 0x22536f0: shutting down; detaching from sock
>>>> 0x7ff2a4000010, task 0x7ff2a3fef1a0
>>>> ;; socket 0x7ff2a4000010: destroying
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -5 for socket 20
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>> ;; dispatchmgr 0x7ff2a3ffb010: destroy_mgr_ok: shuttingdown=1,
>>>> listnonempty=1, depool=1, rpool=0, dpool=1
>>>> ;; dispatch 0x2253120: got packet: requests 0, buffers 1, recvs 1
>>>> ;; dispatch 0x2253120: shutting down; detaching from sock
>>>> 0x7ff2a4000270, task 0x7ff2a3fef268
>>>> ;; socket 0x7ff2a4000270: destroying
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -5 for socket 21
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>> ;; dispatchmgr 0x7ff2a3ffb010: destroy_mgr_ok: shuttingdown=1,
>>>> listnonempty=0, depool=0, rpool=0, dpool=0
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -1 for socket 0
>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher exiting
>>>>
>>>>
>>>> --
>>>> SUSE Software Solutions Germany GmbH
>>>> Maxfeldstr. 5
>>>> 90409 Nürnberg
>>>> Germany
>>>>
>>>> (HRB 36809, AG Nürnberg)
>>>> Geschäftsführer: Felix Imendörffer
>>>> _______________________________________________
>>>> bind-workers mailing list
>>>> bind-workers at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-workers
>>>
>>
>>
>> --
>> SUSE Software Solutions Germany GmbH
>> Maxfeldstr. 5
>> 90409 Nürnberg
>> Germany
>>
>> (HRB 36809, AG Nürnberg)
>> Geschäftsführer: Felix Imendörffer
>
--
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer
More information about the bind-workers
mailing list