broken trust chain
Josef Moellers
jmoellers at suse.de
Wed Sep 30 07:36:23 UTC 2020
Hi Mark,
Thanks for the quick reply. I still don't know why this worked with
9.11.2 and why this works 3 out of 4 times, but that is probably due to
some races.
Josef
On 30.09.20 08:52, Mark Andrews wrote:
>
>
>> On 30 Sep 2020, at 16:27, Josef Moellers <jmoellers at suse.de> wrote:
>>
>> On 30.09.20 01:23, Mark Andrews wrote:
>>>
>>>
>>>> On 29 Sep 2020, at 18:28, Josef Moellers <jmoellers at suse.de> wrote:
>>>>
>>>> On 29.09.20 09:48, Mark Andrews wrote:
>>>>> Since you are using forwarders
>>>>>
>>>>> What does “dig dnskey . +dnssec @217.0.43.1” return?
>>>>> What does "dig dnskey . +dnssec @192.168.122.1” return?
>>>>>
>>>>> If you don’t get ad=1 and a response with signatures like the following
>>>>> you need to fix your forwarders. DNSSEC requires that forwarders support
>>>>> DNSSEC and also validate responses to recover from bad answers being sent
>>>>> to the forwarders unless the only zones being lookup up through them are
>>>>> unsigned.
>>>>
>>>> The first one returns "ad", the second one doesn’t.
>>>
>>> Really, you couldn’t cut and paste the responses? I asked what do
>>> they return, not your interpretation of what they returned.
>>
>> Excuse me!
>>
>> # dig dnskey . +dnssec @217.0.43.1
>>
>> ; <<>> DiG 9.11.22 <<>> dnskey . +dnssec @217.0.43.1
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52582
>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags: do; udp: 512
>> ;; QUESTION SECTION:
>> ;. IN DNSKEY
>>
>> ;; ANSWER SECTION:
>> . 6548 IN DNSKEY 256 3 8
>> AwEAAdauOGxLhfAKFTTZwGhBXbk793QKdWIQRjiSftWdusCwkPhNyJrI
>> jwtNffCWXGLlZAbpcs414RE3oS1qVwV+AdXsO92SBu5haGlxMUk0NqZO
>> 7Xlf84/wrzGZVRRouPo5pNX/CKS8Mv9UOi0olKGCu31dNfh8qCszWZcl
>> oLDgeLzSnQSkvFoGe69vNCfh7feESKedkBC2qRz0BZv9+oJI0IY/3D7W
>> EnV0NOlf8gSHozhfJFJ/ZAKtvw/Q3ogrVJFk0LyVaU/NVtVA5FM4pVMI
>> RID7pfrPi78aAzG7b/Wh/Pce4jPAIpS3dApq25YkvMuPvfB91NMf9Fem Kwlp78PBVcM=
>> . 6548 IN DNSKEY 257 3 8
>> AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
>> +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
>> ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
>> 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
>> oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
>> RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU=
>> . 6548 IN DNSKEY 256 3 8
>> AwEAAfC/6HLClwss6h7rPfoG2cliv4/SPJRd2HPEglRsvKZRbPP2RLfi
>> obeAkczcdqaD5q8loEt14lcTgDqwzOISZ3YvSVkM4JRMFwKzcjukKo5C
>> sDVbMmhTD0C0yxWICRQ1M+Y5/XkZAT7mt4cb3fWcN9xgyq1wEXQX+zdL
>> QHrNEVQSiL5SoA5cOtCSoQ45n8bKDXdw/0jjP9Rw1FVKsdzLVkQSrVMm
>> 8k30WUkHm/SK/n/954KENkdQOA6Li2vO9nicQdegyAkDeNJCdPN/p3jE
>> hCTQLyO4AlAmyaPcDHeeo7OXr/VsYu4NTDde9hBuS0zx/rewD+BvSnmn NHNmH2FjUE8=
>> . 6548 IN RRSIG DNSKEY 8 0 172800
>> 20201010000000 20200919000000 20326 .
>> gNV6AU+66kB5XldvckVd/ldhaWTu0rO589zdyHDODOwQ1murJshvt8cj
>> Bw3G3G4xO06I1gCKT2HWIJLEEhhvQSRvowbcIW3EocWtTZjeQvCp4U14
>> 49doRAiUblpQi7EIstdOxIzcttvh0VcIRecWV7Fl3kvBzEhpwX42EKXa
>> WUV58Rrn/43o/bRSgh3XBSDwIuIsZVJiMMvHdgm0a5FM6jNHxuuXT1DL
>> lXgLQyggm/PFciUKTXAo91f6HiyWGNZY9AfAAlvprPiyFOCjBotvk7F5
>> Bi5ss1p8mxl522t/8UuSKcFzqE1J3U4IisgEjTkyxnbCJqY/vKJcyPU8 fCzxEg==
>>
>> ;; Query time: 7 msec
>> ;; SERVER: 217.0.43.1#53(217.0.43.1)
>> ;; WHEN: Mi Sep 30 08:25:05 CEST 2020
>> ;; MSG SIZE rcvd: 1139
>>
>> # dig dnskey . +dnssec @192.168.122.1
>>
>> ; <<>> DiG 9.11.22 <<>> dnskey . +dnssec @192.168.122.1
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36909
>>
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
>>
>>
>>
>> ;; OPT PSEUDOSECTION:
>>
>> ; EDNS: version: 0, flags:; udp: 4096
>>
>> ;; QUESTION SECTION:
>>
>> ;. IN DNSKEY
>>
>>
>>
>> ;; ANSWER SECTION:
>>
>> . 6525 IN DNSKEY 257 3 8
>> AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
>> +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
>> ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
>> 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
>> oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
>> RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU=
>> . 6525 IN DNSKEY 256 3 8
>> AwEAAfC/6HLClwss6h7rPfoG2cliv4/SPJRd2HPEglRsvKZRbPP2RLfi
>> obeAkczcdqaD5q8loEt14lcTgDqwzOISZ3YvSVkM4JRMFwKzcjukKo5C
>> sDVbMmhTD0C0yxWICRQ1M+Y5/XkZAT7mt4cb3fWcN9xgyq1wEXQX+zdL
>> QHrNEVQSiL5SoA5cOtCSoQ45n8bKDXdw/0jjP9Rw1FVKsdzLVkQSrVMm
>> 8k30WUkHm/SK/n/954KENkdQOA6Li2vO9nicQdegyAkDeNJCdPN/p3jE
>> hCTQLyO4AlAmyaPcDHeeo7OXr/VsYu4NTDde9hBuS0zx/rewD+BvSnmn NHNmH2FjUE8=
>> . 6525 IN DNSKEY 256 3 8
>> AwEAAdauOGxLhfAKFTTZwGhBXbk793QKdWIQRjiSftWdusCwkPhNyJrI
>> jwtNffCWXGLlZAbpcs414RE3oS1qVwV+AdXsO92SBu5haGlxMUk0NqZO
>> 7Xlf84/wrzGZVRRouPo5pNX/CKS8Mv9UOi0olKGCu31dNfh8qCszWZcl
>> oLDgeLzSnQSkvFoGe69vNCfh7feESKedkBC2qRz0BZv9+oJI0IY/3D7W
>> EnV0NOlf8gSHozhfJFJ/ZAKtvw/Q3ogrVJFk0LyVaU/NVtVA5FM4pVMI
>> RID7pfrPi78aAzG7b/Wh/Pce4jPAIpS3dApq25YkvMuPvfB91NMf9Fem Kwlp78PBVcM=
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 192.168.122.1#53(192.168.122.1)
>> ;; WHEN: Mi Sep 30 08:25:28 CEST 2020
>> ;; MSG SIZE rcvd: 853
>
> Thank you. You will note that 192.168.122.1 is not returning
> RRSIG records in the response to the DNSKEY query as the server
> is not DNSSEC capable. DNSSEC validation will NOT work through
> this server. Remove 192.168.122.1 from your forwarders.
>
> Mark
>
>>>> The problem lies definitely with the local named:
>>>> sles12-sp4:~ # dig @localhost www.google.com +short
>>>> sles12-sp4:~ # dig @217.0.43.1 www.google.com +short
>>>> 172.217.21.196
>>>> sles12-sp4:~ #
>>>
>>> Actually, no it doesn’t. You have already indicated that one of your
>>> forwarders isn’t doing DNSSEC validation. Remove it from the
>>> configuration. Named will validate through forwarders but it needs
>>> forwarders that validate themselves.
>>
>> The forwarders do not change between tests: I just restart named a few
>> times and 1 in four times it says "managed-keys-zone: No DNSKEY RRSIGs
>> found for '.': success" and not addresses are returned by "dig”.
>
>> Josef
>>
>>>>> [beetle:~/git/bind9] marka% dig dnskey . +dnssec
>>>>> ;; BADCOOKIE, retrying.
>>>>>
>>>>> ; <<>> DiG 9.15.4 <<>> dnskey . +dnssec
>>>>> ;; global options: +cmd
>>>>> ;; Got answer:
>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30449
>>>>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
>>>>>
>>>>> ;; OPT PSEUDOSECTION:
>>>>> ; EDNS: version: 0, flags: do; udp: 4096
>>>>> ; COOKIE: fbba811391d46622010000005f72e55e3e7865221fd8a395 (good)
>>>>> ;; QUESTION SECTION:
>>>>> ;. IN DNSKEY
>>>>>
>>>>> ;; ANSWER SECTION:
>>>>> . 139753 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU=
>>>>> . 139753 IN DNSKEY 256 3 8 AwEAAdauOGxLhfAKFTTZwGhBXbk793QKdWIQRjiSftWdusCwkPhNyJrI jwtNffCWXGLlZAbpcs414RE3oS1qVwV+AdXsO92SBu5haGlxMUk0NqZO 7Xlf84/wrzGZVRRouPo5pNX/CKS8Mv9UOi0olKGCu31dNfh8qCszWZcl oLDgeLzSnQSkvFoGe69vNCfh7feESKedkBC2qRz0BZv9+oJI0IY/3D7W EnV0NOlf8gSHozhfJFJ/ZAKtvw/Q3ogrVJFk0LyVaU/NVtVA5FM4pVMI RID7pfrPi78aAzG7b/Wh/Pce4jPAIpS3dApq25YkvMuPvfB91NMf9Fem Kwlp78PBVcM=
>>>>> . 139753 IN DNSKEY 256 3 8 AwEAAfC/6HLClwss6h7rPfoG2cliv4/SPJRd2HPEglRsvKZRbPP2RLfi obeAkczcdqaD5q8loEt14lcTgDqwzOISZ3YvSVkM4JRMFwKzcjukKo5C sDVbMmhTD0C0yxWICRQ1M+Y5/XkZAT7mt4cb3fWcN9xgyq1wEXQX+zdL QHrNEVQSiL5SoA5cOtCSoQ45n8bKDXdw/0jjP9Rw1FVKsdzLVkQSrVMm 8k30WUkHm/SK/n/954KENkdQOA6Li2vO9nicQdegyAkDeNJCdPN/p3jE hCTQLyO4AlAmyaPcDHeeo7OXr/VsYu4NTDde9hBuS0zx/rewD+BvSnmn NHNmH2FjUE8=
>>>>> . 139753 IN RRSIG DNSKEY 8 0 172800 20201010000000 20200919000000 20326 . gNV6AU+66kB5XldvckVd/ldhaWTu0rO589zdyHDODOwQ1murJshvt8cj Bw3G3G4xO06I1gCKT2HWIJLEEhhvQSRvowbcIW3EocWtTZjeQvCp4U14 49doRAiUblpQi7EIstdOxIzcttvh0VcIRecWV7Fl3kvBzEhpwX42EKXa WUV58Rrn/43o/bRSgh3XBSDwIuIsZVJiMMvHdgm0a5FM6jNHxuuXT1DL lXgLQyggm/PFciUKTXAo91f6HiyWGNZY9AfAAlvprPiyFOCjBotvk7F5 Bi5ss1p8mxl522t/8UuSKcFzqE1J3U4IisgEjTkyxnbCJqY/vKJcyPU8 fCzxEg==
>>>>>
>>>>> ;; Query time: 0 msec
>>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>>>>> ;; WHEN: Tue Sep 29 17:42:22 AEST 2020
>>>>> ;; MSG SIZE rcvd: 1169
>>>>>
>>>>> [beetle:~/git/bind9] marka%
>>>>>
>>>>>
>>>>>
>>>>>> On 29 Sep 2020, at 17:14, Josef Moellers <jmoellers at suse.de> wrote:
>>>>>>
>>>>>> On 28.09.20 16:35, Jeremy C. Reed wrote:
>>>>>>> Let's get more logging. Enable more debugging in named.
>>>>>>
>>>>>> It is already running with -d 5
>>>>>>
>>>>>>> What made named think that name should be DNSSEC signed in the first
>>>>>>> place?
>>>>>>
>>>>>> Because the default is "dnssec-validation yes" and there is no other
>>>>>> directive.
>>>>>> Also, in 3 out of 4 test runs it works flawlessly ("Key 20326 for zone .
>>>>>> acceptance timer complete: key now trusted"), in the one case in 4 it
>>>>>> complains about "No DNSKEY RRSIGs found for '.'"
>>>>>>
>>>>>>>
>>>>>>> Do you only have the problem resolving the single name and it doesn't
>>>>>>> happen every time?
>>>>>>
>>>>>> It happens every time when the error message about the DNSKEY RRSIGs is
>>>>>> issued and it does not happen at all when the message about the trusted
>>>>>> key is issued.
>>>>>> And it is independent upon the name searched for:
>>>>>>
>>>>>> sles12-sp4:~ # dig @192.168.122.1 www.google.com +short
>>>>>> 216.58.208.36
>>>>>> sles12-sp4:~ # dig @localhost www.google.com +short
>>>>>> sles12-sp4:~ #
>>>>>>
>>>>>>> Does the problem ever happen without using your forwarders?
>>>>>>
>>>>>> No:
>>>>>>
>>>>>> sles12-sp4:~ # dig @192.168.122.1 www.suse.de +short
>>>>>> redirector.suse.com.
>>>>>> fra-alb-p-redirector-01-1686471185.eu-central-1.elb.amazonaws.com.
>>>>>> 18.157.240.156
>>>>>> 52.28.35.86
>>>>>> sles12-sp4:~ # dig @localhost www.suse.de +short
>>>>>> sles12-sp4:~ #
>>>>>>
>>>>>>> Also do the query with delv -d99 and record that verbose output.
>>>>>>
>>>>>> ;; socket 0x7ff2a4000010: created
>>>>>>
>>>>>> ;; socket 0x7ff2a4000010 0.0.0.0#57450: bound
>>>>>>
>>>>>> ;; dispatchmgr 0x7ff2a3ffb010: dns_dispatch_createudp: Created UDP
>>>>>> dispatch for 0.0.0.0#0 with socket fd 20
>>>>>> ;; dispatchmgr 0x7ff2a3ffb010: created UDP dispatcher 0x22536f0
>>>>>>
>>>>>> ;; dispatch 0x22536f0: created task 0x7ff2a3fef1a0
>>>>>>
>>>>>> ;; dispatch 0x22536f0: created socket 0x7ff2a4000010
>>>>>>
>>>>>> ;; socket 0x7ff2a4000270: created
>>>>>>
>>>>>> ;; socket 0x7ff2a4000270 ::#39765: bound
>>>>>>
>>>>>> ;; dispatchmgr 0x7ff2a3ffb010: dns_dispatch_createudp: Created UDP
>>>>>> dispatch for ::#0 with socket fd 21
>>>>>> ;; dispatchmgr 0x7ff2a3ffb010: created UDP dispatcher 0x2253120
>>>>>> ;; dispatch 0x2253120: created task 0x7ff2a3fef268
>>>>>> ;; dispatch 0x2253120: created socket 0x7ff2a4000270
>>>>>> ;; adb: task-exclusive mode unavailable, initializing table sizes to 49193
>>>>>>
>>>>>> ;; dns_requestmgr_create
>>>>>> ;; dns_requestmgr_create: 0x7ff2a4021010
>>>>>> ;; dns_requestmgr_whenshutdown
>>>>>> ;; socket 0x7ff2a3ead010: created
>>>>>> ;; socket 0x7ff2a3ead010 0.0.0.0#40118: bound
>>>>>> ;; dispatchmgr 0x7ff2a3ea7010: dns_dispatch_createudp: Created UDP
>>>>>> dispatch for 0.0.0.0#0 with socket fd 22
>>>>>> ;; dispatchmgr 0x7ff2a3ea7010: created UDP dispatcher 0x3968290
>>>>>> ;; dispatch 0x3968290: created task 0x7ff2a3ea0268
>>>>>> ;; dispatch 0x3968290: created socket 0x7ff2a3ead010
>>>>>> ;; socket 0x7ff2a3ead270: created
>>>>>> ;; socket 0x7ff2a3ead270 ::#54166: bound
>>>>>> ;; dispatchmgr 0x7ff2a3ea7010: dns_dispatch_createudp: Created UDP
>>>>>> dispatch for ::#0 with socket fd 23
>>>>>> ;; dispatchmgr 0x7ff2a3ea7010: created UDP dispatcher 0x3967cc0
>>>>>> ;; dispatch 0x3967cc0: created task 0x7ff2a3ea0330
>>>>>> ;; dispatch 0x3967cc0: created socket 0x7ff2a3ead270
>>>>>> ;; adb: task-exclusive mode unavailable, initializing table sizes to 49193
>>>>>>
>>>>>> ;; dns_requestmgr_create
>>>>>> ;; dns_requestmgr_create: 0x7ff2a3ed1010
>>>>>> ;; dns_requestmgr_whenshutdown
>>>>>> ;; fetch: localhost/A
>>>>>> ;; log_ns_ttl: fctx 0x4fd6ca0: fctx_create: localhost (in '.'?): 0 0
>>>>>> ;; findaddrinfo: new entry 0x7ff29cadf128
>>>>>> ;; findaddrinfo: new entry 0x7ff29cadf010
>>>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbe98 217.0.43.1#53: attached to
>>>>>> task 0x7ff2a3ea0970
>>>>>> ;; socket 0x7ff2a3ead010: socket_recv: event 0x7ff2a3edc6f0 -> task
>>>>>> 0x7ff2a3ea0268
>>>>>> ;; sending packet to 217.0.43.1#53
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52687
>>>>>> ;; flags: rd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>>>> ;; OPT PSEUDOSECTION:
>>>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>>>> ; COOKIE: fb39bcd1c3e747d5
>>>>>> ;; QUESTION SECTION:
>>>>>> ;localhost. IN A
>>>>>>
>>>>>>
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -3 for socket 22
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>>>> ;; fetch: localhost/AAAA
>>>>>> ;; log_ns_ttl: fctx 0x4fd9140: fctx_create: localhost (in '.'?): 0 0
>>>>>> ;; findaddrinfo: found entry 0x7ff29cadf128
>>>>>> ;; findaddrinfo: found entry 0x7ff29cadf010
>>>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbda0 217.0.43.1#53: attached to
>>>>>> task 0x7ff2a3ea0970
>>>>>> ;; sending packet to 217.0.43.1#53
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50536
>>>>>> ;; flags: rd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>>>> ;; OPT PSEUDOSECTION:
>>>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>>>> ; COOKIE: fb39bcd1c3e747d5
>>>>>> ;; QUESTION SECTION:
>>>>>> ;localhost. IN AAAA
>>>>>>
>>>>>>
>>>>>> ;; socket 0x7ff2a3ead010: dispatch_recv: event 0x7ff2a3edc6f0 -> task
>>>>>> 0x7ff2a3ea0268
>>>>>> ;; socket 0x7ff2a3ead010: internal_recv: task 0x7ff2a3ea0268 got event
>>>>>> 0x7ff2a3ead0d8
>>>>>> ;; socket 0x7ff2a3ead010 217.0.43.1#53: packet received correctly
>>>>>> ;; socket 0x7ff2a3ead010: processing cmsg 0x7ff29e387c50
>>>>>> ;; socket 0x7ff2a3ead010: processing cmsg 0x7ff29e387c70
>>>>>> ;; dispatch 0x3968290: got packet: requests 2, buffers 1, recvs 1
>>>>>> ;; dispatch 0x3968290: got valid DNS message header, /QR 1, id 52687
>>>>>> ;; dispatch 0x3968290: search for response in bucket 6561: found
>>>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbe98 217.0.43.1#53: [a] Sent
>>>>>> event 0x7ff2a3eac9e8 buffer 0x7ff298021ac0 len 4096 to task 0x7ff2a3ea0970
>>>>>> ;; socket 0x7ff2a3ead010: socket_recv: event 0x7ff2a3edc590 -> task
>>>>>> 0x7ff2a3ea0268
>>>>>> ;; received packet from 217.0.43.1#53
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52687
>>>>>> ;; flags: qr rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>>>>> ;; OPT PSEUDOSECTION:
>>>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>>>> ;; QUESTION SECTION:
>>>>>> ;localhost. IN A
>>>>>>
>>>>>> ;; ANSWER SECTION:
>>>>>> ;localhost. 86400 IN A 127.0.0.1
>>>>>>
>>>>>>
>>>>>> ;; log_ns_ttl: fctx 0x4fd6ca0: answer_response: localhost (in '.'?): 0 0
>>>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbe98 217.0.43.1#53: detaching
>>>>>> from task 0x7ff2a3ea0970
>>>>>> ;; dispatch 0x3968290: detach: refcount 5
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -3 for socket 22
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>>>> ;; socket 0x7ff2a3ead010: dispatch_recv: event 0x7ff2a3edc590 -> task
>>>>>> 0x7ff2a3ea0268
>>>>>> ;; socket 0x7ff2a3ead010: internal_recv: task 0x7ff2a3ea0268 got event
>>>>>> 0x7ff2a3ead0d8
>>>>>> ;; socket 0x7ff2a3ead010 217.0.43.1#53: packet received correctly
>>>>>> ;; socket 0x7ff2a3ead010: processing cmsg 0x7ff29e387c50
>>>>>> ;; socket 0x7ff2a3ead010: processing cmsg 0x7ff29e387c70
>>>>>> ;; dispatch 0x3968290: got packet: requests 1, buffers 1, recvs 1
>>>>>> ;; dispatch 0x3968290: got valid DNS message header, /QR 1, id 50536
>>>>>> ;; dispatch 0x3968290: search for response in bucket 4142: found
>>>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbda0 217.0.43.1#53: [a] Sent
>>>>>> event 0x7ff2a3eac9e8 buffer 0x7ff298020ab0 len 4096 to task 0x7ff2a3ea0970
>>>>>> ;; socket 0x7ff2a3ead010: socket_recv: event 0x7ff2a3edc6f0 -> task
>>>>>> 0x7ff2a3ea0268
>>>>>> ;; received packet from 217.0.43.1#53
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50536
>>>>>> ;; flags: qr rd ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>>>>> ;; OPT PSEUDOSECTION:
>>>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>>>> ;; QUESTION SECTION:
>>>>>> ;localhost. IN AAAA
>>>>>>
>>>>>> ;; ANSWER SECTION:
>>>>>> ;localhost. 86400 IN AAAA ::1
>>>>>>
>>>>>>
>>>>>> ;; log_ns_ttl: fctx 0x4fd9140: answer_response: localhost (in '.'?): 0 0
>>>>>> ;; dispatch 0x3968290 response 0x7ff2a3edbda0 217.0.43.1#53: detaching
>>>>>> from task 0x7ff2a3ea0970
>>>>>> ;; dispatch 0x3968290: detach: refcount 3
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -3 for socket 22
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>>>> ;; dns_requestmgr_shutdown: 0x7ff2a3ed1010
>>>>>> ;; send_shutdown_events: 0x7ff2a3ed1010
>>>>>> ;; dispatch 0x3968290: detach: refcount 2
>>>>>> ;; dispatch 0x3967cc0: detach: refcount 2
>>>>>> ;; dispatchmgr 0x7ff2a3ea7010: destroy_mgr_ok: shuttingdown=1,
>>>>>> listnonempty=1, depool=2, rpool=0, dpool=2
>>>>>> ;; dispatchmgr 0x7ff2a3ea7010: destroy: killit=0
>>>>>> ;; dispatch 0x3968290: detach: refcount 1
>>>>>> ;; dispatch 0x3967cc0: detach: refcount 1
>>>>>> ;; dns_requestmgr_detach: 0x7ff2a3ed1010: eref 0 iref 0
>>>>>> ;; mgr_destroy
>>>>>> ;; dispatch 0x3968290: detach: refcount 0
>>>>>> ;; dispatch 0x3967cc0: detach: refcount 0
>>>>>> ;; dispatch 0x3968290: got packet: requests 0, buffers 1, recvs 1
>>>>>> ;; dispatch 0x3968290: shutting down; detaching from sock
>>>>>> 0x7ff2a3ead010, task 0x7ff2a3ea0268
>>>>>> ;; socket 0x7ff2a3ead010: destroying
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -5 for socket 22
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>>>> ;; dispatchmgr 0x7ff2a3ea7010: destroy_mgr_ok: shuttingdown=1,
>>>>>> listnonempty=1, depool=1, rpool=0, dpool=1
>>>>>> ;; dispatch 0x3967cc0: shutting down; detaching from sock
>>>>>> 0x7ff2a3ead270, task 0x7ff2a3ea0330
>>>>>> ;; socket 0x7ff2a3ead270: destroying
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -5 for socket 23
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -2 for socket -1
>>>>>> ;; dispatchmgr 0x7ff2a3ea7010: destroy_mgr_ok: shuttingdown=1,
>>>>>> listnonempty=0, depool=0, rpool=0, dpool=0
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher got message -1 for socket 0
>>>>>> ;; sockmgr 0x7ff2a3ea1f30: watcher exiting
>>>>>> ;; adding trust anchor .
>>>>>> ;; fetch: www.suse.de/A
>>>>>> ;; log_ns_ttl: fctx 0x38fac90: fctx_create: www.suse.de (in '.'?): 0 0
>>>>>> ;; findaddrinfo: new entry 0x7ff2a3f48128
>>>>>> ;; findaddrinfo: new entry 0x7ff2a3f48010
>>>>>> ;; dispatch 0x22536f0 response 0x38c0b08 127.0.0.1#53: attached to task
>>>>>> 0x7ff2a401c970
>>>>>> ;; socket 0x7ff2a4000010: socket_recv: event 0x38c1360 -> task
>>>>>> 0x7ff2a3fef1a0
>>>>>> ;; sending packet to 127.0.0.1#53
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45107
>>>>>> ;; flags: rd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>>>> ;; OPT PSEUDOSECTION:
>>>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>>>> ; COOKIE: fbbf2d870fd1a427
>>>>>> ;; QUESTION SECTION:
>>>>>> ;www.suse.de. IN A
>>>>>>
>>>>>>
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -3 for socket 20
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>>>> ;; socket 0x7ff2a4000010: dispatch_recv: event 0x38c1360 -> task
>>>>>> 0x7ff2a3fef1a0
>>>>>> ;; socket 0x7ff2a4000010: internal_recv: task 0x7ff2a3fef1a0 got event
>>>>>> 0x7ff2a40000d8
>>>>>> ;; socket 0x7ff2a4000010 127.0.0.1#53: packet received correctly
>>>>>> ;; socket 0x7ff2a4000010: processing cmsg 0x7ff2a0250c50
>>>>>> ;; socket 0x7ff2a4000010: processing cmsg 0x7ff2a0250c70
>>>>>> ;; dispatch 0x22536f0: got packet: requests 1, buffers 1, recvs 1
>>>>>> ;; dispatch 0x22536f0: got valid DNS message header, /QR 1, id 45107
>>>>>> ;; dispatch 0x22536f0: search for response in bucket 10407: found
>>>>>> ;; dispatch 0x22536f0 response 0x38c0b08 127.0.0.1#53: [a] Sent event
>>>>>> 0x7ff2a3fff9e8 buffer 0x7ff298021ac0 len 4096 to task 0x7ff2a401c970
>>>>>> ;; socket 0x7ff2a4000010: socket_recv: event 0x38c1200 -> task
>>>>>> 0x7ff2a3fef1a0
>>>>>> ;; received packet from 127.0.0.1#53
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45107
>>>>>> ;; flags: qr rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>>>> ;; OPT PSEUDOSECTION:
>>>>>> ; EDNS: version: 0, flags: do; udp: 4096
>>>>>> ; COOKIE: fbbf2d870fd1a427a559e12a5f72de0d1f7d573673bd484f
>>>>>> ;; QUESTION SECTION:
>>>>>> ;www.suse.de. IN A
>>>>>>
>>>>>>
>>>>>> ;; dispatch 0x22536f0 response 0x38c0b08 127.0.0.1#53: detaching from
>>>>>> task 0x7ff2a401c970
>>>>>> ;; dispatch 0x22536f0: detach: refcount 3
>>>>>> ;; dispatch 0x2253120 response 0x38c0b08 ::1#53: attached to task
>>>>>> 0x7ff2a401c970
>>>>>> ;; socket 0x7ff2a4000270: socket_recv: event 0x38c2a40 -> task
>>>>>> 0x7ff2a3fef268
>>>>>> ;; sending packet to ::1#53
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58627
>>>>>> ;; flags: rd; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>>>> ;; OPT PSEUDOSECTION:
>>>>>> ; EDNS: version: 0, flags: do; udp: 512
>>>>>> ; COOKIE: 07a6fee537d54a89
>>>>>> ;; QUESTION SECTION:
>>>>>> ;www.suse.de. IN A
>>>>>>
>>>>>>
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -3 for socket 20
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -3 for socket 21
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>>>> ;; socket 0x7ff2a4000270: dispatch_recv: event 0x38c2a40 -> task
>>>>>> 0x7ff2a3fef268
>>>>>> ;; socket 0x7ff2a4000270: internal_recv: task 0x7ff2a3fef268 got event
>>>>>> 0x7ff2a4000338
>>>>>> ;; socket 0x7ff2a4000270 ::1#53: packet received correctly
>>>>>> ;; socket 0x7ff2a4000270: processing cmsg 0x7ff2a0250c50
>>>>>> ;; socket 0x7ff2a4000270: processing cmsg 0x7ff2a0250c70
>>>>>> ;; socket 0x7ff2a4000270: interface received on ifindex 1
>>>>>> ;; socket 0x7ff2a4000270: processing cmsg 0x7ff2a0250c98
>>>>>> ;; dispatch 0x2253120: got packet: requests 1, buffers 2, recvs 1
>>>>>> ;; dispatch 0x2253120: got valid DNS message header, /QR 1, id 58627
>>>>>> ;; dispatch 0x2253120: search for response in bucket 14157: found
>>>>>> ;; dispatch 0x2253120 response 0x38c0b08 ::1#53: [a] Sent event
>>>>>> 0x7ff2a3fff9e8 buffer 0x7ff298021ac0 len 4096 to task 0x7ff2a401c970
>>>>>> ;; socket 0x7ff2a4000270: socket_recv: event 0x38c28e0 -> task
>>>>>> 0x7ff2a3fef268
>>>>>> ;; received packet from ::1#53
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58627
>>>>>> ;; flags: qr rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>>>> ;; OPT PSEUDOSECTION:
>>>>>> ; EDNS: version: 0, flags: do; udp: 4096
>>>>>> ; COOKIE: 07a6fee537d54a89e5d496475f72de0d19ecfdc75acdcb42
>>>>>> ;; QUESTION SECTION:
>>>>>> ;www.suse.de. IN A
>>>>>>
>>>>>>
>>>>>> ;; dispatch 0x2253120 response 0x38c0b08 ::1#53: detaching from task
>>>>>> 0x7ff2a401c970
>>>>>> ;; dispatch 0x2253120: detach: refcount 3
>>>>>> ;; findaddrinfo: found entry 0x7ff2a3f48128
>>>>>> ;; findaddrinfo: found entry 0x7ff2a3f48010
>>>>>> ;; resolution failed: SERVFAIL
>>>>>> ;; dns_requestmgr_shutdown: 0x7ff2a4021010
>>>>>> ;; send_shutdown_events: 0x7ff2a4021010
>>>>>> ;; dispatch 0x22536f0: detach: refcount 2
>>>>>> ;; dispatch 0x2253120: detach: refcount 2
>>>>>> ;; dispatchmgr 0x7ff2a3ffb010: destroy_mgr_ok: shuttingdown=1,
>>>>>> listnonempty=1, depool=2, rpool=0, dpool=2
>>>>>> ;; dispatchmgr 0x7ff2a3ffb010: destroy: killit=0
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -3 for socket 21
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>>>> ;; dispatch 0x22536f0: detach: refcount 1
>>>>>> ;; dispatch 0x2253120: detach: refcount 1
>>>>>> ;; dns_requestmgr_detach: 0x7ff2a4021010: eref 0 iref 0
>>>>>> ;; mgr_destroy
>>>>>> ;; dispatch 0x22536f0: detach: refcount 0
>>>>>> ;; dispatch 0x2253120: detach: refcount 0
>>>>>> ;; calling free_rbtdb(.)
>>>>>> ;; done free_rbtdb(.)
>>>>>> ;; dispatch 0x22536f0: got packet: requests 0, buffers 2, recvs 1
>>>>>> ;; dispatch 0x22536f0: shutting down; detaching from sock
>>>>>> 0x7ff2a4000010, task 0x7ff2a3fef1a0
>>>>>> ;; socket 0x7ff2a4000010: destroying
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -5 for socket 20
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>>>> ;; dispatchmgr 0x7ff2a3ffb010: destroy_mgr_ok: shuttingdown=1,
>>>>>> listnonempty=1, depool=1, rpool=0, dpool=1
>>>>>> ;; dispatch 0x2253120: got packet: requests 0, buffers 1, recvs 1
>>>>>> ;; dispatch 0x2253120: shutting down; detaching from sock
>>>>>> 0x7ff2a4000270, task 0x7ff2a3fef268
>>>>>> ;; socket 0x7ff2a4000270: destroying
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -5 for socket 21
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -2 for socket -1
>>>>>> ;; dispatchmgr 0x7ff2a3ffb010: destroy_mgr_ok: shuttingdown=1,
>>>>>> listnonempty=0, depool=0, rpool=0, dpool=0
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher got message -1 for socket 0
>>>>>> ;; sockmgr 0x7ff2a3ff0f30: watcher exiting
>>>>>>
>>>>>>
>>>>>> --
>>>>>> SUSE Software Solutions Germany GmbH
>>>>>> Maxfeldstr. 5
>>>>>> 90409 Nürnberg
>>>>>> Germany
>>>>>>
>>>>>> (HRB 36809, AG Nürnberg)
>>>>>> Geschäftsführer: Felix Imendörffer
>>>>>> _______________________________________________
>>>>>> bind-workers mailing list
>>>>>> bind-workers at lists.isc.org
>>>>>> https://lists.isc.org/mailman/listinfo/bind-workers
>>>>>
>>>>
>>>>
>>>> --
>>>> SUSE Software Solutions Germany GmbH
>>>> Maxfeldstr. 5
>>>> 90409 Nürnberg
>>>> Germany
>>>>
>>>> (HRB 36809, AG Nürnberg)
>>>> Geschäftsführer: Felix Imendörffer
>>>
>>
>>
>> --
>> SUSE Software Solutions Germany GmbH
>> Maxfeldstr. 5
>> 90409 Nürnberg
>> Germany
>>
>> (HRB 36809, AG Nürnberg)
>> Geschäftsführer: Felix Imendörffer
>
--
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer
More information about the bind-workers
mailing list