Hi, I noticed some inconsistent behavior in a particular setup where a DNAME is involved and I am trying to figure out who is right and who is wrong.
Players involved on the resolving side are: Google Public DNS (resolves without an error) BIND (often results in a timeout and a log-rule saying: "unrelated DNAME in answer") Unbound (results in a SERVFAIL) On the authoritative side the players are: PowerDNS BIND NSD The query-type (A yield other results than ANY) The query to test is for example: dig +dnssec -t ANY _sidn._dnssec-valcheck._1804289384.bergzand.nl I believe both bergzand.nl and bergzand.net are hosted on PowerDNS. dig +dnssec -t ANY _sidn._dnssec-valcheck._1804289384.scintilla.nl This domain is served from BIND. For testing-purposes I tried to simulate the situation in sidnlabs.nl: dig +dnssec -t ANY _sidn._dnssec-valcheck._1804289384.sidnlabs.nl sidnlabs.nl is served from BIND, but example.nl (the DNAME) is served from BIND and NSD). I guess I have these question to the reader: - Is it ok for BIND to have a timeout? - Why does Google resolve, why does UNbound result in a SERVFAIL and who is right? - Is there an authoritative server (PowerDNS perhaps?) not doing the right thing? I've been looking to long to this matter so this is the time to ask for your help. It didn't help that DNS-OARCs open BIND-resolver (184.105.193.73) broke down, having the same effect as a timeout). Thanks. -- Marco
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users