On 27 January 2018 at 19:11, Matthew Pounsett <[email protected]> wrote:
> The only thing I can think of that has changed in that time, which has > ever caused me query issues, is the addition of DNS cookies in the default > query. Some broken authoritative servers will incorrectly respond with > things like FORMERR when they see an EDNS option they don't recognize. I > doubt DNS-OARC is running such a name server, but I haven't looked to see. > > Serves me right for not actually going any looking at this sooner.. and for some reason I failed to recognize the name when I saw it. rs.dns-oarc.net is the DNS-OARC response size tester. The server synthesizes a series of large responses via a CNAME chain when you look up that TXT record, designed to test your recursive server's ability to handle large responses. I'm getting similar failure behaviour from Google Public DNS that you're seeing in 9.12, but I'm not seeing it from my 9.11 recursive server (it works on the first try). ; <<>> DiG 9.11.2 <<>> IN TXT rs.dns-oarc.net @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63546 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;rs.dns-oarc.net. IN TXT ;; Query time: 4373 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Jan 27 19:20:21 EST 2018 ;; MSG SIZE rcvd: 44 ; <<>> DiG 9.11.2 <<>> IN TXT rs.dns-oarc.net @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29585 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;rs.dns-oarc.net. IN TXT ;; ANSWER SECTION: rs.dns-oarc.net. 1 IN CNAME rst.x4090.rs.dns-oarc.net. rst.x4090.rs.dns-oarc.net. 58 IN CNAME rst.x4058.x4090.rs.dns-oarc.net. rst.x4058.x4090.rs.dns-oarc.net. 57 IN CNAME rst.x4064.x4058.x4090.rs.dns-oarc.net. rst.x4064.x4058.x4090.rs.dns-oarc.net. 56 IN TXT "74.125.179.74 DNS reply size limit is at least 4090" rst.x4064.x4058.x4090.rs.dns-oarc.net. 56 IN TXT "74.125.179.74 sent EDNS buffer size 4096" rst.x4064.x4058.x4090.rs.dns-oarc.net. 56 IN TXT "Tested at 2018-01-28 00:21:16 UTC" ;; Query time: 857 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Jan 27 19:21:16 EST 2018 ;; MSG SIZE rcvd: 279 If you want to understand why your resolver is failing, again I'd have a look at the 'resolver' log channel. It should have some detail about what's resulting in the SERVFAIL message.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
