Dear Bind-Users, Greetings of the Day!!!
I have faced an issue on my RPZ Server. I have added the A record Entry & AAAA record entry for some domains. The RPZ Policy is running fine. But the werired response that i am getting with few domains are that when I have quered the A record for that domain, the answer is OK. When I have quered for AAAA record, it is not given the answer. When I have run the dig query using any option, it has shown me the A record as well as AAAA record too. I have facing this issue while querying following domains: 1. gim8.pl 2. ns-cnc1.qq.com 3. ns-tel1.qq.com Lets take an example of first doamin: I have sharing the dig o/p here with different options: A. querying A Record: ----------------------------- ; <<>> DiG 9.10.3-P3 <<>> gim8.pl ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19768 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;gim8.pl. IN A ;; ANSWER SECTION: gim8.pl. 5 IN A 10.40.124.13 ;; AUTHORITY SECTION: rpz.nkn.in. 3600 IN NS ns1.rpz.nkn.in. ;; ADDITIONAL SECTION: ns1.rpz.nkn.in. 3600 IN A 10.199.88.2 ;; Query time: 4406 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue May 22 17:22:57 IST 2018 ;; MSG SIZE rcvd: 96 B: Query the AAAA Record: ------------------------------------- ; <<>> DiG 9.10.3-P3 <<>> gim8.pl AAAA ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60907 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;gim8.pl. IN AAAA ;; Query time: 517 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue May 22 17:24:13 IST 2018 ;; MSG SIZE rcvd: 36 C: Query the Record with ANY option: -------------------------------------------------- ; <<>> DiG 9.10.3-P3 <<>> gim8.pl any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 583 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;gim8.pl. IN ANY ;; ANSWER SECTION: gim8.pl. 5 IN AAAA 2001:4408:5240::13 gim8.pl. 5 IN A 10.40.124.13 ;; AUTHORITY SECTION: rpz.nkn.in. 3600 IN NS ns1.rpz.nkn.in. ;; ADDITIONAL SECTION: ns1.rpz.nkn.in. 3600 IN A 10.199.88.2 ;; Query time: 821 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue May 22 17:24:42 IST 2018 ;; MSG SIZE rcvd: 124 Last o/p shows the AAAA record too...but alone its not working. I am sharing you the messages that i received when I hit the AAAA query using dig: May 22 17:24:13 RPZ named[17245]: FORMERR resolving 'gim8.pl/AAAA/IN': 104.130.132.112#53 May 22 17:24:13 RPZ named[17245]: FORMERR resolving 'gim8.pl/AAAA/IN': 198.245.62.20#53 May 22 17:25:46 RPZ named[17245]: FORMERR resolving 'gim8.pl/AAAA/IN': 104.130.132.112#53 May 22 17:25:46 RPZ named[17245]: FORMERR resolving 'gim8.pl/AAAA/IN': 198.245.62.20#53 Can anyone suggest, what goes wrong & why the RPZ policy is not throuugh the AAAA result when the dig alone run with AAAA query? Thanks & Regards, Saurabh Srivastava, Mobile: +91-9958399291 Email: [email protected]
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
