The servers for vpn.smiths.com are misconfigured. The zone vpn.smiths.com is delegated to them but they are configured to serve smiths.com. Just because Google ignores the delegation error, it doesn’t make the configuration correct.
Mark smiths.com. 172800 IN NS ns-east.cerf.net. smiths.com. 172800 IN NS ns-west.cerf.net. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190519044441 20190512033441 3800 com. UJTuCBjwehBYdQKMgLo6SxdAh/FU4WTYNgzupGJmnQsZGe7py+NRotht wgTN9V0A8RqzUBsgdxvK6h4R+e+K7ISgBK/Bb65N07BnnSyFQxowIXi2 lnhEEpDiIDDx/Ca1aA9kVK+2Tn51tR7ZVZeMtkIesqZTOANCfmec9wea V9s= L9MECSI4V5NQE1C3N2DNCJ6USFQA1C4H.com. 86400 IN NSEC3 1 1 0 - L9MGE0KHV110F24LIONHR6F2508ITI97 NS DS RRSIG L9MECSI4V5NQE1C3N2DNCJ6USFQA1C4H.com. 86400 IN RRSIG NSEC3 8 2 86400 20190521045234 20190514034234 3800 com. fWfPYqFE88diYC8Pil3ZDm38TaCS7i4o7qLXRZ6dLUF8daWX3cfjm7iq ueuIW4b1k4jtjfwpLCxvWRHcVrheFDtw9ED7g2tIbmj9Fxdq1bML1YYS D+yZceUk/JYN7wv5M3CCeroKfwS0/1LjldXVUvvjG95vczoRVDYOrE8F 8Pg= ;; Received 580 bytes from 192.5.6.30#53(a.gtld-servers.net) in 13 ms vpn.smiths.com. 86400 IN NS resolve02.sslra.com. vpn.smiths.com. 86400 IN NS resolve01.sslra.com. ;; Received 97 bytes from 2001:1890:1ff:9f1:99:99:99:136#53(ns-east.cerf.net) in 320 ms smiths.com. 60 IN SOA resolve01.sslvpndemo.com. hostmaster.resolve01.sslvpndemo.com. 5 10800 3600 604800 60 ;; Received 111 bytes from 216.132.83.124#53(resolve01.sslra.com) in 174 ms > On 15 May 2019, at 11:27 pm, Frank Patzig <f...@mdlink.de> wrote: > > Hi, > > my bind is 9.14-1. > > I check the zone > > dig @NS-EAST.CERF.NET any vpn.smiths.com > > ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @NS-EAST.CERF.NET any > vpn.smiths.com > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47937 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;vpn.smiths.com. IN ANY > > ;; AUTHORITY SECTION: > vpn.smiths.com. 86400 IN NS resolve01.sslra.com. > vpn.smiths.com. 86400 IN NS resolve02.sslra.com. > > ;; Query time: 119 msec > ;; SERVER: 2001:1890:1ff:9f1:99:99:99:136#53(2001:1890:1ff:9f1:99:99:99:136) > ;; WHEN: Mi Mai 15 13:42:26 CEST 2019 > ;; MSG SIZE rcvd: 97 > > this is fine > > > dig @resolve01.sslra.com any vpn.smiths.com > > ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @resolve01.sslra.com any > vpn.smiths.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22398 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;vpn.smiths.com. IN ANY > > ;; ANSWER SECTION: > vpn.smiths.com. 30 IN A 194.105.113.242 > > ;; AUTHORITY SECTION: > smiths.com. 500 IN NS resolve01.sslvpndemo.com. > > ;; Query time: 171 msec > ;; SERVER: 216.132.83.124#53(216.132.83.124) > ;; WHEN: Mi Mai 15 13:43:04 CEST 2019 > ;; MSG SIZE rcvd: 94 > > OK > > dig @resolve01.sslra.com MX vpn.smiths.com > > ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @resolve01.sslra.com MX > vpn.smiths.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21258 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;vpn.smiths.com. IN MX > > ;; AUTHORITY SECTION: > smiths.com. 60 IN SOA resolve01.sslvpndemo.com. > hostmaster.resolve01.sslvpndemo.com. 5 10800 3600 604800 60 > > ;; Query time: 169 msec > ;; SERVER: 216.132.83.124#53(216.132.83.124) > ;; WHEN: Mi Mai 15 13:44:04 CEST 2019 > ;; MSG SIZE rcvd: 111 > > ----------------------------------------------------------------------- > > > I check my bind: > > dig @localhost any vpn.smiths.com > > ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @localhost any vpn.smiths.com > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27551 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;vpn.smiths.com. IN ANY > > ;; ANSWER SECTION: > vpn.smiths.com. 30 IN A 194.105.113.242 > vpn.smiths.com. 1583 IN NS resolve01.sslra.com. > vpn.smiths.com. 1583 IN NS resolve02.sslra.com. > > ;; AUTHORITY SECTION: > vpn.smiths.com. 1583 IN NS resolve01.sslra.com. > vpn.smiths.com. 1583 IN NS resolve02.sslra.com. > > ;; ADDITIONAL SECTION: > resolve01.sslra.com. 506 IN A 216.132.83.124 > resolve02.sslra.com. 258 IN A 64.7.11.138 > > ;; Query time: 172 msec > ;; SERVER: ::1#53(::1) > ;; WHEN: Mi Mai 15 13:44:38 CEST 2019 > ;; MSG SIZE rcvd: 173 > > > dig @localhost MX vpn.smiths.com > > ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @localhost MX vpn.smiths.com > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8396 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;vpn.smiths.com. IN MX > > ;; Query time: 272 msec > ;; SERVER: ::1#53(::1) > ;; WHEN: Mi Mai 15 13:45:34 CEST 2019 > ;; MSG SIZE rcvd: 43 > > > In status is SERVFAIL > > In my log > > DNS format error from 64.7.11.138#53 resolving vpn.smiths.com/MX for client > 127.0.0.1#47512: Name smiths.com (SOA) not subdomain of zone vpn.smiths.com > -- invalid response > > What is the problem. > > > Test with Google is OK: > > dig @8.8.8.8 MX vpn.smiths.com > > ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @8.8.8.8 MX vpn.smiths.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21066 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 512 > ;; QUESTION SECTION: > ;vpn.smiths.com. IN MX > > ;; AUTHORITY SECTION: > smiths.com. 59 IN SOA resolve01.sslvpndemo.com. > hostmaster.resolve01.sslvpndemo.com. 5 10800 3600 604800 60 > > ;; Query time: 180 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Mi Mai 15 15:26:28 CEST 2019 > ;; MSG SIZE rcvd: 111 > > > Can i help you. > > Regards > -- > Frank > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
