On Thu, Aug 05, 2021 at 11:53:35PM +0200, Peter wrote: ! I tried to use this recommendation, https://kb.isc.org/docs/aa-00206, ! marking all IPv6 addrs as bogus, but it does not make a difference in ! behaviour.
Update: Actually there is a difference if this recommended configuration is present or not - only the NXDOMAIN outcome is the same in both cases. WITH this configuration ("server ::/0 { bogus yes; };") I get the behaviour as described in the previous msg: Resolving will occasionally fail, depending on the sequence in which the recursive queries get answered. WITHOUT this configuration lots of INET6 queries are generated (and cannot be sent anywhere as there is no IPv6). And then frequently this error appears: Aug 6 00:05:51 <local1.debug> conr named[5623]: resolver: debug 3: exceeded max queries resolving 'curitiba.porkbun.com/AAAA' (querycount=101, maxqueries=100) Now that is something I can understand. :) So, when I put this into the configuration: "max-recursion-queries 400;", then things appear to work! But this is probably not "The Good Way" to solve this (and it fills the log with all these "lame-servers" errors from the unreachable IPv6 addresses). So then, maybe the recommended configuration with "server ::/0 { bogus yes; };" is not so really recommendable and rather dangerous? Or mabye it is somehow misbehaving in this case? rgds, PMc _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users