On Thu, Aug 05, 2021 at 11:53:35PM +0200, Peter wrote:
! I tried to use this recommendation, https://kb.isc.org/docs/aa-00206,
! marking all IPv6 addrs as bogus, but it does not make a difference in
! behaviour.
Update: Actually there is a difference if this recommended
configuration is present or not - only the NXDOMAIN outcome is the
same in both cases.
WITH this configuration ("server ::/0 { bogus yes; };") I get the
behaviour as described in the previous msg: Resolving will
occasionally fail, depending on the sequence in which the recursive
queries get answered.
WITHOUT this configuration lots of INET6 queries are generated (and
cannot be sent anywhere as there is no IPv6). And then frequently
this error appears:
Aug 6 00:05:51 <local1.debug> conr named[5623]: resolver: debug 3:
exceeded max queries resolving 'curitiba.porkbun.com/AAAA'
(querycount=101, maxqueries=100)
Now that is something I can understand. :) So, when I put this
into the configuration: "max-recursion-queries 400;", then things
appear to work!
But this is probably not "The Good Way" to solve this (and it fills
the log with all these "lame-servers" errors from the unreachable
IPv6 addresses).
So then, maybe the recommended configuration with
"server ::/0 { bogus yes; };"
is not so really recommendable and rather dangerous? Or mabye it is
somehow misbehaving in this case?
rgds,
PMc
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
