By using host, you are missing the important bits - the packet sizes and the header bits. Most probably the response doesn’t fit into 512 bytes, so it’s truncated. Which is not a problem because any compliant software will: a) use EDNS with at least 1232 buffer size, b) retry over TCP if it sees truncation.
Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 26. 7. 2022, at 1:02, Boian Bonev via bind-users > <[email protected]> wrote: > > Hello, > > For the Devuan project we use a DNS round robin for mirrors - deb.devuan.org. > Mostly for cleanliness and separation which part is maintained by humans and > which by tools, there is a separate zone rr.devuan.org fully maintained by > tools. deb.devuan.org is CNAME of deb.rr.devuan.org, which in turn is the list > of all up-to-date mirrors' A and AAAA. The master DNS server is not publicly > visible and the only visible ones are authoritative slaves (for both zones). > > The weird part is that bind is replying with CNAME and AAAA records only > (using > host, because it has shorter output, result is same with other tools): > > # host deb.devuan.org ns4.devuan.dev > Using domain server: > Name: ns4.devuan.dev > Address: 2a01:9e40::108#53 > Aliases: > > deb.devuan.org is an alias for deb.rr.devuan.org. > deb.rr.devuan.org has IPv6 address 2801:82:80ff:8000::2 > deb.rr.devuan.org has IPv6 address 2001:4190:801c:1::150 > deb.rr.devuan.org has IPv6 address 2a0a:e5c0:2:2:400:c8ff:fe68:bef3 > deb.rr.devuan.org has IPv6 address 2a01:4f9:2a:fa9::2 > deb.rr.devuan.org has IPv6 address 2a01:9e40::180 > deb.rr.devuan.org has IPv6 address 2a01:4f8:162:7293::14 > deb.rr.devuan.org has IPv6 address 2001:e42:102:1704:160:16:137:156 > deb.rr.devuan.org has IPv6 address 2a01:4f8:140:1102:2b76:955d:b48f:bdf3 > deb.rr.devuan.org has IPv6 address 2607:5300:61:95f:7283:11d9:f86:e691 > deb.rr.devuan.org has IPv6 address 2001:638:a000:1021:21::1 > deb.rr.devuan.org has IPv6 address 2001:4ca0:4300::1:19 > deb.rr.devuan.org has IPv6 address 2a02:2a38:1:400:422a:422a:422a:422a > > # nslookup -class=CHAOS -type=txt version.bind ns4.devuan.dev > Server: ns4.devuan.dev > Address: 2a01:9e40::108#53 > > version.bind text = "9.16.27-Debian" > > I did check with RFC 1034 and the above does not look like a proper reply as > per my understanding. If bind does not see itself as auth for rr.devuan.org, > it > should reply only with the CNAME, else it should include the A records too. > > I have tried various options - enabling recursion makes it behave correctly > but > that is not an option for a public DNS. Replacing bind with nsd also fixes the > behavior. As a side note knot behaves exactly like bind. I would prefer to run > different software across the slaves. The next thing was to try with the most > recent Debian package from the testing distribution: > > The only related option in named.conf.options is "recursion no;" > > # host deb.devuan.org 127.0.0.1 > Using domain server: > Name: 127.0.0.1 > Address: 127.0.0.1#53 > Aliases: > > deb.devuan.org is an alias for deb.rr.devuan.org. > deb.rr.devuan.org has IPv6 address 2001:638:a000:1021:21::1 > deb.rr.devuan.org has IPv6 address 2a0a:e5c0:2:2:400:c8ff:fe68:bef3 > deb.rr.devuan.org has IPv6 address 2801:82:80ff:8000::2 > deb.rr.devuan.org has IPv6 address 2001:4ca0:4300::1:19 > deb.rr.devuan.org has IPv6 address 2001:e42:102:1704:160:16:137:156 > deb.rr.devuan.org has IPv6 address 2a01:4f8:162:7293::14 > deb.rr.devuan.org has IPv6 address 2001:878:346::116 > deb.rr.devuan.org has IPv6 address 2001:4190:801c:1::150 > deb.rr.devuan.org has IPv6 address 2a01:4f9:2a:fa9::2 > deb.rr.devuan.org has IPv6 address 2a01:4f8:140:1102:2b76:955d:b48f:bdf3 > deb.rr.devuan.org has IPv6 address 2607:5300:61:95f:7283:11d9:f86:e691 > deb.rr.devuan.org has IPv6 address 2a01:9e40::180 > deb.rr.devuan.org has IPv6 address 2a02:2a38:1:400:422a:422a:422a:422a > > # nslookup -class=CHAOS -type=txt version.bind 127.0.0.1 > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > version.bind text = "9.18.4-2-Debian" > > > Please advise what is happening - is that expected behavior, a configuration > option is missing or there is a bug in bind? > > With best regards, > b. > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
