i run bind 9.18.8
i use root hints; forwarding is, by default, disabled in config
with this config, i notice that although lookups for (e.g.) *.dock.io are
available in public NS caches, e.g.
dig A elb-default.us-east-1.aws.dckr.io @1.1.1.1
; <<>> DiG 9.18.8 <<>> A elb-default.us-east-1.aws.dckr.io
@1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43732
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0,
ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;elb-default.us-east-1.aws.dckr.io. IN A
;; ANSWER SECTION:
elb-default.us-east-1.aws.dckr.io. 11 IN CNAME
prodextdefgreen-vggjfqmkkc-41e4710ed557329b.elb.us-east-1.amazonaws.com.
prodextdefgreen-vggjfqmkkc-41e4710ed557329b.elb.us-east-1.amazonaws.com. 11 IN
A 52.3.144.121
prodextdefgreen-vggjfqmkkc-41e4710ed557329b.elb.us-east-1.amazonaws.com. 11 IN
A 54.165.156.197
prodextdefgreen-vggjfqmkkc-41e4710ed557329b.elb.us-east-1.amazonaws.com. 11 IN
A 44.196.175.70
;; Query time: 12 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Tue Oct 25 18:59:05 EDT 2022
;; MSG SIZE rcvd: 195
if I query at my local NS, i get NXDOMAIN response,
dig A elb-default.us-east-1.aws.dckr.io @10.53.53.53
; <<>> DiG 9.18.8 <<>> A elb-default.us-east-1.aws.dckr.io
@10.53.53.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23192
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a1d6686d7992af170100000063586abe7c0a67d1ca4adf27
(good)
;; QUESTION SECTION:
;elb-default.us-east-1.aws.dckr.io. IN A
;; Query time: 10 msec
;; SERVER: 10.53.53.53#53(10.53.53.53) (UDP)
;; WHEN: Tue Oct 25 19:01:18 EDT 2022
;; MSG SIZE rcvd: 90
easy to workaround; if i simply forward for that zone,
zone "dckr.io" IN {
type forward; forward only; forwarders
{1.1.1.1;2606:4700:4700::1111;1.0.0.1;2606:4700:4700::1001;};
};
& reload, then, local query works fine
dig A elb-default.us-east-1.aws.dckr.io @10.53.53.53
; <<>> DiG 9.18.8 <<>> A elb-default.us-east-1.aws.dckr.io
@10.53.53.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29726
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0,
ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7616190797188ad90100000063586afb58e880c12f1fb8ec
(good)
;; QUESTION SECTION:
;elb-default.us-east-1.aws.dckr.io. IN A
;; ANSWER SECTION:
elb-default.us-east-1.aws.dckr.io. 60 IN CNAME
prodextdefgreen-vggjfqmkkc-41e4710ed557329b.elb.us-east-1.amazonaws.com.
prodextdefgreen-vggjfqmkkc-41e4710ed557329b.elb.us-east-1.amazonaws.com. 60 IN
A 44.196.175.70
prodextdefgreen-vggjfqmkkc-41e4710ed557329b.elb.us-east-1.amazonaws.com. 60 IN
A 52.3.144.121
prodextdefgreen-vggjfqmkkc-41e4710ed557329b.elb.us-east-1.amazonaws.com. 60 IN
A 54.165.156.197
;; Query time: 175 msec
;; SERVER: 10.53.53.53#53(10.53.53.53) (UDP)
;; WHEN: Tue Oct 25 19:02:19 EDT 2022
;; MSG SIZE rcvd: 223
the vast majority of queries to my local server are answered correctly.
but, for three domains (so far ...) -- dock.io, netflix.com & moz.works -- i'm
having to implement these per-zone forwarding workarounds.
is there an issue here that i can fix/cure in my not-forwarding-by-default
config, so that these (and others out there too, i suppose ...) queries respond
correctly ?
if it's pebkac, dunno where to look, yet.
or is it actually a problem on for these domains' DNS, and not much i can do
about it ... other than workaround, or just default to forwarders ?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
