Hi, I have a fedora38 server with bind-9.18.17 and receiving the following log entries for virtually every query (where "mykey" is my registered spamhaus DQS key): 07-Sep-2023 14:30:13.608 lame-servers: FORMERR resolving ' mykey.hbl.dq.spamhaus.net/NS/IN': 66.42.94.100#53 07-Sep-2023 14:30:13.625 resolver: DNS format error from 143.215.143.8#53 resolving mykey.hbl.dq.spamhaus.net/NS for <unknown>: reply has no answer 07-Sep-2023 14:30:13.625 lame-servers: FORMERR resolving ' mykey.hbl.dq.spamhaus.net/NS/IN': 143.215.143.8#53 07-Sep-2023 14:30:13.628 lame-servers: success resolving 'psnobcays3v2r52vapfv5fgvr6pgd6znvuzyhe5ktid3ty3oai4q._ file.mykey.hbl.dq.spamhaus.net/A' after disabling qname minimization due to 'failure'
07-Sep-2023 14:39:30.214 lame-servers: success resolving ' 22.10.223.192.bl.spamcop.net/A' after disabling qname minimization due to 'ncache nxdomain' For some reason my config isn't ignoring lame-servers, but it does look relevant and related to the resolver errors. I've tried to experiment with including "minimal responses yes;" in my config, based on some reading about a similar issue years ago, but it doesn't change anything. This nameserver provides DNS across a VPN link to a remote system on a cable modem because having the server (also fedora38) query DNS directly on a cable modem was resulting in some other weird errors. Any ideas greatly appreciated. acl "trusted" { { 127/8; }; { 68.195.44.40/29; }; { 147.135.111.126; }; }; options { listen-on port 53 { 127.0.0.1; 147.135.111.126; }; listen-on-v6 port 53 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { trusted; }; allow-query-cache { trusted; }; minimal-responses yes; recursion yes; managed-keys-directory "/var/named/dynamic"; geoip-directory "/usr/share/GeoIP"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; include "/etc/crypto-policies/back-ends/bind.config"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; channel named_debug { severity dynamic; file "/var/log/named.debug.log" versions 2 size 100m; print-time yes; print-category yes; }; category default { named_debug; }; channel query_info { severity info; file "/var/log/named.query.log" versions 3 size 5m; print-time yes; print-category yes; }; category queries { query_info; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users