Specifically in this case the incorrect chain starts here: > $ dig IN AAAA feedback-smtp.us-east-1.amazonses.com @ns-265.awsdns-33.com. > > ; <<>> DiG 9.21.8-1+0~20250521.138+debian12~1.gbpefbbeb-Debian <<>> IN AAAA > feedback-smtp.us-east-1.amazonses.com @ns-265.awsdns-33.com. > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11817 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;feedback-smtp.us-east-1.amazonses.com. IN AAAA > > ;; AUTHORITY SECTION: > feedback-smtp.us-east-1.amazonses.com. 60 IN NS ns-1244.awsdns-27.org. > feedback-smtp.us-east-1.amazonses.com. 60 IN NS ns-1739.awsdns-25.co.uk. > feedback-smtp.us-east-1.amazonses.com. 60 IN NS ns-82.awsdns-10.com. > feedback-smtp.us-east-1.amazonses.com. 60 IN NS ns-968.awsdns-57.net. > > ;; Query time: 28 msec > ;; SERVER: 2600:9000:5301:900::1#53(ns-265.awsdns-33.com.) (UDP) > ;; WHEN: Sat Jul 05 05:59:17 CEST 2025 > ;; MSG SIZE rcvd: 202
This delegates the whole **feedback-smtp.us-east-1.amazonses.com.** to the set of these 4 nameservers, but if you ask one of these: $ dig IN AAAA feedback-smtp.us-east-1.amazonses.com @ns-1244.awsdns-27.org. > ; <<>> DiG 9.21.8-1+0~20250521.138+debian12~1.gbpefbbeb-Debian <<>> IN AAAA > feedback-smtp.us-east-1.amazonses.com @ns-1244.awsdns-27.org. > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16354 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;feedback-smtp.us-east-1.amazonses.com. IN AAAA > > ;; AUTHORITY SECTION: > us-east-1.amazonses.com. 900 IN SOA ns-968.awsdns-57.net. > awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 > > ;; Query time: 32 msec > ;; SERVER: 2600:9000:5304:dc00::1#53(ns-1244.awsdns-27.org.) (UDP) > ;; WHEN: Sat Jul 05 06:00:39 CEST 2025 > ;; MSG SIZE rcvd: 147 It returns soa with **us-east-1.amazonses.com.** as the owner of the SOA record. As the previous delegation also included "feedback.", this is matches the log message you've been seeing as > us-east-1.amazonses.com. can't really be subdomain of something deeper in the tree: > feedback-smtp.us-east-1.amazonses.com. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 4. 7. 2025, at 10:17, Florian Piekert via bind-users > <bind-users@lists.isc.org> wrote: > > Hello and many thanks for the quick all-answering response! > > Thanks for Greg as well, I leave it to Petr's answer then :-) > > > Am 04.07.2025 um 10:13 schrieb Petr Špaček: >> On 04. 07. 25 9:56, Florian Piekert via bind-users wrote: >>> Hello all, >>> >>> I frequently have this in my logs >>> >>> May 4 14:29:16 sonne named[4035767]: DNS format error from >>> 2600:9000:5303:c800::1#53 resolving feedback-smtp.us- >>> east-1.amazonses.com/AAAA for 127.0.0.1#44099: Name us- >>> east-1.amazonses.com (SOA) not subdomain of zone feedback-smtp.us- >>> east-1.amazonses.com -- invalid response > ... >>> May 4 14:29:16 sonne named[4035767]: DNS format error from >>> 205.251.192.82#53 resolving feedback-smtp.us-east-1.amazonses.com/AAAA for >>> 127.0.0.1#44099: Name us-east-1.amazonses.com (SOA) not subdomain of zone >>> feedback-smtp.us-east-1.amazonses.com -- invalid response >>> >>> and was wondering IF there is a misconfiguration on my bind? >> No, it's misconfiguration on the auth side. See e.g. >> https://lists.isc.org/pipermail/bind-users/2021-January/104064.html >> for an explanation. > > Florian > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
