What’s the bug here? It correctly reports broken upstream DNS servers. Ondřej -- Ondřej Surý <ond...@sury.org> (He/Him)
> On 25. 9. 2023, at 20:09, Thomas Leuxner <t...@leuxner.net> wrote: > > Package: bind9 > Version: 1:9.18.19-1~deb12u1 > Severity: normal > > Dear Maintainer, > > The latest update introduces the following qname related warnings (plenty of): > > Sep 24 00:05:00 edi named[3799059]: DNS format error from 2a02:27aa::278#53 > resolving k5oncgnszt7szhzfce6cf5wdmi.zen.dq.spamhaus.net/NS for <unknown>: > reply has no answer > Sep 24 00:05:00 edi named[3799059]: success resolving > '1.0.0.127.k5oncgnszt7szhzfce6cf5wdmi.zen.dq.spamhaus.net/A' after disabling > qname minimization due to 'failure' > Sep 24 00:31:24 edi named[3799059]: success resolving > '1.0.0.127.rep.mailspike.net/A' after disabling qname minimization due to > 'ncache nxdomain' > > Disabling 'qname-minimization' silences the warnings, but it certainly looks > like an undesired side-effect of the patch. > > view "internal" { > match-clients { internal_hosts; trusted_hosts; }; > minimal-responses yes; > qname-minimization off; > recursion yes; > } > > Regards > Thomas