Re: question about unwind

2019-04-07 Thread Peter J. Philipp 
Hi,

hold off on this question I may have located something wrong in my
authoritative dns server that I program and maintain.

dig @yellow.centroid.eu +dnssec 2019.schweinfurtdating.de 

gives a wrong answer and has nothing to do with unwind.  Sorry partially
because it made me look closer, but sorry for the noise.

Regards,
-peter

On Sun, Apr 07, 2019 at 04:06:20PM +0200, Peter J. Philipp wrote:
> Hi,
> 
> A few days ago I had some trouble resolving my website schweinfurtdating.de
> from home.  Chrome running on OpenBSD-current from March 18th would report
> NXDOMAIN.  I had to reload a few times to get the webpage, it was a weird
> experience.  Since I run a very unique dns setup with TSIG'ed BIND nameservers
> at first I thought it was anywhere between application layer and those servers
> inbetween.
> 
> However when I checked schweinfurtdating.de today the image refused to load 
> and I found that very weird.  I happen to run a log of the lookups and found 
> this:
> 
> Apr  7 15:30:09 yellow delphinusdnsd[9644]: request on descriptor 16 
> interface "
> 2001:19f0:6c01:1fad::1" from 2003:cb:3fff:4c23:b7c7:eef2:da93:5f15 (ttl=56, 
> regi
> on=8) for "2019.schweinfurtdating.de." type=(28) class=1, edns0, 
> dnssecok, a
> nswering "2019.schweinfurtdating.de." (54/54) 
>  
> Apr  7 15:30:09 yellow delphinusdnsd[85741]: request on descriptor 3 
> interface "
> 2001:19f0:6c01:1fad::1" from 2003:cb:3fff:4c23:b7c7:eef2:da93:5f15 (ttl=TCP, 
> reg
> ion=8) for "2019.schweinfurtdating.de." type=(28) class=1, edns0, 
> dnssecok,
>  answering "2019.schweinfurtdating.de." (54/56)   
>  
> Apr  7 15:30:09 yellow delphinusdnsd[9644]: request on descriptor 16 
> interface $
> 2001:19f0:6c01:1fad::1" from 2003:cb:3fff:4c23:b7c7:eef2:da93:5f15 (ttl=56, 
> reg$
> on=8) for "de.centroid.eu." type=A(1) class=1, edns0, dnssecok, answering 
> "NXDO$
> AIN" 
> 
> So there is a lookup right after 2019.schweinfurtdating.de from the same IP6 
> that isn't even in my forwarders and my server replied with NXDOMAIN.  I 
> hunted through my html text to see
> where it got de.centroid.eu from and it doesn't exist.  So I'm wondering if
> unwind is somehow generating the lookup for de.centroid.eu falsely and somehow
> influencing chrome?  Perhaps treating a lookup as an NXDOMAIN'ed answer?
> 
> My /etc/unwind.conf file looks like this:
> 
> beta$ more /etc/unwind.conf
> forwarder 192.168.177.3
> 
> And somehow unwind is not preferring the forwarder for some reason.  Is this
> a misconfig on my end?   I want it to always use 192.168.177.3, as otherwise
> the DNS travels through DTAG (telekom.de), and I don't want that.  The log
> does state though it came from DTAG.
> 
> Many questions in one, I'm trying to figure out what went wrong that day and
> this lookup today.
> 
> Regards,
> -peter

question about unwind

2019-04-07 Thread Peter J. Philipp 
Hi,

A few days ago I had some trouble resolving my website schweinfurtdating.de
from home.  Chrome running on OpenBSD-current from March 18th would report
NXDOMAIN.  I had to reload a few times to get the webpage, it was a weird
experience.  Since I run a very unique dns setup with TSIG'ed BIND nameservers
at first I thought it was anywhere between application layer and those servers
inbetween.

However when I checked schweinfurtdating.de today the image refused to load 
and I found that very weird.  I happen to run a log of the lookups and found 
this:

Apr  7 15:30:09 yellow delphinusdnsd[9644]: request on descriptor 16 interface "
2001:19f0:6c01:1fad::1" from 2003:cb:3fff:4c23:b7c7:eef2:da93:5f15 (ttl=56, regi
on=8) for "2019.schweinfurtdating.de." type=(28) class=1, edns0, dnssecok, a
nswering "2019.schweinfurtdating.de." (54/54)  
Apr  7 15:30:09 yellow delphinusdnsd[85741]: request on descriptor 3 interface "
2001:19f0:6c01:1fad::1" from 2003:cb:3fff:4c23:b7c7:eef2:da93:5f15 (ttl=TCP, reg
ion=8) for "2019.schweinfurtdating.de." type=(28) class=1, edns0, dnssecok,
 answering "2019.schweinfurtdating.de." (54/56)
Apr  7 15:30:09 yellow delphinusdnsd[9644]: request on descriptor 16 interface $
2001:19f0:6c01:1fad::1" from 2003:cb:3fff:4c23:b7c7:eef2:da93:5f15 (ttl=56, reg$
on=8) for "de.centroid.eu." type=A(1) class=1, edns0, dnssecok, answering "NXDO$
AIN" 

So there is a lookup right after 2019.schweinfurtdating.de from the same IP6 
that isn't even in my forwarders and my server replied with NXDOMAIN.  I 
hunted through my html text to see
where it got de.centroid.eu from and it doesn't exist.  So I'm wondering if
unwind is somehow generating the lookup for de.centroid.eu falsely and somehow
influencing chrome?  Perhaps treating a lookup as an NXDOMAIN'ed answer?

My /etc/unwind.conf file looks like this:

beta$ more /etc/unwind.conf
forwarder 192.168.177.3

And somehow unwind is not preferring the forwarder for some reason.  Is this
a misconfig on my end?   I want it to always use 192.168.177.3, as otherwise
the DNS travels through DTAG (telekom.de), and I don't want that.  The log
does state though it came from DTAG.

Many questions in one, I'm trying to figure out what went wrong that day and
this lookup today.

Regards,
-peter