Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

Mark Andrews wrote: > While it will speed up things slightly it won’t avoid the issue as TTLs > vary. Oh, duh, I should have thought of that. Thanks for pointing it out :-) Tony. -- f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode Fisher, German

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

While it will speed up things slightly it won’t avoid the issue as TTLs vary. -- Mark Andrews > On 11 Mar 2018, at 05:30, Tony Finch wrote: > > Evan Hunt wrote: >> >> In 9.12.1 and the other upcoming maintenance releases, we've just reverted >> the change to

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

On Sat, Mar 10, 2018 at 06:30:41PM +, Tony Finch wrote: > I have said this already so I'm at risk of being a bore, but it would be > super cool if BIND could make use of the DS records (or PNEs) it gets in > referrals, instead of re-fetching them during validation. It should > provide a nice

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

Evan Hunt wrote: > > In 9.12.1 and the other upcoming maintenance releases, we've just reverted > the change to validator.c that caused the problems. (That turns out to have > the exact same effect as your patch does.) Great, that will please my user, and I can use NTAs to work

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

On 10 March 2018 at 04:08, Matus UHLAR - fantomas wrote: > Cathy Almond wrote: >> >>> The rs.dns-oarc.net zone is broken because it returns a CNAME for >>> queries at the apex. >>> >> > On 09.03.18 15:23, Tony Finch wrote: > >> I just got a problem report from

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

Cathy Almond wrote: The rs.dns-oarc.net zone is broken because it returns a CNAME for queries at the apex. On 09.03.18 15:23, Tony Finch wrote: I just got a problem report from a user who has a few personal domains with CNAME at apex that used to work (or at least appeared to

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

On Fri, Mar 09, 2018 at 03:23:33PM +, Tony Finch wrote: > Alternatively, maybe the patch below is OK? (Based on Nick @ NNEX's > observation.) My idea is that if we have been chasing a CNAME (so are at > risk of deadlock) but we are looking for a DS (so we will query the > parent) we can go

CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

Cathy Almond wrote: > > [snip] > > validating rs.dns-oarc.net/CNAME: checking existence of DS at > 'rs.dns-oarc.net' > validating rs.dns-oarc.net/CNAME: continuing validation would lead to > deadlock: aborting validation > validating rs.dns-oarc.net/CNAME: deadlock found

RE: Issue running "dig txt rs.dns-oarc.net" on 9.12

-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Cathy Almond Sent: Tuesday, February 27, 2018 4:29 AM To: bind-users@lists.isc.org Subject: Re: Issue running "dig txt rs.dns-oarc.net" on 9.12 On 22/02/2018 16:44, NNEX Support wrote: > I'm sorry to keep replying to myself

Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

On 22/02/2018 16:44, NNEX Support wrote: > I'm sorry to keep replying to myself but I believe I've found the line of > code that is causing this issue. Looking at validator.c, in the > check_deadlock function, 9.12.0rc1 says: > > ... > > if (parent->event != NULL && >

RE: Issue running "dig txt rs.dns-oarc.net" on 9.12

I'm sorry to keep replying to myself but I believe I've found the line of code that is causing this issue. Looking at validator.c, in the check_deadlock function, 9.12.0rc1 says: ... if (parent->event != NULL && parent->event->type == type &&

RE: Issue running "dig txt rs.dns-oarc.net" on 9.12

-Original Message- From: NNEX Support Sent: Thursday, February 22, 2018 8:21 AM To: 'bind-users@lists.isc.org' Subject: RE: Issue running "dig txt rs.dns-oarc.net" on 9.12 Just wanted to follow up 9.12.1b1 fixes this issue for me. Than

RE: Issue running "dig txt rs.dns-oarc.net" on 9.12

Just wanted to follow up 9.12.1b1 fixes this issue for me. Thanks, -Nick ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org

RE: Issue running "dig txt rs.dns-oarc.net" on 9.12

[…] If you want to understand why your resolver is failing, again I'd have a look at the 'resolver' log channel.  It should have some detail about what's resulting in the SERVFAIL message. […] I took a look at the ‘resolver’ log channel.  I didn’t find any useful information there, just:

Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

The DNS-OARC reply size tester doesn't work with versions of BIND that are 9.10 and newer. This is because of the new probing process that we implemented that should be more resilient. But it does unfortunately 'break' getting sane results from the DNS-OARC reply size tester.

Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

On 27 January 2018 at 19:11, Matthew Pounsett wrote: > The only thing I can think of that has changed in that time, which has > ever caused me query issues, is the addition of DNS cookies in the default > query. Some broken authoritative servers will incorrectly respond with

Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

On 27 January 2018 at 16:24, NNEX Support wrote: > Good thought but no luck, it doesn’t matter how many times I run “dig txt > rs.dns-oarc.net” or how long I wait it continues to SERVFAIL until I run > "dig txt rs.dns-oarc.net +trace" Interestingly I've found that running >

RE: Issue running "dig txt rs.dns-oarc.net" on 9.12

Good thought but no luck, it doesn’t matter how many times I run “dig txt rs.dns-oarc.net” or how long I wait it continues to SERVFAIL until I run "dig txt rs.dns-oarc.net +trace" Interestingly I've found that running "dig txt dns-oarc.net +trace" isn't enough to fix it, I actually have to run

Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

On 26 January 2018 at 16:23, NNEX Support wrote: > I'm sure I'm doing something wrong, but for the life of me I can't figure > out what. I'm running named 9.12 in a simple recursive setup (built from > source on CentOS 7). > > [...] > When I try to run "dig txt

Issue running "dig txt rs.dns-oarc.net" on 9.12

I'm sure I'm doing something wrong, but for the life of me I can't figure out what. I'm running named 9.12 in a simple recursive setup (built from source on CentOS 7). In named.conf I've set: dnssec-enable yes; dnssec-validation auto; When I try to run "dig txt rs.dns-oarc.net"