bind 9.14.1 qname-minimization

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

bind 9.14.1 qname-minimization

Bind-Users forum mailing list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The default for the qname-minimization option is relaxed, but with that,
we cannot resolve the PTR for 142.136.234.134.

dig -x 142.136.234.134 @localhost

; <<>> DiG 9.14.1 <<>> -x 142.136.234.134 @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25604
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 19827bd99b1c2e4c9b3031d25cc38cd99291547909a1072a (good)
;; QUESTION SECTION:
;134.234.136.142.in-addr.arpa.  IN  PTR



But a dig+trace works:

dig -x 142.136.234.134 +trace
....
136.142.in-addr.arpa.   86400   IN  NS  ns1.twcable.com.
136.142.in-addr.arpa.   86400   IN  NS  ns2.twcable.com.
136.142.in-addr.arpa.   10800   IN  NSEC    137.142.in-addr.arpa. NS
RRSIG NSEC
136.142.in-addr.arpa.   10800   IN  RRSIG   NSEC 5 4 10800
20190510203932 20190426193932 3402 142.in-addr.arpa.
VYmReUU/xtnUrJnsiSpl+HUeHfAsbG9YyOMFz9bkvKkY7R/N2MmJbC0j
5eWk+S31Iyqj7tvTxYRXZHWUNLDhr87PeW+5IF0noETb3CRrjX9vC3ef
NFyTR0K6Hz7Kd6fmc8qJJj0o9xthqZkdN2ugpoOzFi/AmswNKHo+Spmt GAM=
;; Received 322 bytes from 193.0.9.10#53(arin.authdns.ripe.net) in 138
ms

134.234.136.142.in-addr.arpa. 14400 IN  PTR nce.mail.chartercom.com.
234.136.142.in-addr.arpa. 500   IN  NS  cdp-wn-tm-5-01.inf.twcable.com.
;; Received 135 bytes from 165.237.86.252#53(ns1.twcable.com) in 78 ms



If we switch to qname-minimization disabled, we can resolve that:

dig -x 142.136.234.134 @localhost

; <<>> DiG 9.14.1 <<>> -x 142.136.234.134 @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27045
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e576889a026393635adb613d5cc38d31b91f6bc06bca426d (good)
;; QUESTION SECTION:
;134.234.136.142.in-addr.arpa.  IN  PTR

;; ANSWER SECTION:
134.234.136.142.in-addr.arpa. 14400 IN  PTR nce.mail.chartercom.com.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlzDjboACgkQL6j7milTFsEhjQCcCRniXDQZhyx/vXKnGplb5Qdw
EW8Ani7w4bbl7Eq8nSxFF9fWyu9JKd+T
=HJMK
-----END PGP SIGNATURE-----


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: bind 9.14.1 qname-minimization

Evan Hunt
On Fri, Apr 26, 2019 at 04:01:24PM -0700, Carl Byington via bind-users wrote:
> The default for the qname-minimization option is relaxed, but with that,
> we cannot resolve the PTR for 142.136.234.134.

That zone's pretty messed up. ns1 and ns2.twcable.com always return
REFUSED for 136.142.in-addr.arpa/NS, but they return a delegation for
234.136.142.in-addr.arpa to cdp-wn-tm-5-01.inf.twcable.com, which doesn't
exist. So named ends up treating it as a lame delegation.  I would suggest
contacting Charter Communications about this, they need to fix the zone.

"qname-minimization relaxed" really ought to be able to work around this,
though, and I thank you for bringing it up. You can file a bug report at
gitlab.isc.org/isc-projects/bind9/issues if you wish.

--
Evan Hunt -- [hidden email]
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users