[email protected] please fix the servers for sync-na.dyn.itg.com.
In message <[email protected]>, Stephan Lagerholm writes: > I'm having trouble getting Bind to create a synthetic DNS64 response for > sync-na.dyn.itg.com. although an A record exist. My Bind is configured > with DNS64: > > dns64 64:ff9b::/96 { break-dnssec yes; }; > > The auth nameservers for the domain are busted for sure. They are > returning SERVFAIL for the AAAA query > (dig @dds1.itginc.com. sync-na.dyn.itg.com. AAAA). But I would > expect Bind to fall over to creating a synthetic response, > as that is required according to RFC6147 section 5.1.2. RFC6147 has lots of faults in it including this one. Papering over broken servers does not help anyone in the long run. IPv6 is 20 years old now. If a server can't answer AAAA queries it should be fixed not worked around. It also doesn't answer TXT, MX or TLSA queries. Even if you paper over the AAAA lookup fault you can't paper over the other faults. > Am I missing something or is this a bug in Bind? I'm running bind.x86_64 > 32:9.9.4-29.el7_2.4 > > I have added three digs below, one that shows that DNS64 works properly, > then one for AAAA and one for the A record. > > Many thanks /Stephan > > > [view@CNODAL01]> dig @x.x.x.x ipv4only.arpa AAAA > ; <<>> DiG SourceT 3.x <<>> @ x.x.x.x ipv4only.arpa AAAA > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58145 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;ipv4only.arpa. IN AAAA > > ;; ANSWER SECTION: > ipv4only.arpa. 60 IN AAAA 64:ff9b::c000:ab > ipv4only.arpa. 60 IN AAAA 64:ff9b::c000:aa > > ;; Query time: 58 msec > ;; SERVER: x.x.x.x #53 (x.x.x.x) > ;; WHEN: Fri Jan 20 18:56:56 2017 > ;; MSG SIZE rcvd: 87 > > > [view@CNODAL01]> dig @ x.x.x.x sync-na.dyn.itg.com. AAAA > ; <<>> DiG SourceT 3.x <<>> @ x.x.x.x sync-na.dyn.itg.com. AAAA > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53139 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;sync-na.dyn.itg.com. IN AAAA > > ;; Query time: 2010 msec > ;; SERVER: x.x.x.x #53 (x.x.x.x) > ;; WHEN: Fri Jan 20 18:58:12 2017 > ;; MSG SIZE rcvd: 37 > > [view@CNODAL01]> dig @ x.x.x.x sync-na.dyn.itg.com. A > ; <<>> DiG SourceT 3.x <<>> @ x.x.x.x sync-na.dyn.itg.com. A > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61005 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;sync-na.dyn.itg.com. IN A > > ;; ANSWER SECTION: > sync-na.dyn.itg.com. 30 IN A 65.172.71.41 > > ;; Query time: 201 msec > ;; SERVER: x.x.x.x #53 (x.x.x.x) > ;; WHEN: Fri Jan 20 18:58:14 2017 > ;; MSG SIZE rcvd: 53 > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
