Hi Ian, the first thing you should do is to contact the zone owner to fix their nameservers/load-balancer. The zone/domain might be “legit”, but its nameservers are violating the DNS protocol. Maybe you won’t have to maintain a list of exceptions.
If that doesn’t work, this is the configuration option you are looking for: https://bind9.readthedocs.io/en/latest/reference.html?highlight=Cookie#server-statement-grammar Ondrej -- Ondřej Surý — ISC > On 17 Jun 2020, at 17:22, Ian Springett <ian.spring...@giacom.com> wrote: > > > Hi > I have an issue with BIND 9.14.11 and recursive queries to one particular > domain. DIG result is SERVFAIL and ‘bad cookie’ is logged in > /var/log/messages & /var/log/named.run > > The domain has two DNS servers behind a load balancer which is causing the > bad cookie result. Would this in itself be enough to cause the SERVFAIL and > if so is there a way to have exceptions for known ‘good’ domains? > Rgds > Ian > > Ian Springett > Hosted Services Engineer > <image001.png> > Giacom World Networks Ltd > Tel: 0845 305 5577 > Fax: 01482 330194 > Email: ian.spring...@giacom.com > Website: www.giacom.com > > IMPORTANT: > Legally privileged/confidential information may be contained in this message. > If you are not the addressee(s) legally indicated in this message (or > responsible for delivery of the message to such person), you may not copy or > deliver this message to anyone. In such case, you should destroy this > message, and notify us immediately. If you or your employer does not consent > to Internet e-mail messages of this kind, please advise us immediately. > Opinions, conclusions and other information expressed in this message are not > given or endorsed by my firm or employer unless otherwise indicated by an > authorised representative independent of this message. > Please note that neither my employer nor I accept any responsibility for > viruses and it is your responsibility to scan attachments (if any). This > email and any files transmitted are confidential and intended solely for the > use of the individual or entity to which they are addressed. If you have > received this email in error, please notify me by returning the email. > > Giacom World Networks Limited, Company No 03813447 Registered in England & > Wales, Registered Office: Bridge Haven One, Saxon Way, Priory Park, Hessle, > East Yorkshire HU13 9PG. > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
