Working around servers that drop queries causes problems for zones that do have
protocol compliant servers. The workarounds cause problems with getting
DNSSEC responses wic leads to validation failures.
--
Mark Andrews
> On 13 May 2022, at 22:58, Paul Stead <paul.st...@gmail.com> wrote:
>
>
> Further to this, I've discovered that disabling DNS cookies also seems to
> help with resolution -
>
> $ dig +nocookie +timeout=1 +retries=0 IN A myapplication.glbaa.barclays.com.
> @ns21.barclays.com.
>
> Maybe the send-cookie option could be investigated? YMMV..
>
> On a side note other recursive DNS software seem to fall back gracefully and
> resolve these problems
>
> Paul
>
> On Fri, 13 May 2022 at 13:51, Paul Stead <paul.st...@gmail.com> wrote:
>> I have noticed this, too,
>>
>> The problem seems to be related to edns - disabling edns for the upstream
>> servers looks to resolve the issue, this can be seen with later versions of
>> dig -
>>
>> $ dig +noedns +timeout=1 +retries=0 IN A myapplication.glbaa.barclays.com.
>> @ns21.barclays.com.
>>
>> I have config along the lines of -
>>
>> server 157.83.102.245 {
>> edns no;
>> };
>>
>> for each of the problematic upstreams. I contacted Barclays a few months ago
>> about this, but never got a solid response.
>>
>> Paul
>>
>> On Fri, 13 May 2022 at 13:12, Ondřej Surý <ond...@isc.org> wrote:
>>> Hi Rainer,
>>>
>>> I believe this is unrelated to any upgrade. The nameservers for the domain
>>> are broken:
>>>
>>> $ dig IN A myapplication.international.barclays.com @ns2.barcap.com.
>>>
>>> ; <<>> DiG 9.19.0-1+0~20220421.76+debian10~1.gbpa71ef8-Debian <<>> IN A
>>> myapplication.international.barclays.com @ns2.barcap.com.
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26288
>>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
>>> ;; WARNING: recursion requested but not available
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 1220
>>> ; COOKIE: 1154fcda62fc8122973932b0627e4a9e96eef4cf1d850adf (good)
>>> ;; QUESTION SECTION:
>>> ;myapplication.international.barclays.com. IN A
>>>
>>> ;; ANSWER SECTION:
>>> myapplication.international.barclays.com. 900 IN CNAME
>>> myapplication.glbaa.barclays.com.
>>>
>>> ;; AUTHORITY SECTION:
>>> glbaa.barclays.com. 900 IN NS ns22.barclays.net.
>>> glbaa.barclays.com. 900 IN NS ns21.barclays.com.
>>> glbaa.barclays.com. 900 IN NS ns24.barclays.net.
>>> glbaa.barclays.com. 900 IN NS ns23.barclays.com.
>>>
>>> ;; ADDITIONAL SECTION:
>>> ns21.barclays.com. 900 IN A 157.83.102.245
>>> ns23.barclays.com. 900 IN A 157.83.126.245
>>> ns22.barclays.net. 600 IN A 157.83.102.246
>>> ns24.barclays.net. 600 IN A 157.83.126.246
>>>
>>> ;; Query time: 196 msec
>>> ;; SERVER: 141.228.196.129#53(ns2.barcap.com.) (UDP)
>>> ;; WHEN: Fri May 13 14:08:49 CEST 2022
>>> ;; MSG SIZE rcvd: 283
>>>
>>>
>>> and the nameservers itself just timeout:
>>>
>>> $ dig +timeout=1 +retries=0 IN A myapplication.glbaa.barclays.com.
>>> @ns21.barclays.com.
>>>
>>> ; <<>> DiG 9.19.0-1+0~20220421.76+debian10~1.gbpa71ef8-Debian <<>> +timeout
>>> +retries IN A myapplication.glbaa.barclays.com. @ns21.barclays.com.
>>> ;; global options: +cmd
>>> ;; connection timed out; no servers could be reached
>>>
>>>
>>> DNSVIZ gives the same result:
>>>
>>> https://dnsviz.net/d/myapplication.glbaa.barclays.com/dnssec/
>>>
>>> • glbaa.barclays.com zone: The server(s) were not responsive to
>>> queries over UDP. (157.83.102.245, 157.83.102.246, 157.83.126.245,
>>> 157.83.126.246)
>>>
>>> Ondrej
>>> --
>>> Ondřej Surý (He/Him)
>>> ond...@isc.org
>>>
>>> My working hours and your working hours may be different. Please do not
>>> feel obligated to reply outside your normal working hours.
>>>
>>> > On 13. 5. 2022, at 13:54, Rainer Duffner <rai...@ultra-secure.de> wrote:
>>> >
>>> > Hi,
>>> >
>>> > at work, I have a problem resolving the following domain:
>>> >
>>> > myapplication.international.barclays.com
>>> >
>>> >
>>> > BIND 9.16.27, FreeBSD 12.3-P5.
>>> > 2022Q2 ports.
>>> >
>>> >
>>> > I copied the config to a VM at home - but it did not work there, either.
>>> >
>>> > I believe it must have happened on the update from BIND 9.16.26 to
>>> > 9.16.27.
>>> >
>>> >
>>> > options {
>>> > directory "/usr/local/etc/namedb/working";
>>> > pid-file "/var/run/named/pid";
>>> > dump-file "/var/dump/named_dump.db";
>>> > statistics-file "/var/stats/named.stats";
>>> > allow-recursion {"rec";};
>>> > allow-query-cache { localhost; "rec" ; };
>>> > // CIS recommended:
>>> > // serverid none;
>>> > // dnssec-enable yes;
>>> > // dnssec-validation auto;
>>> > // dnssec-accept-expired no;
>>> >
>>> > listen-on { 192.168.1.61; };
>>> >
>>> > disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
>>> > disable-empty-zone
>>> > "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
>>> > disable-empty-zone
>>> > "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
>>> >
>>> > };
>>> >
>>> > acl rec {
>>> > 127.0.0.0/8;
>>> > 192.168.1.0/24;
>>> > ::1;
>>> > };
>>> >
>>> > /* Serving the following zones locally will prevent any queries
>>> > for these zones leaving your network and going to the root
>>> > name servers. This has two significant advantages:
>>> > 1. Faster local resolution for your users
>>> > 2. No spurious traffic will be sent from your network to the roots
>>> > */
>>> > // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
>>> > zone "localhost" { type master; file
>>> > "/usr/local/etc/namedb/master/localhost-forward.db"; };
>>> > zone "127.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/localhost-reverse.db"; };
>>> > zone "255.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
>>> > zone "0.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/localhost-reverse.db"; };
>>> >
>>> > // "This" Network (RFCs 1912, 5735 and 6303)
>>> > zone "0.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Private Use Networks (RFCs 1918, 5735 and 6303)
>>> > zone "10.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "16.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "17.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "18.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "19.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "20.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "21.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "22.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "23.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "24.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "25.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "26.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "27.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "28.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "29.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "30.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "31.172.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "168.192.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Shared Address Space (RFC 6598)
>>> > zone "64.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "65.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "66.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "67.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "68.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "69.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "70.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "71.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "72.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "73.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "74.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "75.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "76.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "77.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "78.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "79.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "80.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "81.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "82.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "83.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "84.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "85.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "86.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "87.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "88.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "89.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "90.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "91.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "92.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "93.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "94.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "95.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "96.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "97.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "98.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "99.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "100.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "101.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "102.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "103.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "104.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "105.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "106.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "107.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "108.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "109.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "110.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "111.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "112.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "113.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "114.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "115.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "116.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "117.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "118.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "119.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "120.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "121.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "122.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "123.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "124.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "125.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "126.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "127.100.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Link-local/APIPA (RFCs 3927, 5735 and 6303)
>>> > zone "254.169.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IETF protocol assignments (RFCs 5735 and 5736)
>>> > zone "0.0.192.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
>>> > zone "2.0.192.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "100.51.198.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "113.0.203.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
>>> > zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Domain Names for Documentation and Testing (BCP 32)
>>> > zone "test" { type master; file "/usr/local/etc/namedb/master/empty.db";
>>> > };
>>> > zone "example" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "invalid" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "example.com" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "example.net" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "example.org" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Router Benchmark Testing (RFCs 2544 and 5735)
>>> > zone "18.198.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "19.198.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IANA Reserved - Old Class E Space (RFC 5735)
>>> > zone "240.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "241.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "242.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "243.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "244.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "245.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "246.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "247.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "248.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "249.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "250.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "251.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "252.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "253.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "254.in-addr.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 Unassigned Addresses (RFC 4291)
>>> > zone "1.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "3.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "4.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "5.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "6.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "7.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "8.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "9.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "a.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "b.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "c.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "d.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "e.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "0.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "1.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "2.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "3.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "4.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "5.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "6.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "7.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "8.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "9.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "a.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "b.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "0.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "1.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "2.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "3.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "4.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "5.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "6.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "7.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 ULA (RFCs 4193 and 6303)
>>> > zone "c.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "d.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 Link Local (RFCs 4291 and 6303)
>>> > zone "8.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "9.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "a.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "b.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
>>> > zone "c.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "d.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "e.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "f.e.f.ip6.arpa" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IP6.INT is Deprecated (RFC 4159)
>>> > zone "ip6.int" { type master; file
>>> > "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> >
>>> > include "/usr/local/etc/namedb/log.conf“;
>>> > (bind-unbound-test <namedb>) 0 # drill @192.168.1.61
>>> > myapplication.international.barclays.com
>>> > ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 3215
>>> > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>> > ;; QUESTION SECTION:
>>> > ;; myapplication.international.barclays.com. IN A
>>> >
>>> > ;; ANSWER SECTION:
>>> >
>>> > ;; AUTHORITY SECTION:
>>> >
>>> > ;; ADDITIONAL SECTION:
>>> >
>>> > ;; Query time: 10056 msec
>>> > ;; SERVER: 192.168.1.61
>>> > ;; WHEN: Fri May 13 13:50:00 2022
>>> > ;; MSG SIZE rcvd: 58
>>> > (bind-unbound-test <namedb>) 0 #
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>>> > from this list
>>> >
>>> > ISC funds the development of this software with paid support
>>> > subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> > information.
>>> >
>>> >
>>> > bind-users mailing list
>>> > bind-users@lists.isc.org
>>> > https://lists.isc.org/mailman/listinfo/bind-users
>>>
>>> --
>>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
>>> this list
>>>
>>> ISC funds the development of this software with paid support subscriptions.
>>> Contact us at https://www.isc.org/contact/ for more information.
>>>
>>>
>>> bind-users mailing list
>>> bind-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
