Hi Ondrej
I've created the issue:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3885
Best regards,
Tom
On 2/21/23 14:24, Ondřej Surý wrote:
Tom,
the ADB (Address DataBase) responsible for caching the delegations had been
heavily refactoring in 9.19 branch, I think the best course of action would be
to
fill a GitLab issue with the description, so we can follow-up there.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
On 21. 2. 2023, at 10:03, Tom <li...@verreckte-cheib.ch> wrote:
Hi list
Using BIND-9.19.10:
An A-query on our resolver for "ns2.comtronic.ch" causes the following info in the
named.log, after the first response was answered to the client and cached and then the entry is
flushed from cache with "rndc flushname ns2.comtronic.ch":
21-Feb-2023 09:23:15.463 resolver: info: loop detected resolving
'ns2.comtronic.ch/A'
The appropriate tcpdump for BIND-9.19.10 while the loop is detected looks like this
(after flushing the cached name with "rndc flushname ns2.comtronic.ch"):
# Client query
09:27:25.957381 IP 10.100.2.62.54792 > 10.100.102.21.53: 4744+ [1au] A?
ns2.comtronic.ch. (57)
# Query from the resolver to the authoritative server for A
09:27:25.957984 IP6 2001:db8::affe.20495 > 2a02:1368:1:47::53.53: 50231 [1au]
A? ns2.comtronic.ch. (45)
# Querying TLD nameserver for A and AAAA
09:27:25.958177 IP6 2001:db8::affe.13748 > 2001:678:3::1.53: 9026% [1au] AAAA?
ns2.comtronic.ch. (45)
09:27:25.958283 IP6 2001:db8::affe.2773 > 2001:678:3::1.53: 20217% [1au] A?
ns2.comtronic.ch. (45)
# Response from the authoritative
09:27:25.958684 IP6 2a02:1368:1:47::53.53 > 2001:db8::affe.20495: 50231*- 1/0/1
A 195.200.242.162 (61)
# Response back to the client
09:27:25.958915 IP 10.100.102.21.53 > 10.100.2.62.54792: 4744 1/0/1 A
195.200.242.162 (89)
# Delegations back from the TLD nameserver for the A and AAAA query
09:27:25.960140 IP6 2001:678:3::1.53 > 2001:db8::affe.13748: 9026- 0/10/10 (695)
09:27:25.960284 IP6 2001:678:3::1.53 > 2001:db8::affe.2773: 20217- 0/10/10 (695)
# Query against another authoritative for A and AAAA
09:27:25.960516 IP6 2001:db8::affe.30306 > 2a02:1368:1:48::53.53: 6112% [1au]
AAAA? ns2.comtronic.ch. (45)
09:27:25.960543 IP6 2001:db8::affe.5267 > 2a02:1368:1:48::53.53: 8517% [1au] A?
ns2.comtronic.ch. (45)
# Answer back from the authoritative (no AAAA record found for
"ns2.comtronic.ch)
09:27:25.961284 IP6 2a02:1368:1:48::53.53 > 2001:db8::affe.5267: 8517*- 1/0/1 A
195.200.242.162 (61)
09:27:25.961374 IP6 2a02:1368:1:48::53.53 > 2001:db8::affe.30306: 6112*- 0/1/1
(96)
BIND-9.19.10 behaves differently to BIND-9.18.12 regarding AAAA-Lookups.
BIND-9.18.12 doesn't query for AAAA lookup after flushing the name, where
BIND-9.19.10 always does with the same configuration..., why?
See below, here is the appropriate tcpdump with BIND-9.18.12 for a enforced "loop detection
resolving" info (after flushing the name with "rndc flushname ns2.comtronic.ch"):
# Query from the client
09:36:34.242064 IP 10.100.2.62.59765 > 10.100.102.21.53: 58600+ [1au] A?
ns2.comtronic.ch. (57)
# Query from the resolver to the authoritative
09:36:34.242787 IP6 2001:db8::affe.4717 > 2a02:1368:1:48::53.53: 26321 [1au] A?
ns2.comtronic.ch. (45)
# Query from the resolver to the TLD server
09:36:34.242880 IP6 2001:db8::affe.25272 > 2001:620:0:ff::56.53: 50695% [1au]
A? ns2.comtronic.ch. (45)
# Response back from the authoritative server
09:36:34.243673 IP6 2a02:1368:1:48::53.53 > 2001:db8::affe.4717: 26321*- 1/0/1
A 195.200.242.162 (61)
# Response back to the client
09:36:34.243841 IP 10.100.102.21.53 > 10.100.2.62.59765: 58600 1/0/1 A
195.200.242.162 (89)
# Delegation answer from the TLD server
09:36:34.244556 IP6 2001:620:0:ff::56.53 > 2001:db8::affe.25272: 50695- 0/10/10
(695)
# A 2nd query to the same authoritative
09:36:34.244750 IP6 2001:db8::affe.18083 > 2a02:1368:1:48::53.53: 21395% [1au]
A? ns2.comtronic.ch. (45)
# 2nd response back from the authoritative server
09:36:34.245246 IP6 2a02:1368:1:48::53.53 > 2001:db8::affe.18083: 21395*- 1/0/1
A 195.200.242.162 (61)
The info "loop detected resolving" is always reproducable in BIND-9.19.10 after flushing
the name "ns2.comtronic.ch", but only sporadic in BIND-9.18.12.
So my questions are:
- What does "loop detected resolving 'ns2.comtronic.ch/A' means here?
- Why is "loop detected resolving 'ns2.comtronic.ch/A'" always reproducable in
BIND-9.19.10 and sporadic in BIND-9.18.12?
- Why does BIND-9.19.10 behaves differently to BIND-9.18.12 regarding AAAA lookups after
flushing the name "ns2.comtronic.ch"?
- BIND-9.19.10 does A and AAAA lookups after flushing the name
"ns2.comtronic.ch", where BIND-9.18.12 only queries for A records
Many thanks for any hints.
Best regards,
Tom
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users