Hi Ondrej I've created the issue: https://gitlab.isc.org/isc-projects/bind9/-/issues/3885
Best regards, Tom On 2/21/23 14:24, Ondřej Surý wrote:
Tom, the ADB (Address DataBase) responsible for caching the delegations had been heavily refactoring in 9.19 branch, I think the best course of action would be to fill a GitLab issue with the description, so we can follow-up there. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.On 21. 2. 2023, at 10:03, Tom <li...@verreckte-cheib.ch> wrote: Hi list Using BIND-9.19.10: An A-query on our resolver for "ns2.comtronic.ch" causes the following info in the named.log, after the first response was answered to the client and cached and then the entry is flushed from cache with "rndc flushname ns2.comtronic.ch": 21-Feb-2023 09:23:15.463 resolver: info: loop detected resolving 'ns2.comtronic.ch/A' The appropriate tcpdump for BIND-9.19.10 while the loop is detected looks like this (after flushing the cached name with "rndc flushname ns2.comtronic.ch"): # Client query 09:27:25.957381 IP 10.100.2.62.54792 > 10.100.102.21.53: 4744+ [1au] A? ns2.comtronic.ch. (57) # Query from the resolver to the authoritative server for A 09:27:25.957984 IP6 2001:db8::affe.20495 > 2a02:1368:1:47::53.53: 50231 [1au] A? ns2.comtronic.ch. (45) # Querying TLD nameserver for A and AAAA 09:27:25.958177 IP6 2001:db8::affe.13748 > 2001:678:3::1.53: 9026% [1au] AAAA? ns2.comtronic.ch. (45) 09:27:25.958283 IP6 2001:db8::affe.2773 > 2001:678:3::1.53: 20217% [1au] A? ns2.comtronic.ch. (45) # Response from the authoritative 09:27:25.958684 IP6 2a02:1368:1:47::53.53 > 2001:db8::affe.20495: 50231*- 1/0/1 A 195.200.242.162 (61) # Response back to the client 09:27:25.958915 IP 10.100.102.21.53 > 10.100.2.62.54792: 4744 1/0/1 A 195.200.242.162 (89) # Delegations back from the TLD nameserver for the A and AAAA query 09:27:25.960140 IP6 2001:678:3::1.53 > 2001:db8::affe.13748: 9026- 0/10/10 (695) 09:27:25.960284 IP6 2001:678:3::1.53 > 2001:db8::affe.2773: 20217- 0/10/10 (695) # Query against another authoritative for A and AAAA 09:27:25.960516 IP6 2001:db8::affe.30306 > 2a02:1368:1:48::53.53: 6112% [1au] AAAA? ns2.comtronic.ch. (45) 09:27:25.960543 IP6 2001:db8::affe.5267 > 2a02:1368:1:48::53.53: 8517% [1au] A? ns2.comtronic.ch. (45) # Answer back from the authoritative (no AAAA record found for "ns2.comtronic.ch) 09:27:25.961284 IP6 2a02:1368:1:48::53.53 > 2001:db8::affe.5267: 8517*- 1/0/1 A 195.200.242.162 (61) 09:27:25.961374 IP6 2a02:1368:1:48::53.53 > 2001:db8::affe.30306: 6112*- 0/1/1 (96) BIND-9.19.10 behaves differently to BIND-9.18.12 regarding AAAA-Lookups. BIND-9.18.12 doesn't query for AAAA lookup after flushing the name, where BIND-9.19.10 always does with the same configuration..., why? See below, here is the appropriate tcpdump with BIND-9.18.12 for a enforced "loop detection resolving" info (after flushing the name with "rndc flushname ns2.comtronic.ch"): # Query from the client 09:36:34.242064 IP 10.100.2.62.59765 > 10.100.102.21.53: 58600+ [1au] A? ns2.comtronic.ch. (57) # Query from the resolver to the authoritative 09:36:34.242787 IP6 2001:db8::affe.4717 > 2a02:1368:1:48::53.53: 26321 [1au] A? ns2.comtronic.ch. (45) # Query from the resolver to the TLD server 09:36:34.242880 IP6 2001:db8::affe.25272 > 2001:620:0:ff::56.53: 50695% [1au] A? ns2.comtronic.ch. (45) # Response back from the authoritative server 09:36:34.243673 IP6 2a02:1368:1:48::53.53 > 2001:db8::affe.4717: 26321*- 1/0/1 A 195.200.242.162 (61) # Response back to the client 09:36:34.243841 IP 10.100.102.21.53 > 10.100.2.62.59765: 58600 1/0/1 A 195.200.242.162 (89) # Delegation answer from the TLD server 09:36:34.244556 IP6 2001:620:0:ff::56.53 > 2001:db8::affe.25272: 50695- 0/10/10 (695) # A 2nd query to the same authoritative 09:36:34.244750 IP6 2001:db8::affe.18083 > 2a02:1368:1:48::53.53: 21395% [1au] A? ns2.comtronic.ch. (45) # 2nd response back from the authoritative server 09:36:34.245246 IP6 2a02:1368:1:48::53.53 > 2001:db8::affe.18083: 21395*- 1/0/1 A 195.200.242.162 (61) The info "loop detected resolving" is always reproducable in BIND-9.19.10 after flushing the name "ns2.comtronic.ch", but only sporadic in BIND-9.18.12. So my questions are: - What does "loop detected resolving 'ns2.comtronic.ch/A' means here? - Why is "loop detected resolving 'ns2.comtronic.ch/A'" always reproducable in BIND-9.19.10 and sporadic in BIND-9.18.12? - Why does BIND-9.19.10 behaves differently to BIND-9.18.12 regarding AAAA lookups after flushing the name "ns2.comtronic.ch"? - BIND-9.19.10 does A and AAAA lookups after flushing the name "ns2.comtronic.ch", where BIND-9.18.12 only queries for A records Many thanks for any hints. Best regards, Tom -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
