On 2/6/23 7:59, Nick Tait via bind-users wrote:
On 2/06/23 15:02, Jesus Cea wrote:
What I get from your reply is that BIND is not expected to do anything
about this. It is a bit disappointed but I agree that BIND is doing
the right thing. Too bad big players don't care. But I need to "solve"
this, so dropping BIND (nooo!) or patching software is on my table now.
Don't know if it will work, but something to try could be to create a
forwarding zone for each of the zones that is having this problem, and
forward the queries to (e.g.) Google? In theory that would cause BIND to
ask Google for the answer instead of working it out for itself?
It doesn't work, because Google (8.8.8.8) is giving back exactly what
huawei provides (a NODATA reply, with an invalid SOA in the
authoritative section) and BIND "verifying" resolver detects the problem
and reply to the DNS client with a (correct but inconvenient) SERVFAIL.
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
j...@jcea.es - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:j...@jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
