On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews <ma...@isc.org> wrote: > Spamhaus’s servers are sending back responses that do not answer the > question. Named is doing QNAME minimisation using NS queries and rather > than the servers sending back a NODATA response for the empty non-terminal > names they are sending back the NS records for the top of the zone. > > I suggest that you ask them to fix their DNS servers to correctly answer > NS queries. They appear to need to look at the query name as well as the > query type. > > This is what often happens when you write custom DNS servers. You fail to > handle some query you weren’t planning for. >
They have just recommended disabling qname-minimization altogether. Is that the right solution? It doesn't seem to be complete for me. It prints hundreds of these (presumably one for each DNS request necessary to process the email?): 18-Sep-2023 12:07:25.561 lame-servers: FORMERR resolving ' pc5eqyfskhlh55qut433gdq2gq.zrd.dq.spamhaus.net/NS/IN': 209.222.201.139#53 18-Sep-2023 12:07:25.584 resolver: DNS format error from 50.31.133.59#53 resolving mykey.zrd.dq.spamhaus.net/NS for <unknown>: reply has no answer ... then a strange line like this: 18-Sep-2023 12:13:31.606 lame-servers: success resolving 'um27qfow2knpuwx56o4otvovib2zbomydtlkuo4sktbo34cmjqvq._ file.mykey.hbl.dq.spamhaus.net/A' after disabling qname minimization due to 'failure' btw, their support really sucks. Thanks, Alex
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
