Re: qname minimization: me too :(

Wed, 19 Jun 2024 14:55:10 -0700 

On Wed, Jun 19, 2024 at 10:33:41PM +0200, Stephane Bortzmeyer wrote:
! On Wed, Jun 19, 2024 at 10:15:48PM +0200,
!  Peter <p...@citylink.dinoex.sub.org> wrote 
!  a message of 32 lines which said:
! 
! >   today I happened to look into a named.log, and found it full of
! > qname minimization messages.
! 
! Which message? Could you copy-and-paste it?

Yes, sure. I grabbed three typical cases to analyze further, and
currently trying to understand the proceedings - unsuccessfully, up
to now. :(

Case 1:
-------
Jun 19 17:42:12 <local0.info> conr named[24481]: lame-servers:
       info: success resolving '26.191.165.185.in-addr.arpa/PTR'
       after disabling qname minimization due to 'ncache nxdomain'

This one does not point back to me, but nevertheless I do not
see the lame server.

Case 2:
-------
Jun 19 18:02:44 <local0.info> conr named[24481]: lame-servers:
       info: success resolving 'reactivite.fr.intra.daemon.contact/AAAA'
       after disabling qname minimization due to 'ncache nxdomain'

Here, for whatever reason, the client was not happy with the official
answer on "reactivite.fr", and tried to append the search domain for
internal hosts on my LAN.
So this does absolutely point to me, only. The recursing LAN server
asks the authoritative LAN server (same image, different view), and
that one basically says, this is bogus.

Case 3:
-------
Jun 19 18:28:48 <local0.info> conr named[24481]: lame-servers:
       info: success resolving
       
'1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.1.0.0.3.2.f.1.0.7.4.0.1.0.0.2.ip6.arpa/PTR'
       after disabling qname minimization due to 'ncache nxdomain'

This one does also point back to me (kind of), because HE does
delegate the rDNS zones (I love them), only they do not do DNSSEC
in the rDNS. It correctly ends up at my autoritative public servers
and gets resolved.


I'm currently extracting the exact proceedings from dnstap - but I
don't get much enlighenment from them.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to