Re: Determining case of REFUSED queries

Lyle Giese via bind-users Thu, 03 Oct 2024 15:23:33 -0700

173.245.59.231 is a cloudflare name server.

I get this:


dig ns socialinnovation.ca

; <<>> DiG 9.16.50-Debian <<>> ns socialinnovation.ca
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29081
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: bc6332beb03bea8e0100000066ff17e01aa70cbb6939d99f (good)
;; QUESTION SECTION:
;socialinnovation.ca.           IN      NS

;; ANSWER SECTION:
socialinnovation.ca.    3600    IN      NS      dns.rebel.ca.
socialinnovation.ca.    3600    IN      NS      sean.ns.cloudflare.com.
socialinnovation.ca.    3600    IN      NS      kami.ns.cloudflare.com.
socialinnovation.ca.    3600    IN      NS      dns2.rebel.ca.

;; ADDITIONAL SECTION:
dns.rebel.ca.           86400   IN      A       52.3.166.104
dns2.rebel.ca.          86400   IN      A       52.10.144.165
sean.ns.cloudflare.com. 54981   IN      A       108.162.193.231
sean.ns.cloudflare.com. 54981   IN      A       172.64.33.231
sean.ns.cloudflare.com. 54981   IN      A       173.245.59.231
sean.ns.cloudflare.com. 54981   IN      AAAA    2606:4700:58::adf5:3be7
sean.ns.cloudflare.com. 54981   IN      AAAA    2803:f800:50::6ca2:c1e7
sean.ns.cloudflare.com. 54981   IN      AAAA    2a06:98c1:50::ac40:21e7

;; Query time: 156 msec
;; SERVER: 192.168.250.1#53(192.168.250.1)
;; WHEN: Thu Oct 03 17:17:04 CDT 2024
;; MSG SIZE  rcvd: 340

But a whois query for this domain only lists dns.rebel.ca anddns2.rebel.ca for name servers.

Wonder if the cloudflare server are not getting a good axfr from therebel.ca servers or something else is wrong.


Lyle Giese


On 10/3/24 16:31, J Doe wrote:

On 2024-09-19 19:17, Mark Andrews wrote:

I think the reason for the REFUSED is pretty obvious

% dig +norec google._domainkey.socialinnovation.ca @173.245.59.231 txt

; <<>> DiG 9.21.0-dev <<>> +norecgoogle._domainkey.socialinnovation.ca @173.245.59.231 txt

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 10815
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; EDE: 20 (Not Authoritative)
;; QUESTION SECTION:
;google._domainkey.socialinnovation.ca. IN TXT

;; Query time: 14 msec
;; SERVER: 173.245.59.231#53(173.245.59.231) (UDP)
;; WHEN: Fri Sep 20 09:03:48 AEST 2024
;; MSG SIZE  rcvd: 72

%

Now you just need to work out why you where asking 173.245.59.231
rather than the actual nameservers for socialinnovation.ca.

socialinnovation.ca. 86400 IN NS dns.rebel.ca.
socialinnovation.ca. 86400 IN NS dns2.rebel.ca.
dns2.rebel.ca. 86400 IN A 52.10.144.165
dns.rebel.ca. 86400 IN A 52.3.166.104



Hi Mark,

Interesting!

The only thing I can think of that may be causing this issue is that
this e-mail server makes use of SpamAssassin 4.0.0, which would be doing
lookups for DKIM, DMARC.

Has anyone noticed anything similar ?  It only seems to happen with the
socialinnovation.ca domain.

Thanks,

- J

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Determining case of REFUSED queries

Reply via email to