Hello,
I was testing / debugging some sub-zone delegation for a friend's domain
(something about email marketing service that want's their clients to
delegate a subzone to their NSs) and couldn't quite see the issue -
apart from my local resolver reporting 'SERVFAIL':
; <<>> DiG 9.18.33 <<>> ns send.dom24.si
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:*SERVFAIL*, id: 62197
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 58d59532ac7efb7b0100000067b6d70ac2a22d96114e96b0 (good)
;; QUESTION SECTION:
;send.dom24.si. IN NS
I eventually figured out that the target NS servers that should host the
delegated sub-zone, refuse the query - probably they're not yet configured:
; <<>> DiG 9.18.33 <<>> ns send.dom24.si*@ns1.klaviyo.com.*
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:*REFUSED,* id: 21094
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;send.dom24.si. IN NS
But then I tried using Google's 8.8.8.8 and Cloudflare's 1.1.1.1 and
they provide more info that I can see directly in dig's output:
; <<>> DiG 9.18.33 <<>> ns send.dom24.si @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33277
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
*; EDE: 23 (Network Error): ([205.251.196.237] rcode=REFUSED for
send.dom24.si/ns) ; EDE: 23 (Network Error): ([205.251.192.111]
rcode=REFUSED for send.dom24.si/ns) ; EDE: 23 (Network Error):
([205.251.195.79] rcode=REFUSED for send.dom24.si/ns) ; EDE: 23 (Network
Error): ([205.251.198.128] rcode=REFUSED for send.dom24.si/ns) ; EDE: 22
(No Reachable Authority): (At delegation send.dom24.si for send.dom24.si/ns)*
;; QUESTION SECTION:
;send.dom24.si. IN NS
; <<>> DiG 9.18.33 <<>> ns send.dom24.si @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18432
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
*; EDE: 22 (No Reachable Authority): (at delegation send.dom24.si.) ;
EDE: 23 (Network Error): (205.251.198.128:53 rcode=REFUSED for
send.dom24.si NS)*
;; QUESTION SECTION:
;send.dom24.si. IN NS
I thought that's neat and started digging (pun intended) in docs if Bind
could be configured to provide something like that (ideally just for my
'inside' view), but I couldn't find anything.
Is there a way to have Bind report such info through dig?
Danilo
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
