Re: [Pdns-users] Understanding why pdns-recursor 4.8.6 queries DS extremely often

Thu, 14 Mar 2024 00:20:54 -0700 

Hi Otto,

thank you for making me aware that abovenet blocked AS8560 on their DNS.
As of now 14MAR2024 08:16 CET they have unblocked us.

We still have Problems, but not yet enough material to describe it
precisely.

Cheers
Thomas

Am 12.03.24 um 14:45 schrieb Otto Moerbeek:

On Tue, Mar 12, 2024 at 08:43:20AM +0100, Thomas Mieslinger via Pdns-users 
wrote:


While analyzing a spam run, I found the following queries and responses
for the not delegated domain YALRDRK.net

For _dmarc.ja<> the queries and responses look as expected.

For default._bimi.jaqg<> a SERVFAIL is returned by instead of the
expected NXDOMAIN.

For _bimi.jaqgs<> the gtld nameserver is queried once which is what I
expect.

For default._bimi.jaqg<> the gtld nameservers are queried 5 times for
the DS Record. Is there a good reason to torture .net gtld Nameservers?


"PacketTime","Server","SrcIP","DstIP","QR","ResponseCode","Type","Question"
"2024-03-09 
19:31:23","::ffff:10.74.42.28","::ffff:172.19.254.2",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:23","::ffff:172.19.254.2","::ffff:10.74.42.28",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:10.74.42.31","::ffff:172.19.255.2",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:172.19.255.2","::ffff:10.74.42.31",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:10.74.42.31","::ffff:172.19.255.2",0,0,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:172.19.255.2","::ffff:10.74.42.31",1,2,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:23","::ffff:82.165.226.66","::ffff:192.42.93.30",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:23","::ffff:192.42.93.30","::ffff:82.165.226.66",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"_bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"_bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","2001:8d8:5c1:453:82:165:226:66","2001:502:8cc::30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
"2024-03-09 
19:31:55","2001:502:8cc::30","2001:8d8:5c1:453:82:165:226:66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."


dnssec=process
root-nx-trust=on
nothing-below-nxdomain=no
qname-minimization=no

If you need the full config or packetcapture, please ask.

Thanks for your insights

Cheers

Thomas


Hoi,

Probably the full config plus a trace doing the query will help more,
as it gives insight in the decision process of the recursor. I'm also
a bit confused. You say YALRDRK.net is not delegated, but I do see NS
records for it in the .net zone. Or did the delegation status of the domain 
change
recently?

;; AUTHORITY SECTION:
YALRDRK.net.            172800  IN      NS      ns11.abovedomains.com.
YALRDRK.net.            172800  IN      NS      ns12.abovedomains.com.

        -Otto

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to