Hi MichaĆ,
Thanks for the ack.
> This sounds a bit like #336 [1],
Nope - we got bit by that when we upgraded
to 9.12, which is what resulted in the explicit
config for rrset-order.
> If you can still reproduce this with current
> master (or with current v9_12 branch), please
> open a new GitLab
Hi folks,
I have a funny issue that looks buggish
to me. I have an RRSET with two
A records that our auth DNS servers happily
round-robin, which can be observed with
dig unix.lt.ucsc.edu @adns1.ucsc.edu
However, our recursive DNS servers, with
the same rrset-order config will not round-robin
th
Hi Mark,
I know this is the wrong list for this
discussion, but I wanted to reply on
general principles. I lurk on the v6ops
list so know you think about this stuff
a lot.
> Secondly, I would look at other mechanisms than DNS64/NAT64 to provide
> IPv4 as-a-service. It really has a lot of issues
Thank you Mark. Your insight and detail is
always helpful and immensely appreciated. For
what it's worth, I will make it a point to reach
out to the relevant parties to grouse to the
extent possible about the damage done by
DNS servers authoritative for DNSSEC signed
zones that aren't properly su
>> As far as I know, a host with on an IPv6 address is only ever
>> going to perform lookups. I'd be very interested to know
>> if there are cases where that isn't true.
>
> Well, if you run nslookup or dig -t a, you're asking for A records
> explicitly.
Ah, true that. Does nslookup do that
>> I'll give those tools a try, but I don't understand how my client is
>> requesting
> an A record. It only has IPv6 networking. DNS64 should be requesting an
> A record, but that the client should see is the converted record. Is that
> not right?
>
> Nope-- DNS requests aren't going to conv
Ah, you are awesome Carl! Thank
you!! And doh, stupid me. I was
emailing the wrong people.
On Wed, Apr 11, 2018 at 11:45 AM, Carl Byington wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Wed, 2018-04-11 at 11:28 -0700, Mark Boolootian wrote:
>
>
>>
Hi folks,
I upgraded out of 9.10 and into 9.12
last week. Subsequent to that, I received
complaints about hosts in archives.gov
failing to resolve.
We run validating recursive servers, and
archives.gov is signed.
I've poked at this but concluded I lack
enough DNS foo to understand the specifics
Hi Mark,
Thanks very much for the response on this.
> Chroot has zero impact on this. running with -u will but you can
> configure FreeBSD to allow the user named is running as to bind to
> port 53.
Yes, sorry about that. That's what I meant to say :-)
>> explain why BIND stops listening on t
what rocks to turn over to find some clue
on what might be causing this would be greatly appreciated.
I can't tell if this has the smell of a bug or not at this point.
thank you,
mark
---
Mark Boolootian
UC Santa Cruz
___
Please visit https://l
10 matches
Mail list logo
