Another operational impact of these broken servers, broken DNS64. BIND
wants to verify no records exist for a QNAME before synthesizing
records, but since it can’t get a valid denial of existence, it won’t
return synthesized s.
On Sat, Jul 5, 2025 at 6:44 AM Bagas Sanjaya wrote:
> On 7
On 7/5/25 19:17, Jeff Sumner wrote:
Apologies for the lack of clarity.
We performed a major F5 upgrade recently – for which we were delegating
some zones from our ISC BIND servers (just Plain Old NS record
delegation) and ever since then, clients using nslookup and host, which
query the BIND
in the sniffer – so the BIND servers are acting correctly – the F5s are
not. We’re working that through.
J
From: Bagas Sanjaya
Date: Saturday, July 5, 2025 at 8:12 AM
To: Jeff Sumner , bind-users@lists.isc.org
Subject: Re: question about resolving of amazoses.com
On 7/5/25 18:55, Jeff
On 7/5/25 18:55, Jeff Sumner wrote:
Doing battle with the exact same problem – from an over-the-weekend F5
upgrade.
So funny this is coming up now. We’re not considering a code upgrade
yet, but users are complaining about the Real ISC-BIND servers returning
SERVFAIL for queries (not subz
“Not considering a code reversion on the F5’s yet” (not upgrade)
J
From: Jeff Sumner
Date: Saturday, July 5, 2025 at 7:55 AM
To: bind-users@lists.isc.org
Subject: Re: question about resolving of amazoses.com
Doing battle with the exact same problem – from an over-the-weekend F5 upgrade
servers.
J
From: bind-users on behalf of Ondřej Surý
Date: Saturday, July 5, 2025 at 12:03 AM
To: Florian Piekert
Cc: bind-users@lists.isc.org
Subject: Re: question about resolving of amazoses.com
Specifically in this case the incorrect chain starts here:
> $ dig IN feedback-smtp
Specifically in this case the incorrect chain starts here:
> $ dig IN feedback-smtp.us-east-1.amazonses.com @ns-265.awsdns-33.com.
>
> ; <<>> DiG 9.21.8-1+0~20250521.138+debian12~1.gbpefbbeb-Debian <<>> IN
> feedback-smtp.us-east-1.amazonses.com @ns-265.awsdns-33.com.
> ;; global optio
Hello and many thanks for the quick all-answering response!
Thanks for Greg as well, I leave it to Petr's answer then :-)
Am 04.07.2025 um 10:13 schrieb Petr Špaček:
On 04. 07. 25 9:56, Florian Piekert via bind-users wrote:
Hello all,
I frequently have this in my logs
May 4 14:29:16 sonne
On 04. 07. 25 9:56, Florian Piekert via bind-users wrote:
Hello all,
I frequently have this in my logs
May 4 14:29:16 sonne named[4035767]: DNS format error from
2600:9000:5303:c800::1#53 resolving feedback-smtp.us-
east-1.amazonses.com/ for 127.0.0.1#44099: Name us-
east-1.amazonses.co
Hi Florian.
Well since you mention it, may we see your BIND configuration? Also "named
-V", please and, if you can, a packet capture (preferably binary pcap, not
just a few lines of tcpdump output) showing what your server is doing at
the time you see these messages in the logs.
Cheers, Greg
On F
Hello all,
I frequently have this in my logs
May 4 14:29:16 sonne named[4035767]: DNS format error from
2600:9000:5303:c800::1#53 resolving feedback-smtp.us-east-1.amazonses.com/
for 127.0.0.1#44099: Name us-east-1.amazonses.com (SOA) not subdomain of zone
feedback-smtp.us-east-1.amazons
11 matches
Mail list logo
