[dns-operations] Very strange DNS bug at Hurricane Electric

Florian Weimer fw at deneb.enyo.de
Mon Mar 21 17:13:35 UTC 2016


* Stephane Bortzmeyer:

> The authoritative name servers do reply, but only empty responses:
>
> % dig @216.218.130.2             NS he.net
>
> ; <<>> DiG 9.10.2-P2 <<>> @216.218.130.2 NS he.net
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42388
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1680
> ;; QUESTION SECTION:
> ;he.net.                        IN NS
>
> ;; Query time: 162 msec
> ;; SERVER: 216.218.130.2#53(216.218.130.2)
> ;; WHEN: Mon Mar 21 17:23:29 CET 2016
> ;; MSG SIZE  rcvd: 35

This test is not valid for an authoritative server because you sent an
RD=1 query.  The server appears to be subject to anycast, so maybe try
again with “+norecurse +nsid”?

The cause for such a response could be that the server tries to
construct a response from existing cache contents, without performing
recursion because the server configuration does not allow recursion
for this particular client.




More information about the dns-operations mailing list