[dns-operations] console.aws.amazon.com - breakage & confusing output from DNSViz?

[Matthew Richardson]

Vladimír ?unát wrote:-
>Are you sure that you used the latest version?  (5.4.4, a month old)
>Bug details: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1237

Thanks.  Embarrassingly I was running 5.4.2, and an upgrade to 5.4.4 has
(obviously!) fixed the issue in Knot Resolver.

Out of interest, updating the lab (which tries to use "out of the box"
configs, but with DNSSEC validation, of standard packages), also upgraded:-

Bind 9.11.26-4.el8_4 to 9.11.26-6.el8
Unbound 1.7.3-15.el8 to 1.7.3-17.el8

after which Unbound could resolve it, but Bind continued to return
SERVFAIL.


Viktor Dukhovni wrote:-
>The more likely source of trouble can be seen by clickin on the "Errors"
>button:
>
>    aws.amazon.com zone: The server(s) did not respond authoritatively for the namespace. (34.196.62.143, 52.9.140.222, 52.9.146.37, 52.16.221.207, 52.19.138.45, 52.86.96.73)
>    aws.amazon.com/CNAME: The Authoritative Answer (AA) flag was not set in the response. (34.196.62.143, 52.9.140.222, 52.9.146.37, 52.16.221.207, 52.19.138.45, 52.86.96.73, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
>    console.aws.amazon.com zone: The server(s) did not respond authoritatively for the namespace. (34.196.62.143, 52.9.140.222, 52.9.146.37, 52.16.221.207, 52.19.138.45, 52.86.96.73)
>    us-east-1.console.aws.amazon.com zone: The server(s) did not respond authoritatively for the namespace. (34.196.62.143, 52.9.140.222, 52.9.146.37, 52.16.221.207, 52.19.138.45, 52.86.96.73)

Ah - thank you for your ever helpful observations! -:)

That suggests to me that the authoritative setup is somewhat "fragile".  Do
folks think that such a setup deserves to work?  Or should AWS be
encouraged to improve it?

--
Best wishes,
Matthew