[dns-operations] ENT NXDOMAIN problem at .BS nameserver ns36.cdns.net
Warren Kumari
warren at kumari.net
Thu Sep 22 09:14:29 UTC 2022
[ - bs ]
There is a very similar issue with 'production.cloudflare.docker.com'
(https://dnsviz.net/d/production.cloudflare.docker.com/dnssec/):
A query for production.cloudflare.docker.com results in a NOERROR response,
while a query for its ancestor, cloudflare.docker.com, returns a name error
(NXDOMAIN), which indicates that subdomains of cloudflare.docker.com,
including production.cloudflare.docker.com, don't exist.
This broke my ability to use docker for a while — I'd enabled strict qname
minimization as a test, and then needed to update some containers in an
emergency. It took a while to debug the issues…
W
On Wed, Sep 21, 2022 at 8:33 AM, Viktor Dukhovni <ietf-dane at dukhovni.org>
wrote:
> The .COM.BS <http://com.bs/> is an empty non-terminal with various child
> domains registered beneath. The "ns36.cdns.net" nameserver for .BS
> responds with NXDOMAIN to "com.bs" qname-minimised queries.
>
> This in turn can and does sometimes lead to NXDOMAIN inference for the
> child domains.
>
> This nameserver needs to be withdrawn and fixed before it is returned to
> service.
>
> 2001:678:4::24 ns36.cdns.net
> 194.0.1.36 ns36.cdns.net
>
> Example responses:
>
> @194.0.1.36
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3297
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;com.bs. IN SOA
>
> ;; AUTHORITY SECTION:
> bs. SOA dns.nic.bs. bsadmin.cob.edu.bs. 2022092000 3600 900 1814400 9000
>
> @2001:678:4::24
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39616
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;com.bs. IN SOA
>
> ;; AUTHORITY SECTION:
> bs. SOA dns.nic.bs. bsadmin.cob.edu.bs. 2022092000 3600 900 1814400 9000
>
> --
> Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220922/0d9e6ff0/attachment.html>
More information about the dns-operations
mailing list