[dns-operations] [DNSOP] bind fails to continue recursing on one specific query
Petr Špaček
pspacek at isc.org
Tue Mar 28 12:29:05 UTC 2023
On 28. 03. 23 13:00, Peter DeVries via dns-operations wrote:
>> The queries for "_.extglb.tn.gov. IN A ?" in your PCAP are a novelty to
>> me. Are these some form of query minimisation, or some sort of sanity
>> check of the delegation? Sadly, the "tn.gov" nameserver just drops
>> these without responding, so their failure could well contribute to the
>> problems you observe.
> These are indeed how BIND does qname minimization in "relaxed" mode
> which is currently the default.
>
> We almost blocked these because we didn't know what they were but then
> I stumbled upon one of the old RFC drafts for query minimization and
> it does mention this as a technique. I could see someone else doing
> so as well because it did make up a very large percentage of our
> inbound queries and there isn't much documentation on it.
FTR the underscore trick is now documented in
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-qname-minimization
(And also mentioned in RFC 7816 section 3.)
--
Petr Špaček
Internet Systems Consortium
More information about the dns-operations
mailing list