[dns-operations] [DNSOP] bind fails to continue recursing on one specific query
Mark Andrews
marka at isc.org
Tue Mar 28 21:17:23 UTC 2023
The servers don’t return NXDOMAIN for non existent names.
--
Mark Andrews
> On 28 Mar 2023, at 22:01, Peter DeVries <pdevries at quotient-inc.com> wrote:
>
> <snip>
>
>> The queries for "_.extglb.tn.gov. IN A ?" in your PCAP are a novelty to
>> me. Are these some form of query minimisation, or some sort of sanity
>> check of the delegation? Sadly, the "tn.gov" nameserver just drops
>> these without responding, so their failure could well contribute to the
>> problems you observe.
>
> These are indeed how BIND does qname minimization in "relaxed" mode
> which is currently the default.
>
> We almost blocked these because we didn't know what they were but then
> I stumbled upon one of the old RFC drafts for query minimization and
> it does mention this as a technique. I could see someone else doing
> so as well because it did make up a very large percentage of our
> inbound queries and there isn't much documentation on it.
>
> Peter
More information about the dns-operations
mailing list