Hello Benoît
On 14.10.2022 10:51, Benoît Panizzon wrote:
Maybe some of you has already come over that issue and know how to fix.
Bind 9.18.4 fails to resolve the A record of: fd19g0409.drive.pro.io
Bind 9.11.36 works.
Both versions have DNSSEC Validation enabled and connected to a network not restricting EDNS.
My systems are with bind 9.16 as a local resolver using the root nameservers, I get this:
batman:~ # dig fd19g0409.drive.pro.io ;; communications error to ::1#53: timed out ;; communications error to ::1#53: timed out
; <<>> DiG 9.18.7 <<>> fd19g0409.drive.pro.io ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35861 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 2f7b02654b3c7d3c01000000634bd959127589388c126a1d (good) ;; QUESTION SECTION: ;fd19g0409.drive.pro.io. IN A
;; Query time: 113 msec ;; SERVER: ::1#53(::1) (UDP) ;; WHEN: Sun Oct 16 12:13:45 CEST 2022 ;; MSG SIZE rcvd: 79
batman:~ #
But on the other hand this works (takes a while): batman:~ # host fd19g0409.drive.pro.io fd19g0409.drive.pro.io has address 94.126.19.162 fd19g0409.drive.pro.io has IPv6 address 2a00:1128:0:19::162 batman:~ #
Bind Logs:
named[3156696]: end of file resolving '_.drive.pro.io/A/IN': 80.74.143.169#53
I get this (sorry for the long line wrapping): Oct 16 08:28:48 batman named[63587]: client @0x80f11b758 ::1#40913 (fd19g0409.drive.pro.io): view internal: query failed (timed out) for fd19g0409.drive.pro.io/IN/A at query.c:7375 [... two repeated lines remove ...] Oct 16 12:13:45 batman named[63587]: client @0x80356e358 ::1#44995 (fd19g0409.drive.pro.io): view internal: query failed (timed out) for fd19g0409.drive.pro.io/IN/A at query.c:7375 [... two repeated lines remove ...]
Lines from a second dig: Oct 16 12:15:52 batman named[63587]: client @0x807c15d58 ::1#59382 (fd19g0409.drive.pro.io): view internal: query failed (timed out) for fd19g0409.drive.pro.io/IN/A at query.c:7375 [... one repeated lines remove ...] Oct 16 12:15:52 batman named[63587]: client @0x80f2c2958 ::1#40749 (fd19g0409.drive.pro.io): view internal: query failed (SERVFAIL) for fd19g0409.drive.pro.io/IN/A at query.c:6656
As the 'host' tool was working with a unusual delay using the same server, I did try this (default timeout is 5 seconds):
batman:~ # dig fd19g0409.drive.pro.io +timeout=30
; <<>> DiG 9.18.7 <<>> fd19g0409.drive.pro.io +timeout=30 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41879 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 6317be730627999801000000634bdf600b277eb7be8c0697 (good) ;; QUESTION SECTION: ;fd19g0409.drive.pro.io. IN A
;; Query time: 10009 msec ;; SERVER: ::1#53(::1) (UDP) ;; WHEN: Sun Oct 16 12:39:28 CEST 2022 ;; MSG SIZE rcvd: 79
batman:~ #
Same also with 60 seconds timeout. But now host also fails (took 33 and on a second try 40 seconds):
batman:~ # host fd19g0409.drive.pro.io ;; connection timed out; no servers could be reached batman:~ #
Other things work and the answer is instant.
I do not see this problem from some other locations where I use the resolver of the ISP or hoster. The answer is instant.
But more strange things, which work fine and instant:
batman:~ # dig -t ns pro.io
; <<>> DiG 9.18.7 <<>> -t ns pro.io ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40826 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 5
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: d7ad19c9d61a7a8a01000000634be1c9e9ed83950b13cd10 (good) ;; QUESTION SECTION: ;pro.io. IN NS
;; ANSWER SECTION: pro.io. 1430 IN NS p.dnh.net. pro.io. 1430 IN NS ch.pro.io. pro.io. 1430 IN NS nl.pro.io.
;; ADDITIONAL SECTION: ch.pro.io. 1430 IN AAAA 2a00:1128:1:1::143:169 nl.pro.io. 1430 IN AAAA 2001:41d0:8:1c8d:: ch.pro.io. 42235 IN A 80.74.143.169 nl.pro.io. 42235 IN A 151.80.197.88
;; Query time: 106 msec ;; SERVER: ::1#53(::1) (UDP) ;; WHEN: Sun Oct 16 12:49:45 CEST 2022 ;; MSG SIZE rcvd: 208
batman:~ # dig fd19g0409.drive.pro.io @80.74.143.169
; <<>> DiG 9.18.7 <<>> fd19g0409.drive.pro.io @80.74.143.169 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5649 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;fd19g0409.drive.pro.io. IN A
;; ANSWER SECTION: fd19g0409.drive.pro.io. 120 IN A 94.126.19.162
;; Query time: 2 msec ;; SERVER: 80.74.143.169#53(80.74.143.169) (UDP) ;; WHEN: Sun Oct 16 12:50:04 CEST 2022 ;; MSG SIZE rcvd: 67
batman:~ # dig fd19g0409.drive.pro.io @2a00:1128:1:1::143:169
; <<>> DiG 9.18.7 <<>> fd19g0409.drive.pro.io @2a00:1128:1:1::143:169 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7153 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;fd19g0409.drive.pro.io. IN A
;; ANSWER SECTION: fd19g0409.drive.pro.io. 120 IN A 94.126.19.162
;; Query time: 2 msec ;; SERVER: 2a00:1128:1:1::143:169#53(2a00:1128:1:1::143:169) (UDP) ;; WHEN: Sun Oct 16 12:50:17 CEST 2022 ;; MSG SIZE rcvd: 67
batman:~ #
So I think something is/was temporary ugly with this domain and your bind 9.18 and my resolver have cached some wrong entries with a too large TTL. Other resolver which already did resolve this before (or after) may be able to answer.
Error persists. Any help appreciated in a pointer to the possible cause.
May check the issue tracker for bind at: https://gitlab.isc.org/isc-projects/bind9/-/issues/?search=end%20of%20file%2...
or create an issue if non of the existing match or it does not resolves in the next few days.
Best regards, Fabian