Hello,
I’ve a bug with one specific domain (new tld): .bnpparibas
I can’t resolve mabanque.bnpparibas if dns forwarding is activated (via foris checkbox)
And if I query directly the server I’m suposed to forward to, it works
Best than a long explaination :
WITH DNS FORWARDING
/var/resolv.conf.auto
# Interface wan
nameserver 217.31.204.130
nameserver 193.29.206.206
#cat /etc/config/resolver
config resolver 'common’
list interface '0.0.0.0’
list interface '::0’
option port '53’
option keyfile '/etc/root.keys’
option verbose '0’
option msg_buffer_size '4096’
option msg_cache_size '20M’
option net_ipv6 '0’
option net_ipv4 '1’
option prefered_resolver 'kresd’
option prefetch 'yes’
option ignore_root_key '0’
option dynamic_domains '0’
option forward_upstream ‘1’
config resolver 'kresd’
option rundir '/tmp/kresd’
option log_stderr '1’
option log_stdout '1’
option forks ‘1’
config resolver 'unbound’
option outgoing_range '60’
option outgoing_num_tcp '1’
option incoming_num_tcp '1’
option msg_cache_slabs '1’
option num_queries_per_thread '30’
option rrset_cache_size '100K’
option rrset_cache_slabs '1’
option infra_cache_slabs '1’
option infra_cache_numhosts '200’
list access_control '0.0.0.0/0 allow’
list access_control '::0/0 allow’
option pidfile '/var/run/unbound.pid’
option root_hints '/etc/unbound/named.cache’
option target_fetch_policy '2 1 0 0 0’
option harden_short_bufsize 'yes’
option harden_large_queries 'yes’
option key_cache_size '100k’
option key_cache_slabs '1’
option neg_cache_size '10k’
option prefetch_key ‘yes’
config resolver 'unbound_remote_control’
option control_enable 'no’
list control_interface '0.0.0.0’
list control_interface ‘::0’
cat /tmp/kresd.config
–Automatically generated file; DO NOT EDIT
modules = {
‘hints > iterate’
, ‘policy’
, ‘stats’
, predict = {
window = 30 – 30 minutes sampling window
, period = 24*(60/30) – track last 24 hours
}
}
hints.config(’/tmp/kresd/hints.tmp’)
net.bufsize(4096)
net.ipv4=true
net.ipv6=false
cache.open(20*MB)
cache.clear()
policy.add(policy.all(policy.FORWARD({
‘193.29.206.206’,
‘217.31.204.130’,
})))
dig mabanque.bnpparibas
; <<>> DiG 9.10.5-P3 <<>> mabanque.bnpparibas
;; global options: +cmd
;; connection timed out; no servers could be reached
OR other possible response
; <<>> DiG 9.10.5-P3 <<>> mabanque.bnpparibas
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43648
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mabanque.bnpparibas. IN A
;; Query time: 194 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 30 21:49:25 CET 2017
;; MSG SIZE rcvd: 37
dig bnpparibas
; <<>> DiG 9.10.5-P3 <<>> bnpparibas
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4471
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bnpparibas. IN A
;; AUTHORITY SECTION:
bnpparibas. 872 IN SOA a0.nic.bnpparibas. noc.afilias-nst.info. 1000002224 10800 3600 2764800 900
;; Query time: 63 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 30 21:48:34 CET 2017
;; MSG SIZE rcvd: 102
Asking directly DNS server works
#dig mabanque.bnpparibas @217.31.204.130
; <<>> DiG 9.10.5-P3 <<>> mabanque.bnpparibas @217.31.204.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23423
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mabanque.bnpparibas. IN A
;; ANSWER SECTION:
mabanque.bnpparibas. 9 IN A 159.50.187.79
;; Query time: 41 msec
;; SERVER: 217.31.204.130#53(217.31.204.130)
;; WHEN: Mon Oct 30 21:49:45 CET 2017
;; MSG SIZE rcvd: 64
EDIT :
with or without DNSSEC support does not change the situation – WRONG
DNSSEC is the problem with this tld
Any clue on that problem ?
Thank you very much
PS: as for now, dns forwarding is disabled, but resolution takes muccccchhh longer