Hi All, We have configured a forward zone in bind9 for e164.arpa, and we have our application to resolve e164 domain queries (NS, NAPTR, CNAME queries). But our application is sending RCODE=4 (NOT implemented) to bind9. But bind9 at their side, changing it to "ServerFail" Error.
But we want on dig/dnsperf error code should come RCODE=4 only. Bind9 should
not translate the original error code.
Bind 9 should send the original RCODE=4 to the requester.
Below are the snapshot of named/conf file. Wireshark is also attached with
this mail.
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named.stats";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; !blocked; allowed; };
//allow-query { any; };
recursion yes;
zone-statistics yes;
dnssec-enable yes;
dnssec-validation no;
// additional-from-auth no;
// additional-from-cache no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
zone "e164.arpa" IN {
type forward ;
forwarders { 127.0.0.1 port 49153; 139.165.24.21 port 49153;};
forward only;
};
Dig output:-
[root@ukp2-so1mp1 admusr]# dig -t naptr
4.0.4.5.2.4.1.4.2.0.2.4.7.8.9.5.7.9.e164.arpa @localhost
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.0.2.el6_10.8 <<>> -t naptr
4.0.4.5.2.4.1.4.2.0.2.4.7.8.9.5.7.9.e164.arpa @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31801 //expecting RCODE=4
here
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;4.0.4.5.2.4.1.4.2.0.2.4.7.8.9.5.7.9.e164.arpa. IN NAPTR
;; Query time: 97 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Sep 29 03:29:23 2021
;; MSG SIZE rcvd: 63
Application Wireshark snapshot:
[cid:[email protected]]
Bind9 Wireshark:-
[cid:[email protected]]
Kindly share your views on this.
Regards,
Sonal
RCODE_query.pcap
Description: RCODE_query.pcap
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
