Package: bind9
Version: 1:9.7.3.dfsg-1~squeeze7
When using bind9 as a resolver it will fail to resolve *.example.org
when DNSsec is enabled in the resolver. So when resolving
'www.example.org' relies on resolving '*.example.org', the RR won't
be found.
Below an example taken from /var/log/syslog (UTC + 2).
Here bind tries to find the AAAA and A records for
'www.nuonexclusief.nl'.
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN':
2a00:1478:20:f:8:772:0:1#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 91.217.56.224#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 77.95.248.206#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 2a00:ec8:401:2:d002::1#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN':
2a03:7900:105:31:3:105:133:1#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 31.3.105.133#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN':
2a03:7900:105:31:3:105:133:1#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 77.95.248.206#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 91.217.56.224#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 31.3.105.133#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN':
2a00:1478:20:f:8:772:0:1#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 2a00:ec8:401:2:d002::1#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 77.95.248.206#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN':
2a03:7900:105:31:3:105:133:1#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 2a00:ec8:401:2:d002::1#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN':
2a00:1478:20:f:8:772:0:1#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 31.3.105.133#53
Oct 15 16:52:07 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/AAAA/IN': 91.217.56.224#53
Oct 15 16:52:08 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/A/IN': 77.95.248.206#53
Oct 15 16:52:08 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/A/IN': 91.217.56.224#53
Oct 15 16:52:08 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/A/IN':
2a03:7900:105:31:3:105:133:1#53
Oct 15 16:52:08 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/A/IN': 2a00:1478:20:f:8:772:0:1#53
Oct 15 16:52:08 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/A/IN': 2a00:ec8:401:2:d002::1#53
Oct 15 16:52:08 sput named[1777]: error (no valid NSEC) resolving
'www.nuonexclusief.nl/A/IN': 31.3.105.133#53
'nuonexclusief.nl' does resolve.
Apparently this has been fixed in 6-ESV-R6, 9.7.5 and 9.8.2,
which don't seem to be available on Debian.
A discussion in xs4all.general shows that the newer versions of
Bind do correctly resolve the address.
I'm using Debian stable with Linux version 2.6.32-5-686
(Debian 2.6.32-46) (da...@debian.org)
(gcc version 4.3.5 (Debian 4.3.5-4) )
#1 SMP Sun Sep 23 09:49:36 UTC 2012
Regards,
Rob
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
