On Fri, Sep 20, 2024 at 12:45:08PM +0200, Mike Fischer wrote:
>
> > Am 20.09.2024 um 12:13 schrieb Stuart Henderson <stu.lists@spacehopper.org>:
> >
> >> From what you've shown I can only assume the auth servers are broken
> > and probably refusing to respond for A (rather than an empty NOERROR
> > response).
>
> I agree, that is probably the root cause.
>
> So that would cause host(1) to abort looking for other RRsets? Is that not a bug in host(1)?
>
> Note: I tried looking at the source code of host(1) but I can't figure out how it works.
>
>
> > AAAA-only is a somewhat rare case and IPv6 has only been supported in
> > DNS since 2008 or so, it takes time to get the bugs worked out
> > especially in custom DNS software like is probably used for a dynamic
> > dns zone.
>
> Yes, a mere 18 years is rather new ;-)
>
>
> > If you show the real hostname, maybe someone can figure it out in
> > more detail.
>
> This is an example hostname I created at dynv6.com for the purpose of figuring out this issue:
> test.fwml42.v6.rocks
>
> $ dig +short test.fwml42.v6.rocks aaaa
> 2001:db8::dead:beaf
> $ host test.fwml42.v6.rocks
> Host test.fwml42.v6.rocks not found: 2(SERVFAIL)
> $
Here host just succeeds with that name (not using unbound as resolver
but PowerDNS recursor)
$ host test.fwml42.v6.rocks
test.fwml42.v6.rocks has IPv6 address 2001:db8::dead:beaf
A tip to investigate further: use -v with host (it shows more
details), don't use +short with dig (it hides useful information).
-Otto
No comments:
Post a Comment