[nsd-users] [New-dnscheck] NSD answer apparently depends on case-pattern of question

Sandoche Balakrichenan sandoche.balakrichenan at afnic.fr
Fri Oct 9 13:55:56 UTC 2015 

On 10/09/2015 03:48 PM, Niall O'Reilly wrote:
> On Fri, 09 Oct 2015 13:14:59 +0100,
> Niall O'Reilly wrote:
>> On Fri, 09 Oct 2015 09:07:55 +0100,
>> Fredrik Pettai wrote:
>>> It’s not a bug, it’s a feature :)
>>   I'm not convinced.
>   Hmm.
>
>   After reading RFC4343 (which seems to limit consideration to owner
>   names and exclude RDATA) and
>   https://kb.isc.org/article/AA-01113/0/Case-Insensitive-Response-Compression-May-Cause-Problems-With-Mixed-Case-Data-and-Non-Conforming-Clients.html,
>   I can see that this is more arguable either way than I appreciated
>   at first.
>
>   Either NSD is behaving too loosely, or Zonemaster too strictly.
>   I look forward to consistency between them in the near future.
>
>
==> It has been fixed in ZM. If you make a pull request of the last
version of the engine (https://github.com/dotse/zonemaster-engine)  and
test with the CLI (https://github.com/dotse/zonemaster-cli), you may
find the difference. *The  ZM GUI still needs to be updated with the
latest fix in the engine.*

_*Before the Fix : *_

zonemaster-cli afnic.fr

Seconds Level     Message
======= ========= =======
  21.47 WARNING   When asked for SOA records on "WwW.Afnic.Fr" and
"WwW.AFnIc.Fr", nameserver ns2.nic.fr/192.93.0.4 returns different answers.
  21.47 WARNING   When asked for SOA records on "WwW.Afnic.Fr" and
"WwW.AFnIc.Fr", nameserver ns2.nic.fr/2001:660:3005:1::1:2 returns
different answers.
  21.49 ERROR     When asked for SOA records on "www.afnic.fr" with
different cases, all servers do not reply consistently.
  21.59 NOTICE    SOA 'mname' nameserver (dnsmaster.nic.fr) is not
listed in "parent" NS records for tested zone
(ns1.nic.fr;ns2.nic.fr;ns3.nic.fr).
  21.59 NOTICE    SOA 'refresh' value (7200) is less than the
recommended minimum (14400).
  21.60 NOTICE    SOA 'retry' value (1800) is less than the recommended
minimum (3600).

_*After the Fix:

*_zonemaster-cli afnic.fr

Seconds Level     Message
======= ========= =======
  21.57 NOTICE    SOA 'mname' nameserver (dnsmaster.nic.fr) is not
listed in "parent" NS records for tested zone
(ns1.nic.fr;ns2.nic.fr;ns3.nic.fr).
  21.57 NOTICE    SOA 'refresh' value (7200) is less than the
recommended minimum (14400).
  21.57 NOTICE    SOA 'retry' value (1800) is less than the recommended
minimum (3600)._*

*_
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20151009/9512c540/attachment.htm>

More information about the nsd-users mailing list