Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15796
| Path | csiph.com!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!feeder.usenetexpress.com!tr2.eu1.usenetexpress.com!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | vom513 <vom513@gmail.com> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: Constant errors concerning in-addr.arpa SOA (insecure response) |
| Date | Sat, 30 May 2020 23:58:12 -0400 |
| Lines | 36 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.463.1590897482.942.bind-users@lists.isc.org> (permalink) |
| References | <854199C1-8834-482D-9E9A-CF09A20C4BC9@gmail.com> <05FF1329-0454-4EBC-876B-C5F0847F8119@gmail.com> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | quoted-printable |
| X-Trace | usenet.stanford.edu 1590897505 26618 149.20.1.60 (31 May 2020 03:58:25 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users@lists.isc.org |
| Return-Path | <vom513@gmail.com> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=538ipitAWQdXB5XHTzVsBjHkgfnYjXIfDPfsQdk0XOc=; b=cMnC6e9cnhpWoewn3OH0r9U/f8BkTHvEOMl5i6JXdYttzB7Qb6/THiWjjtpit5DMjz ejFkHrGXvDOaEk3yvF7EZwSfC9Z8hyZC9gVkGh6QObDq46KONQkqBfcdBvBTb2dGYV9V p3Om4mmpIRFKD3RtY7axg+ZerSxQoICCecFderTzMgDg7Zow+OIzVWoI81BRVI/PC0h9 LBkkIIYTtJYUBeYIps5hnCJOjj+lTe2wtQPzCS3qXWnu8Sg/MSUtym0A0D1ixoqVLQ8F TYv0Q/bP3V9QkMpydZ8wSaL9NvLuZPH7cY3iPgt86ROiDDJQxmRT3f8hdco6Ed74dbKJ E8Ew== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=538ipitAWQdXB5XHTzVsBjHkgfnYjXIfDPfsQdk0XOc=; b=iFAww5Prg/ABTQv9RMIAJCOgNA3J2awnh9olm01OU/comhrfsWYM0nrnwIsMJPUPYR zPn0nixUCotZHa2jRAFfO+Fer26RkzLh7DR04IQc0KpvjdxWNUOo6XCLehBCoc/1AazP U1vfvuSguvHyFIYF17Us/WF3uw7/GvzF72QDkZim2qSR1ReCvQf0WE0m24VxTlmSRKpu 580dw9+WDgnXm6ST3yWTsrl/qNz/gofBvg3ZpqNty/HbnbVdwNvSnyKAjwyUR92nhP2w MpYP3PPXNJDVvhBaQlx5d2lY1BbsCCQZ8vXeA+UxBe+IzURPdzX1YkaOpW7CdjEW2B+g fJRg== |
| X-Gm-Message-State | AOAM531/TZHchBBXXOBijI7kGld2VcIxq9mwO++RmhX1iBd7zY/QbmzF jFQ957CFH06TX9IT6S+2CSsMAlGNiJU= |
| X-Google-Smtp-Source | ABdhPJxwKvJvycl4nWjaDChLgrCbD0nsChIXgrGy9Xmz7sa6CzWMX1kYcJq4dyoOFDDiWRb6ZWl1uw== |
| X-Received | by 2002:a05:620a:15e8:: with SMTP id p8mr4180793qkm.333.1590897495230; Sat, 30 May 2020 20:58:15 -0700 (PDT) |
| In-Reply-To | <854199C1-8834-482D-9E9A-CF09A20C4BC9@gmail.com> |
| X-Mailer | Apple Mail (2.3608.80.23.2.2) |
| X-Spam-Status | No, score=0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2 |
| X-Spam-Checker-Version | SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <05FF1329-0454-4EBC-876B-C5F0847F8119@gmail.com> |
| X-Mailman-Original-References | <854199C1-8834-482D-9E9A-CF09A20C4BC9@gmail.com> |
| Xref | csiph.com comp.protocols.dns.bind:15796 |
Show key headers only | View raw
Sorry to self reply - I *think* I figured this out. Looks like the messages I was seeing (at least to my eyes) make this seem like a true failure in the chain of recursion/validation. Looks like it’s more benign - misconfigured auth servers for various in-addr.arpa zones hading out information erroneously (i.e. NOT what they were asked / have been delegated).
I was able to do this on one of my “clean” servers that I hadn’t observed the log messages on:
while true; do nmap -n -iR 10 -sL | grep "^Nmap scan" | awk '{print $5}' | while read ip; do dig -x $ip; done; sleep 5; done
I’m just using nmap to generate 10 random IPs, I’m not “scanning” anything…
That command managed to trigger the log message on my “clean” machine. I think part of the issue is my mail server is simply much busier looking up rDNS as it gets SMTP connections, and is therefore more likely to trigger this log.
I don’t mean to pick on this network, but the following record/query seems to trigger this every time:
dig -x 106.62.177.136
And to see what caused it:
dig +trace -x 106.62.177.136
Notice the “IN-ADDR.ARPA” they give out (helpfully in all CAPS :)).
Sorry for the noise with this thread. If anyone has a more in-depth explanation of bind’s behavior in this scenario I’d love to hear it because I don’t feel like I 100% understand it...
Back to comp.protocols.dns.bind | Previous | Next | Find similar | Unroll thread
Re: Constant errors concerning in-addr.arpa SOA (insecure response) vom513 <vom513@gmail.com> - 2020-05-30 23:58 -0400
csiph-web