BIND issueshttps://gitlab.isc.org/isc-projects/bind9/-/issues2021-10-04T19:58:25Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1276[ISC-support #15512] improve interoperability between catalog zones and respo...2021-10-04T19:58:25ZBrian Conry[ISC-support #15512] improve interoperability between catalog zones and response-policy configurationA customer has requested two things related to catalog zones and response-policy statements.
1) the ability to update the response-policy configuration using a catalog zone as the carrier
2) the ability to reference in a response-policy...A customer has requested two things related to catalog zones and response-policy statements.
1) the ability to update the response-policy configuration using a catalog zone as the carrier
2) the ability to reference in a response-policy statement a zone that is defined from a catalog zonehttps://gitlab.isc.org/isc-projects/bind9/-/issues/1194Bind unresponsive during validity checks of zone reload2023-11-02T16:42:12ZKlaus DarilionBind unresponsive during validity checks of zone reload### Summary
When a large zone is reloaded, and Bind start with the zone validity checks, Bind becomes unresponsive/slow for DNS queries until the reload is finished.
### BIND version used
ISC Ubuntu PPA: 9.14.4-2+ubuntu18.04.1+deb.sur...### Summary
When a large zone is reloaded, and Bind start with the zone validity checks, Bind becomes unresponsive/slow for DNS queries until the reload is finished.
### BIND version used
ISC Ubuntu PPA: 9.14.4-2+ubuntu18.04.1+deb.sury.org+1
```
BIND 9.14.4-Ubuntu (Stable Release) <id:ab4c496>
running on Linux x86_64 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:22:20 UTC 2019
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr' '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip2' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-uP6eK4/bind9-9.14.4=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 7.4.0
compiled with OpenSSL version: OpenSSL 1.1.1 11 Sep 2018
linked to OpenSSL version: OpenSSL 1.1.1 11 Sep 2018
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with libjson-c version: 0.12.1
linked to libjson-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
```
### Steps to reproduce
A VM with 2 CPUs and 32G Ram. Configure Bind to load the "net" zone (freely available via https://czds.icann.org/home):
```
zone "net" {
type master;
file "/etc/bind/zones/net";
allow-transfer { 1.2.3.0/21; };
notify explicit;
also-notify { 1.2.3.139; };
};
```
Then, start Bind and wait until the zone is loaded and DNS queries are served.
In a second shell starting querying the zone, for example: `while true; do date; dig @127.0.0.1 SOA net |egrep 'a.gtld-servers.net.|Query time|timed out';echo ""; sleep 1; done`
Then, increase the zone's serial - I use "hexedit" as normal editors try load the whole textfile.
Then call `rndc reload net`. In my setup, loading the zone takes around 3 minutes. As the zone is already in the file buffers, the zone loading is CPU bound. One of my CPUs is at 100%, the other CPU is idle. When the zone was loaded, Bind starts with validity checks ("zone net/IN: loaded; checking validity").
Once the validity checks begin, Bind becomes unresponsive and dig experiences timeouts. during the validity checks, Bind also consumes 1 CPU with 100%, the other CPU is idle. RAM is not an issue, after initial loading Bind uses 4.3G RAM, after reload 8.6G RAM.
Please see attached log files from Bind and the output of my dig command. You can relate the timestamps.
I have seen this issue also with Bind slaves with other large zones and large IXFRs. I initially thought this is a disk IO problem when dumping zones/journals to disk. But this time I can reproduce it with a "master" setup where there are now disk writes - only disk-reads from data which is in the buffers. Hence I do not believe this is a disk-IO problem.
I have seens this behavior also with Bind 9.11.3+dfsg-1ubuntu1.8 and older Bind versions.
I have reported this before on the users mailing list, but never gained attraction:
* https://lists.isc.org/pipermail/bind-users/2018-March/099814.html
* https://lists.isc.org/pipermail/bind-users/2019-March/101579.html
### What is the current *bug* behavior?
Bind is very very slow answering queries
### What is the expected *correct* behavior?
Bind should answer queries without drops during the zone reload.
### Relevant configuration files
```
logging {
channel "log_message" {
file "/var/log/named/log_message" versions 4 size 10485760;
severity debug 1;
print-time yes;
print-severity yes;
print-category yes;
};
category "notify" {
"log_message";
};
category "xfer-in" {
"log_message";
};
category "xfer-out" {
"log_message";
};
category "dnssec" {
"log_message";
};
category "zoneload" {
"log_message";
};
category "default" {
"log_message";
};
category "network" {
"log_message";
};
category "dispatch" {
"log_message";
};
category "config" {
"log_message";
};
category "general" {
"log_message";
};
};
options {
directory "/var/cache/bind";
listen-on-v6 {
"any";
};
auth-nxdomain no;
dnssec-validation auto;
recursion no;
};
zone "net" {
type master;
file "/etc/bind/zones/net";
allow-transfer {
1.2.3.0/21;
};
also-notify {
1.2.3.139;
};
notify explicit;
};
```
### Relevant logs and/or screenshots
See also the attachments.
bind.log
```
13-Aug-2019 16:38:02.289 general: info: received control channel command 'reload net'
13-Aug-2019 16:38:02.289 zoneload: debug 1: zone net/IN: starting load
13-Aug-2019 16:38:02.289 general: debug 1: zone_startload: zone net/IN: enter
13-Aug-2019 16:38:02.290 general: warning: /etc/bind/zones/net:108: signature has expired
13-Aug-2019 16:40:48.208 general: debug 1: zone_loaddone: zone net/IN: enter
13-Aug-2019 16:40:48.208 zoneload: debug 1: zone net/IN: loaded; checking validity
13-Aug-2019 16:40:48.244 general: error: zone net/IN: 0580.net/NS 'dns.cndomain.net' has no address records (A or AAAA)
13-Aug-2019 16:40:48.324 general: error: zone net/IN: 123ezvideo.net/NS 'ns1.wappoocreek.net' has no address records (A or AAAA)
13-Aug-2019 16:40:48.324 general: error: zone net/IN: 123ezvideo.net/NS 'ns2.wappoocreek.net' has no address records (A or AAAA)
13-Aug-2019 16:40:48.724 general: error: zone net/IN: 4five.net/NS 'ns1.gnlct.net' has no address records (A or AAAA)
13-Aug-2019 16:40:48.724 general: error: zone net/IN: 4five.net/NS 'ns2.gnlct.net' has no address records (A or AAAA)
13-Aug-2019 16:40:48.743 general: error: zone net/IN: 4votes.net/NS 'ns1.dunkit.net' has no address records (A or AAAA)
13-Aug-2019 16:40:48.743 general: error: zone net/IN: 4votes.net/NS 'ns2.dunkit.net' has no address records (A or AAAA)
13-Aug-2019 16:40:48.760 general: error: zone net/IN: 513k.net/NS 'dns.cndomain.net' has no address records (A or AAAA)
13-Aug-2019 16:40:49.100 general: error: zone net/IN: 96909.net/NS 'dns.cndomain.net' has no address records (A or AAAA)
13-Aug-2019 16:40:49.321 general: error: zone net/IN: accommodation-noosa.net/NS 'ns1.firstin.rapiddns.domaindeletedtpp.net' has no address records (A or AAAA)
13-Aug-2019 16:40:49.321 general: error: zone net/IN: accommodation-noosa.net/NS 'ns2.firstin.rapiddns.domaindeletedtpp.net' has no address records (A or AAAA)
13-Aug-2019 16:40:49.577 general: error: zone net/IN: aefae.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:49.577 general: error: zone net/IN: aefae.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:50.583 general: error: zone net/IN: ansori.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:40:50.583 general: error: zone net/IN: ansori.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:40:50.589 general: error: zone net/IN: antartikapedia.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:40:50.589 general: error: zone net/IN: antartikapedia.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:40:50.751 general: error: zone net/IN: appopen.net/NS 'ns01.bwwest.net' has no address records (A or AAAA)
13-Aug-2019 16:40:50.751 general: error: zone net/IN: appopen.net/NS 'ns02.bwwest.net' has no address records (A or AAAA)
13-Aug-2019 16:40:50.888 general: error: zone net/IN: ariansanat.net/NS 'ns1.morvaarid.net' has no address records (A or AAAA)
13-Aug-2019 16:40:50.889 general: error: zone net/IN: ariansanat.net/NS 'ns2.morvaarid.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.045 general: error: zone net/IN: as395089.net/NS 'ns2.henchman21.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.243 general: error: zone net/IN: atlanticconferences.net/NS 'ns1.rscs.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.243 general: error: zone net/IN: atlanticconferences.net/NS 'ns2.rscs.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.256 general: error: zone net/IN: atmmaintanence.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.256 general: error: zone net/IN: atmmaintanence.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.258 general: error: zone net/IN: atmwrap.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.258 general: error: zone net/IN: atmwrap.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.363 general: error: zone net/IN: authorizedby.net/NS 'ns01.bwwest.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.363 general: error: zone net/IN: authorizedby.net/NS 'ns02.bwwest.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.627 general: error: zone net/IN: badenk-9.net/NS 'coal.mediaforge.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.627 general: error: zone net/IN: badenk-9.net/NS 'poker.mediaforge.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.884 general: error: zone net/IN: bbc4738.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.884 general: error: zone net/IN: bbc4738.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.998 general: error: zone net/IN: beecp.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:51.998 general: error: zone net/IN: beecp.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:52.328 general: error: zone net/IN: bigredhand.net/NS 'ns1.exodns.net' has no address records (A or AAAA)
13-Aug-2019 16:40:52.328 general: error: zone net/IN: bigredhand.net/NS 'ns2.exodns.net' has no address records (A or AAAA)
13-Aug-2019 16:40:52.507 general: error: zone net/IN: bjsinsurancegroup.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:40:52.507 general: error: zone net/IN: bjsinsurancegroup.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:40:52.524 general: error: zone net/IN: blackandwhitemarketing.net/NS 'ns1.quid5.net' has no address records (A or AAAA)
13-Aug-2019 16:40:52.524 general: error: zone net/IN: blackandwhitemarketing.net/NS 'ns2.quid5.net' has no address records (A or AAAA)
13-Aug-2019 16:40:52.797 general: error: zone net/IN: bonniebraefarms.net/NS 'ns.monad.net' has no address records (A or AAAA)
13-Aug-2019 16:40:52.818 general: error: zone net/IN: bookpond.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:40:52.818 general: error: zone net/IN: bookpond.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:40:53.101 general: error: zone net/IN: brownandcompanydesign.net/NS 'ns1.rscs.net' has no address records (A or AAAA)
13-Aug-2019 16:40:53.101 general: error: zone net/IN: brownandcompanydesign.net/NS 'ns2.rscs.net' has no address records (A or AAAA)
13-Aug-2019 16:40:53.729 general: error: zone net/IN: carpemomentum.net/NS 'dns.taowebs.net' has no address records (A or AAAA)
13-Aug-2019 16:40:54.231 general: error: zone net/IN: chdata.net/NS 'ns1.digitalparagon.net.lamedelegationservers.net' has no address records (A or AAAA)
13-Aug-2019 16:40:54.599 general: error: zone net/IN: ciscodude.net/NS 'ns2.henchman21.net' has no address records (A or AAAA)
13-Aug-2019 16:40:54.661 general: error: zone net/IN: clairaudient.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:40:54.719 general: error: zone net/IN: clearman.net/NS 'dns1.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:40:54.720 general: error: zone net/IN: clearman.net/NS 'dns2.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:40:54.781 general: error: zone net/IN: clonewarsadventures.net/NS 'ns1.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:40:54.781 general: error: zone net/IN: clonewarsadventures.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:40:54.781 general: error: zone net/IN: clonewarsadventures.net/NS 'ns5.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:40:54.781 general: error: zone net/IN: clonewarsadventures.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:40:55.500 general: error: zone net/IN: courthousedata.net/NS 'ns1.digitalparagon.net.lamedelegationservers.net' has no address records (A or AAAA)
13-Aug-2019 16:40:55.573 general: error: zone net/IN: cpldis.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:40:55.573 general: error: zone net/IN: cpldis.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:40:55.574 general: error: zone net/IN: cpldistribution.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:40:55.574 general: error: zone net/IN: cpldistribution.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:40:55.883 general: error: zone net/IN: culturewar.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:40:56.467 general: error: zone net/IN: deliverlab.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:56.468 general: error: zone net/IN: deliverlab.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:56.972 general: error: zone net/IN: distrirecrute.net/NS 'dns1.canelle-hebergement.net' has no address records (A or AAAA)
13-Aug-2019 16:40:56.972 general: error: zone net/IN: distrirecrute.net/NS 'dns2.canelle-hebergement.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.472 general: error: zone net/IN: dumpcore.net/NS 'dns.taowebs.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.768 general: error: zone net/IN: ecomversion.net/NS 'ns1.ovhosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.768 general: error: zone net/IN: ecomversion.net/NS 'ns2.ovhosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.768 general: error: zone net/IN: ecomversions.net/NS 'lanternshop-dns3.ovhosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.768 general: error: zone net/IN: ecomversions.net/NS 'lanternshop-dns4.ovhosts.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.940 general: error: zone net/IN: eisecurity.net/NS 'ns1.eiservices.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.940 general: error: zone net/IN: eisecurity.net/NS 'ns5.eiservices.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.940 general: error: zone net/IN: eisecurity.net/NS 'ns6.eiservices.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.940 general: error: zone net/IN: eisecurity.net/NS 'ns7.eiservices.net' has no address records (A or AAAA)
13-Aug-2019 16:40:57.940 general: error: zone net/IN: eisecurity.net/NS 'ns8.eiservices.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.105 general: error: zone net/IN: elumen.net/NS 'dns.taowebs.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.141 general: error: zone net/IN: emeraldgalleries.net/NS 'ns1.xgdns.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.141 general: error: zone net/IN: emeraldgalleries.net/NS 'ns2.xgdns.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1033811888-1563885214813-2-h.net/NS 'emt-ns1.emt-t-1103083444-1563602472054-2-tula.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1064922227-1563888196065-2-rktw.net/NS 'emt-ns1.emt-t-1186833606-1563516024397-2-hjjv.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1208953414-1563887187191-2-ydky.net/NS 'emt-ns1.emt-t-521044988-1563555868629-2-zok.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1377472001-1563884928211-2-d.net/NS 'emt-ns1.emt-t-404928151-1563602625049-2-pqwop.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1422170273-1563884837074-2-xp.net/NS 'emt-ns1.emt-t-395988623-1563516180402-2-dedvn.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1423561989-1563813129365-2-zezy.net/NS 'emt-ns1.emt-t-1946008882-1556298364639-2-klcmw.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1425412118-1563887212663-2-sj.net/NS 'emt-ns1.emt-t-1987065963-1563397803543-2-wkcx.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1432042857-1563885914191-2-yqgs.net/NS 'emt-ns1.emt-t-934588395-1563555900018-2-txzpx.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1482706050-1563887403519-2-mbws.net/NS 'emt-ns1.emt-t-1103083444-1563602472054-2-tula.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1587368407-1563886873724-2-edn.net/NS 'emt-ns1.emt-t-1783008994-1563459005754-2-wux.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1622884042-1563834882566-2-e.net/NS 'emt-ns1.emt-t-1987065963-1563397803543-2-wkcx.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1709125541-1563884443047-2-nvtg.net/NS 'emt-ns1.emt-t-934588395-1563555900018-2-txzpx.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1718055931-1563886754249-2-xvr.net/NS 'emt-ns1.emt-t-1186833606-1563516024397-2-hjjv.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1784271004-1563885651039-2-znzgv.net/NS 'emt-ns1.emt-t-404928151-1563602625049-2-pqwop.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1794483390-1563814575114-2-f.net/NS 'emt-ns1.emt-t-453984219-1556298390619-2-wwlb.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1858020672-1563884931045-2-oigg.net/NS 'emt-ns1.emt-t-721736589-1563631392016-2-qhbe.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1876998896-1563845700370-2-gumyr.net/NS 'emt-ns1.emt-t-934588395-1563555900018-2-txzpx.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-1905340372-1563887095552-2-yopm.net/NS 'emt-ns1.emt-t-721736589-1563631392016-2-qhbe.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-2042827301-1563816086172-2-r.net/NS 'emt-ns1.emt-t-453984219-1556298390619-2-wwlb.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-2076013125-1563815422320-2-y.net/NS 'emt-ns1.emt-t-1946008882-1556298364639-2-klcmw.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-209738102-1563886280328-2-epz.net/NS 'emt-ns1.emt-t-395988623-1563516180402-2-dedvn.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-2098893438-1563896041558-2-ley.net/NS 'emt-ns1.emt-t-894939202-1563895135947-2-zgmxg.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-2125047043-1563886670588-2-qtdm.net/NS 'emt-ns1.emt-t-934588395-1563555900018-2-txzpx.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-2143532205-1563814635289-2-zl.net/NS 'emt-ns1.emt-t-1946008882-1556298364639-2-klcmw.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-284928577-1563885034158-2-t.net/NS 'emt-ns1.emt-t-1987065963-1563397803543-2-wkcx.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-539725573-1563885766948-2-bnn.net/NS 'emt-ns1.emt-t-1987065963-1563397803543-2-wkcx.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-542328227-1563896828384-2-hgxh.net/NS 'emt-ns1.emt-t-840880512-1563895162167-2-wuud.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-543081026-1563886719314-2-bbf.net/NS 'emt-ns1.emt-t-1102776308-1563602444945-2-un.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-603946136-1563896077893-2-w.net/NS 'emt-ns1.emt-t-840880512-1563895162167-2-wuud.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.199 general: error: zone net/IN: emt-t-60858781-1563887098507-2-ohf.net/NS 'emt-ns1.emt-t-404928151-1563602625049-2-pqwop.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.200 general: error: zone net/IN: emt-t-630572779-1563813852659-2-xhr.net/NS 'emt-ns1.emt-t-453984219-1556298390619-2-wwlb.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.200 general: error: zone net/IN: emt-t-640222669-1563896800928-2-xsp.net/NS 'emt-ns1.emt-t-894939202-1563895135947-2-zgmxg.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.200 general: error: zone net/IN: emt-t-712846578-1563885710780-2-vyhql.net/NS 'emt-ns1.emt-t-521044988-1563555868629-2-zok.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.200 general: error: zone net/IN: emt-t-782016718-1563886033659-2-s.net/NS 'emt-ns1.emt-t-1186833606-1563516024397-2-hjjv.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.200 general: error: zone net/IN: emt-t-834812770-1563887001847-2-rifs.net/NS 'emt-ns1.emt-t-395988623-1563516180402-2-dedvn.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.200 general: error: zone net/IN: emt-t-924788770-1563811622835-2-hi.net/NS 'emt-ns1.emt-t-453984219-1556298390619-2-wwlb.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.200 general: error: zone net/IN: emt-t-998887898-1563885947561-2-i.net/NS 'emt-ns1.emt-t-1103083444-1563602472054-2-tula.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.377 general: error: zone net/IN: eqnlandmark.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.452 general: error: zone net/IN: erzax.net/NS 'ns1.trxhost.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.452 general: error: zone net/IN: erzax.net/NS 'ns2.trxhost.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.671 general: error: zone net/IN: everquestnextlandmark.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.850 general: error: zone net/IN: ezua.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.850 general: error: zone net/IN: ezua.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.864 general: error: zone net/IN: f9update.net/NS 'ns1.proplannetworks.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.864 general: error: zone net/IN: f9update.net/NS 'ns2.proplannetworks.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.919 general: error: zone net/IN: faisalblog.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:40:58.919 general: error: zone net/IN: faisalblog.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:00.525 general: error: zone net/IN: gigglebooks.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:00.525 general: error: zone net/IN: gigglebooks.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:00.525 general: error: zone net/IN: gigglepops.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:00.525 general: error: zone net/IN: gigglepops.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:00.719 general: error: zone net/IN: gocketnoi.net/NS 'ns1.zingteen.net' has no address records (A or AAAA)
13-Aug-2019 16:41:00.719 general: error: zone net/IN: gocketnoi.net/NS 'ns2.zingteen.net' has no address records (A or AAAA)
13-Aug-2019 16:41:01.126 general: error: zone net/IN: grupoalbacora.net/NS 'dns69.redemptionperiodhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:01.126 general: error: zone net/IN: grupoalbacora.net/NS 'dns79.redemptionperiodhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:01.169 general: error: zone net/IN: gtres.net/NS 'dns111.redemptionperiodhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:01.169 general: error: zone net/IN: gtres.net/NS 'dns112.redemptionperiodhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:01.272 general: error: zone net/IN: gxn7.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:01.272 general: error: zone net/IN: gxn7.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:01.349 general: error: zone net/IN: hahakids.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:01.349 general: error: zone net/IN: hahakids.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:02.384 general: error: zone net/IN: howtoweddingfair.net/NS 'ns1.onguide.net' has no address records (A or AAAA)
13-Aug-2019 16:41:02.783 general: error: zone net/IN: identisend.net/NS 'ns1.zenithdatasystems.net' has no address records (A or AAAA)
13-Aug-2019 16:41:02.783 general: error: zone net/IN: identisend.net/NS 'ns2.zenithdatasystems.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.424 general: error: zone net/IN: insurancevillage.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.424 general: error: zone net/IN: insurancevillage.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.578 general: error: zone net/IN: ionnxa.net/NS 'ns1.trxhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.578 general: error: zone net/IN: ionnxa.net/NS 'ns2.trxhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.831 general: error: zone net/IN: iukxn.net/NS 'ns1.trxhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.831 general: error: zone net/IN: iukxn.net/NS 'ns2.trxhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.856 general: error: zone net/IN: iwicommunity.net/NS 'ns3.hostinz.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.856 general: error: zone net/IN: iwicommunity.net/NS 'ns4.hostinz.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.994 general: error: zone net/IN: jarrodsmith.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:03.994 general: error: zone net/IN: jarrodsmith.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:04.073 general: error: zone net/IN: jeannetterowe.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:04.073 general: error: zone net/IN: jeannetterowe.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:04.566 general: error: zone net/IN: juntoplus.net/NS 'ns1.biztekinc.net' has no address records (A or AAAA)
13-Aug-2019 16:41:04.567 general: error: zone net/IN: juntoplus.net/NS 'ns2.biztekinc.net' has no address records (A or AAAA)
13-Aug-2019 16:41:04.722 general: error: zone net/IN: kanamono-club.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:04.722 general: error: zone net/IN: kanamono-club.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:05.095 general: error: zone net/IN: kingsys.net/NS 'dns.cndomain.net' has no address records (A or AAAA)
13-Aug-2019 16:41:05.099 general: error: zone net/IN: kinlyside.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:05.099 general: error: zone net/IN: kinlyside.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:05.371 general: error: zone net/IN: krisk.net/NS 'dns1.sudet.net' has no address records (A or AAAA)
13-Aug-2019 16:41:05.458 general: error: zone net/IN: kurumakaitori-navi.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:05.458 general: error: zone net/IN: kurumakaitori-navi.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:05.654 general: error: zone net/IN: landmarkthegame.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:05.676 general: error: zone net/IN: lanranger.net/NS 'dns1.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:05.676 general: error: zone net/IN: lanranger.net/NS 'dns2.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.130 general: error: zone net/IN: libertyoffices.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.130 general: error: zone net/IN: libertyoffices.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.385 general: error: zone net/IN: liyn-an.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.385 general: error: zone net/IN: liyn-an.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.430 general: error: zone net/IN: loblolly.net/NS 'dns1.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.430 general: error: zone net/IN: loblolly.net/NS 'dns2.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.453 general: error: zone net/IN: locksmith-24.net/NS 'ns1.dnssites.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.454 general: error: zone net/IN: locksmith-24.net/NS 'ns2.dnssites.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.552 general: error: zone net/IN: lortsmith.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.552 general: error: zone net/IN: lortsmith.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.708 general: error: zone net/IN: lumilab.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.708 general: error: zone net/IN: lumilab.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.860 general: error: zone net/IN: maddoxsmith.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.860 general: error: zone net/IN: maddoxsmith.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.993 general: error: zone net/IN: makerteam.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:06.993 general: error: zone net/IN: makerteam.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:07.257 general: error: zone net/IN: maryjobrown.net/NS 'ns1.rscs.net' has no address records (A or AAAA)
13-Aug-2019 16:41:07.258 general: error: zone net/IN: maryjobrown.net/NS 'ns2.rscs.net' has no address records (A or AAAA)
13-Aug-2019 16:41:07.341 general: error: zone net/IN: mattcannon.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:07.341 general: error: zone net/IN: mattcannon.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:07.425 general: error: zone net/IN: mbnog.net/NS 'ns2.henchman21.net' has no address records (A or AAAA)
13-Aug-2019 16:41:07.884 general: error: zone net/IN: micromaq.net/NS 'dns120.redemptionperiodhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:07.884 general: error: zone net/IN: micromaq.net/NS 'dns121.redemptionperiodhost.net' has no address records (A or AAAA)
13-Aug-2019 16:41:08.023 general: error: zone net/IN: minerpro.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:08.023 general: error: zone net/IN: minerpro.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:08.206 general: error: zone net/IN: mobileatms.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:08.206 general: error: zone net/IN: mobileatms.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:08.384 general: error: zone net/IN: moonpoongji.net/NS 'ns.homekorea.net' has no address records (A or AAAA)
13-Aug-2019 16:41:09.392 general: error: zone net/IN: nevskiyprospekt.net/NS 'ns1.moriboydns.net.lamedelegationservers.net' has no address records (A or AAAA)
13-Aug-2019 16:41:09.392 general: error: zone net/IN: nevskiyprospekt.net/NS 'ns2.moriboydns.net.lamedelegationservers.net' has no address records (A or AAAA)
13-Aug-2019 16:41:09.426 general: error: zone net/IN: newitonline.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:09.426 general: error: zone net/IN: newitonline.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:09.554 general: error: zone net/IN: nickstricks.net/NS 'ns1.quid5.net' has no address records (A or AAAA)
13-Aug-2019 16:41:09.554 general: error: zone net/IN: nickstricks.net/NS 'ns2.quid5.net' has no address records (A or AAAA)
13-Aug-2019 16:41:10.350 general: error: zone net/IN: onlinedatingblueprint.net/NS 'ns1.recorderbooks.net' has no address records (A or AAAA)
13-Aug-2019 16:41:10.350 general: error: zone net/IN: onlinedatingblueprint.net/NS 'ns2.recorderbooks.net' has no address records (A or AAAA)
13-Aug-2019 16:41:10.850 general: error: zone net/IN: pamaterial.net/NS 'ns3.store.onthee.net' has no address records (A or AAAA)
13-Aug-2019 16:41:10.850 general: error: zone net/IN: pamaterial.net/NS 'ns13.store.onthee.net' has no address records (A or AAAA)
13-Aug-2019 16:41:10.850 general: error: zone net/IN: pamaterial.net/NS 'ns19.store.onthee.net' has no address records (A or AAAA)
13-Aug-2019 16:41:10.864 general: error: zone net/IN: pandawastore.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:10.864 general: error: zone net/IN: pandawastore.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.041 general: error: zone net/IN: patrihotel.net/NS 'ns1.recorderbooks.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.041 general: error: zone net/IN: patrihotel.net/NS 'ns2.recorderbooks.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.105 general: error: zone net/IN: pbindo.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.105 general: error: zone net/IN: pbindo.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.105 general: error: zone net/IN: pbindonesia.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.105 general: error: zone net/IN: pbindonesia.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.282 general: error: zone net/IN: personalphysiciansgroup.net/NS 'dns1.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.282 general: error: zone net/IN: personalphysiciansgroup.net/NS 'dns2.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.922 general: error: zone net/IN: posnav.net/NS 'ns.bx.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.922 general: error: zone net/IN: posnav.net/NS 'ns2.bx.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.980 general: error: zone net/IN: ppgcalendar.net/NS 'dns1.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:11.980 general: error: zone net/IN: ppgcalendar.net/NS 'dns2.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:12.609 general: error: zone net/IN: quadnetit.net/NS 'ns1.ormis.net' has no address records (A or AAAA)
13-Aug-2019 16:41:12.609 general: error: zone net/IN: quadnetit.net/NS 'ns2.ormis.net' has no address records (A or AAAA)
13-Aug-2019 16:41:12.795 general: error: zone net/IN: raid-data.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:12.795 general: error: zone net/IN: raid-data.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:12.913 general: error: zone net/IN: razorsports.net/NS 'ns1.biztekinc.net' has no address records (A or AAAA)
13-Aug-2019 16:41:12.913 general: error: zone net/IN: razorsports.net/NS 'ns2.biztekinc.net' has no address records (A or AAAA)
13-Aug-2019 16:41:13.289 general: error: zone net/IN: residualincomebiz.net/NS 'ns1.wappoo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:13.290 general: error: zone net/IN: residualincomebiz.net/NS 'ns2.wappoo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:13.550 general: error: zone net/IN: rncarpio.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:13.869 general: error: zone net/IN: rustads.net/NS 'ns1.greatplainshosting.net' has no address records (A or AAAA)
13-Aug-2019 16:41:13.869 general: error: zone net/IN: rustads.net/NS 'ns2.greatplainshosting.net' has no address records (A or AAAA)
13-Aug-2019 16:41:14.392 general: error: zone net/IN: schwarz-mode.net/NS 'ns3.uubi.net' has no address records (A or AAAA)
13-Aug-2019 16:41:14.439 general: error: zone net/IN: scoutingpages.net/NS 'ns01.bwwest.net' has no address records (A or AAAA)
13-Aug-2019 16:41:14.439 general: error: zone net/IN: scoutingpages.net/NS 'ns02.bwwest.net' has no address records (A or AAAA)
13-Aug-2019 16:41:14.654 general: error: zone net/IN: sellsword.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:14.803 general: error: zone net/IN: setoband.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:14.803 general: error: zone net/IN: setoband.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.253 general: error: zone net/IN: simplesystem123.net/NS 'ns1.wappoo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.253 general: error: zone net/IN: simplesystem123.net/NS 'ns2.wappoo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.374 general: error: zone net/IN: skatechina.net/NS 'dns.cndomain.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.417 general: error: zone net/IN: sky-wars.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.417 general: error: zone net/IN: sky-wars.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.524 general: error: zone net/IN: smartmeterservices.net/NS 'ns1.webtized.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.524 general: error: zone net/IN: smartmeterservices.net/NS 'ns2.webtized.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.537 general: error: zone net/IN: smartycat.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.537 general: error: zone net/IN: smartycat.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.550 general: error: zone net/IN: smile-sharing.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.550 general: error: zone net/IN: smile-sharing.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.665 general: error: zone net/IN: soedirect.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.665 general: error: zone net/IN: soedirect.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.665 general: error: zone net/IN: soedirect.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.665 general: error: zone net/IN: soegame.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.665 general: error: zone net/IN: soegame.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.665 general: error: zone net/IN: soegame.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.665 general: error: zone net/IN: soegames.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.665 general: error: zone net/IN: soegames.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.665 general: error: zone net/IN: soegames.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.788 general: error: zone net/IN: sony-online.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.788 general: error: zone net/IN: sony-online.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.788 general: error: zone net/IN: sony-online.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.788 general: error: zone net/IN: sony-station.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.788 general: error: zone net/IN: sony-station.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.788 general: error: zone net/IN: sony-station.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.788 general: error: zone net/IN: sony-verant.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.788 general: error: zone net/IN: sony-verant.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.788 general: error: zone net/IN: sony-verant.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.789 general: error: zone net/IN: sonygames.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.789 general: error: zone net/IN: sonygames.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.789 general: error: zone net/IN: sonygames.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonyonlineentertainment.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonyonlineentertainment.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonyonlineentertainment.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonystation.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonystation.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonystation.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonystyle.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonystyle.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonystyle.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonyverant.net/NS 'ns2.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonyverant.net/NS 'ns4.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.790 general: error: zone net/IN: sonyverant.net/NS 'ns6.sonyonline.net' has no address records (A or AAAA)
13-Aug-2019 16:41:15.967 general: error: zone net/IN: spellstrike.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:16.144 general: error: zone net/IN: stacktrace.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:16.352 general: error: zone net/IN: stockbon.net/NS 'dns.taowebs.net' has no address records (A or AAAA)
13-Aug-2019 16:41:16.697 general: error: zone net/IN: supraluminal.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:16.748 general: error: zone net/IN: suveniri.net/NS 'dns1.zgmedia.net.lamedelegationservers.net' has no address records (A or AAAA)
13-Aug-2019 16:41:16.825 general: error: zone net/IN: swordspoint.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:17.391 general: error: zone net/IN: teonor.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.014 general: error: zone net/IN: thewilkinsonfamily.net/NS 'ns1.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.014 general: error: zone net/IN: thewilkinsonfamily.net/NS 'ns2.year2100.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.063 general: error: zone net/IN: thinmoon.net/NS 'dns01-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.063 general: error: zone net/IN: thinmoon.net/NS 'dns02-server-cowboy-net.unavailable-hosts.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.105 general: error: zone net/IN: threadsafe.net/NS 'penfold.troo.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.300 general: error: zone net/IN: tneicna.net/NS 'zeus.insolwwb.net.lamedelegationservers.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.300 general: error: zone net/IN: tneicna.net/NS 'alpha.insolwwb.net.lamedelegationservers.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.362 general: error: zone net/IN: tomdc.net/NS 'ns1.mackrotech.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.362 general: error: zone net/IN: tomdc.net/NS 'ns2.mackrotech.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.488 general: error: zone net/IN: touchhoneymoonfair.net/NS 'ns1.onguide.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.506 general: error: zone net/IN: tourtok.net/NS 'yee.hellostock.net' has no address records (A or AAAA)
13-Aug-2019 16:41:18.936 general: error: zone net/IN: turtlecat.net/NS 'ns1.rscs.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.169 general: error: zone net/IN: uncledirt.net/NS 'dns.taowebs.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.392 general: error: zone net/IN: usrlocalsrc.net/NS 'ns1.ithsv.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.392 general: error: zone net/IN: usrlocalsrc.net/NS 'ns2.ithsv.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.764 general: error: zone net/IN: videoadv.net/NS 'dns1.newmediaplan.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.764 general: error: zone net/IN: videoadv.net/NS 'dns2.newmediaplan.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.875 general: error: zone net/IN: viral57.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.875 general: error: zone net/IN: viral57.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.875 general: error: zone net/IN: viral81.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.875 general: error: zone net/IN: viral81.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.970 general: error: zone net/IN: vivanewton.net/NS 'dns1.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:19.970 general: error: zone net/IN: vivanewton.net/NS 'dns2.ryza.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.135 general: error: zone net/IN: vxe4.net/NS 'ns1.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.135 general: error: zone net/IN: vxe4.net/NS 'ns2.dreamnesia.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.162 general: error: zone net/IN: waecghana.net/NS 'my.ormis.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.162 general: error: zone net/IN: waecghana.net/NS 'your.ormis.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.165 general: error: zone net/IN: wafrica.net/NS 'ns1.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.165 general: error: zone net/IN: wafrica.net/NS 'ns2.multicpu.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.231 general: error: zone net/IN: waratahlodge.net/NS 'ns1.fasthostserver.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.231 general: error: zone net/IN: waratahlodge.net/NS 'ns2.fasthostserver.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.423 general: error: zone net/IN: webxct.net/NS 'ns1.qwkinet.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.423 general: error: zone net/IN: webxct.net/NS 'ns2.qwkinet.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.431 general: error: zone net/IN: weddinghallchoice.net/NS 'ns1.onguide.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.607 general: error: zone net/IN: wheretostay.net/NS 'ns1.wtsn.net' has no address records (A or AAAA)
13-Aug-2019 16:41:20.607 general: error: zone net/IN: wheretostay.net/NS 'ns2.wtsn.net' has no address records (A or AAAA)
13-Aug-2019 16:41:21.028 general: error: zone net/IN: wsmtp.net/NS 'ns1.ithsv.net' has no address records (A or AAAA)
13-Aug-2019 16:41:21.028 general: error: zone net/IN: wsmtp.net/NS 'ns2.ithsv.net' has no address records (A or AAAA)
13-Aug-2019 16:41:21.925 general: error: zone net/IN: ygtrade.net/NS 'ns.fnsoft.net' has no address records (A or AAAA)
13-Aug-2019 16:41:21.960 general: error: zone net/IN: yiwutown.net/NS 'ns.fnsoft.net' has no address records (A or AAAA)
13-Aug-2019 16:41:22.169 general: error: zone net/IN: yuuzoo.net/NS 'ns0.allwedoisit.domaindeletedtpp.net' has no address records (A or AAAA)
13-Aug-2019 16:41:22.169 general: error: zone net/IN: yuuzoo.net/NS 'ns1.allwedoisit.domaindeletedtpp.net' has no address records (A or AAAA)
13-Aug-2019 16:41:22.376 general: error: zone net/IN: zigbeemeter.net/NS 'ns1.webtized.net' has no address records (A or AAAA)
13-Aug-2019 16:41:22.376 general: error: zone net/IN: zigbeemeter.net/NS 'ns2.webtized.net' has no address records (A or AAAA)
13-Aug-2019 16:41:22.377 general: error: zone net/IN: zigbeemetering.net/NS 'ns1.webtized.net' has no address records (A or AAAA)
13-Aug-2019 16:41:22.377 general: error: zone net/IN: zigbeemetering.net/NS 'ns2.webtized.net' has no address records (A or AAAA)
13-Aug-2019 16:41:43.279 general: debug 1: dns_zone_verifydb: zone net/IN: enter
13-Aug-2019 16:41:43.279 database: debug 1: calling free_rbtdb(net)
13-Aug-2019 16:41:43.279 database: debug 1: adjust_quantum: old=100, new=325
13-Aug-2019 16:41:43.279 general: debug 1: zone_settimer: zone net/IN: enter
13-Aug-2019 16:41:43.280 zoneload: info: zone net/IN: loaded serial 1563897768 (DNSSEC signed)
13-Aug-2019 16:41:43.283 database: debug 1: adjust_quantum: old=325, new=493
13-Aug-2019 16:41:43.283 general: debug 1: zone_timer: zone net/IN: enter
13-Aug-2019 16:41:43.283 general: debug 1: zone_maintenance: zone net/IN: enter
13-Aug-2019 16:41:43.284 notify: info: zone net/IN: sending notifies (serial 1563897768)
13-Aug-2019 16:41:43.284 general: debug 1: zone_settimer: zone net/IN: enter
13-Aug-2019 16:41:43.284 database: debug 1: adjust_quantum: old=493, new=619
13-Aug-2019 16:41:43.285 database: debug 1: adjust_quantum: old=619, new=714
13-Aug-2019 16:41:43.286 database: debug 1: adjust_quantum: old=714, new=785
13-Aug-2019 16:41:43.286 database: debug 1: adjust_quantum: old=785, new=838
13-Aug-2019 16:41:43.287 database: debug 1: adjust_quantum: old=838, new=878
13-Aug-2019 16:41:43.288 database: debug 1: adjust_quantum: old=878, new=908
13-Aug-2019 16:41:43.288 database: debug 1: adjust_quantum: old=908, new=931
13-Aug-2019 16:41:43.289 database: debug 1: adjust_quantum: old=931, new=948
13-Aug-2019 16:41:43.289 database: debug 1: adjust_quantum: old=948, new=961
13-Aug-2019 16:41:43.290 database: debug 1: adjust_quantum: old=961, new=970
13-Aug-2019 16:41:43.290 database: debug 1: adjust_quantum: old=970, new=977
13-Aug-2019 16:41:43.291 database: debug 1: adjust_quantum: old=977, new=982
13-Aug-2019 16:41:43.292 database: debug 1: adjust_quantum: old=982, new=986
13-Aug-2019 16:41:43.292 database: debug 1: adjust_quantum: old=986, new=989
13-Aug-2019 16:41:43.293 database: debug 1: adjust_quantum: old=989, new=991
13-Aug-2019 16:41:43.293 database: debug 1: adjust_quantum: old=991, new=993
13-Aug-2019 16:41:43.294 database: debug 1: adjust_quantum: old=993, new=994
13-Aug-2019 16:41:43.294 database: debug 1: adjust_quantum: old=994, new=995
13-Aug-2019 16:41:43.295 database: debug 1: adjust_quantum: old=995, new=996
13-Aug-2019 16:41:43.296 database: debug 1: adjust_quantum: old=996, new=997
13-Aug-2019 16:41:48.094 database: debug 1: done free_rbtdb(net)
```
dig.log
```
# while true; do date; dig @127.0.0.1 SOA net |egrep 'a.gtld-servers.net.|Query time|timed out';echo ""; sleep 1; done
Tue Aug 13 16:40:14 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:15 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:16 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 1 msec
Tue Aug 13 16:40:17 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:18 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:19 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 1 msec
Tue Aug 13 16:40:20 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:22 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:23 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:24 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 1 msec
Tue Aug 13 16:40:25 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:26 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:27 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:28 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:29 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:30 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 1 msec
Tue Aug 13 16:40:32 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:33 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:34 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:35 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 385 msec
Tue Aug 13 16:40:38 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:40 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:41 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:42 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:43 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 1 msec
Tue Aug 13 16:40:44 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 1 msec
Tue Aug 13 16:40:45 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:46 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:48 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:49 UTC 2019
;; connection timed out; no servers could be reached
Tue Aug 13 16:40:54 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 8 msec
Tue Aug 13 16:40:55 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:56 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:40:57 UTC 2019
;; connection timed out; no servers could be reached
Tue Aug 13 16:41:02 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:04 UTC 2019
;; connection timed out; no servers could be reached
Tue Aug 13 16:41:09 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:10 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:11 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:12 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:13 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:14 UTC 2019
;; connection timed out; no servers could be reached
Tue Aug 13 16:41:19 UTC 2019
;; connection timed out; no servers could be reached
Tue Aug 13 16:41:24 UTC 2019
;; connection timed out; no servers could be reached
Tue Aug 13 16:41:30 UTC 2019
;; connection timed out; no servers could be reached
Tue Aug 13 16:41:35 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:36 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:37 UTC 2019
;; connection timed out; no servers could be reached
Tue Aug 13 16:41:42 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897767 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:43 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:44 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:45 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:47 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:48 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:49 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:50 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:51 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:52 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:53 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:55 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:56 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
Tue Aug 13 16:41:57 UTC 2019
net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1563897768 1800 900 604800 86400
;; Query time: 0 msec
```
### Possible fixes
I have no idea. But as this happend to me so often with different setups, VMs, Bind versions I think there may be a internal problem with bind during zone reload (locking ...).
[bind9.log](/uploads/64cda56df8f5bae54b1e1e9627008b34/bind9.log)[dig.log](/uploads/afe1a1cf8f4fc882ba46e451f88ebf55/dig.log)Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4584Feature request: streamline the behavior of 'hostname' and 'server-id'2024-02-15T15:24:10ZMarco DavidsFeature request: streamline the behavior of 'hostname' and 'server-id'### Description
`hostname` default is the hostname of the machine hosting the name server, as found by the gethostname() function.
`server-id` default is `none`.
This may lead to confusion. Especially since other vendors (Unbound, Kno...### Description
`hostname` default is the hostname of the machine hosting the name server, as found by the gethostname() function.
`server-id` default is `none`.
This may lead to confusion. Especially since other vendors (Unbound, Knot) do it differently by combining the two (via the `identity` option).
### Request
To put both option-defaults more inline with each other. And perhaps even to consider to combine them, instead of treating them as separate entities. RFC4892 seams to suggest they are alternative ways of pointing to the same thing and this is also how Knot and Unbound interpret it.
Perhaps, while at it, also consider the usefulness of SOA and NS records in the reply (in the case of `CH ANY version.bind` and `CH ANY authors.bind`), because they are still shown, even if `server-id` is undefined, while their existence is not clear.
### Links / references
RFC4892 and RFC5001 may be relevant.https://gitlab.isc.org/isc-projects/bind9/-/issues/3912Updates to DoH +http and +https options for dig2023-03-14T16:16:02ZAlexey ChernyakUpdates to DoH +http and +https options for dig### Description
This is a request for updating DoH options in `dig` by:
1. Adding new options for specifying HTTP `:authority` pseudo-header and/or `Host:` header
2. Adding shorter alternatives to the existing HTTP/2 options.
### Reque...### Description
This is a request for updating DoH options in `dig` by:
1. Adding new options for specifying HTTP `:authority` pseudo-header and/or `Host:` header
2. Adding shorter alternatives to the existing HTTP/2 options.
### Request
**1. New DoH Options**
Add new `+http-authority=value` option to control the HTTP/2 (or HTTP/3) `:authority` pseudo-header within the DoH HTTP request, i.e.:
```
:method = GET
:scheme = https
:authority = dnsserver.example.net
```
Also add new `+http-host=value` option to control the HTTP/1.1 or HTTP/2 or HTTP/3 `Host:` header within the DoH HTTP request, i.e.:
```
:method = GET
:scheme = https
Host: dnsserver.example.net
```
These options are required for 2 use cases:
1. Bootstrapping a DoH query to a `@server` IP address without relying on any additional DNS resolution of the `@server` hostname.
2. Domain Fronting of DoH once issue #3896 implements SNI support in `dig`.
The expected future behaviour is:
* `@server` argument and `-p` option control what server IP address and port `dig` connects to.
* `+tls-sni` option controls what SNI hostname `dig` requests in `ClientHello` during TLS handshake.
* `+http-authority` and `-p` options control what `dig` requests within the HTTP `:authority` pseudo-header.
* `+http-host` and `-p` options control what `dig` requests within the HTTP `Host:` header.
* `+tls-hostname` option controls `dig` validation of certificate returned by `ServerHello` during TLS handshake.
HTTP `:authority` pseudo-header or HTTP `Host:` header should apply regardless of whether or not DoH connection is encapsulated in TLS.
Proposed logic is something along the lines of:
```
if request is DoH (either h2 or h2c)
if +http-authority option is specified
validate option input
HTTPauthority = option value
else if +http-host option is specified
validate option input
HTTPHost = option value
else if @server argument is a hostname
HTTPauthority = argument value
else if +tls-sni option is specified
HTTPauthority = option value
else if +tls-hostname option is specified
HTTPauthority = option value
else
HTTPauthority = server IP address
if +http-host option is specified
validate option input
HTTPHost = option value
if -p option is specified
if HTTPauthority is specified
if HTTPauthority doesn't include :port
HTTPauthority = HTTPauthority + ":" + port
if HTTPHost is specified
if HTTPHost doesn't include :port
HTTPHost = HTTPHost + ":" + port
if HTTPHost and HTTPauthority are specified
if HTTPHost differs from HTTPauthority
error
```
**2. Shorter Alternatives**
The DNSSEC option in `dig` currently has a number of shorter alternatives:
```
+dnssec, +do, +nodnssec, +nodo
```
This request is to add similar shorter standard HTTP/2 `h2` and `h2c` protocol identifier option alternatives to all existing `+http*` options in `dig`.
The proposed changes are outlined in the table below:
| Current | Proposed |
| --- | --- |
| `+https[=value], +nohttps` | `+https[=value], +h2[=value], +nohttps, +noh2 ` |
| `+https-get[=value], +nohttps-get` | `+https-get[=value], +h2-get[=value], +nohttps-get, +noh2-get` |
| `+https-post[=value], +nohttps-post` | `+https-post[=value], +h2-post[=value], +nohttps-post, +noh2-post` |
| `+http-plain[=value], +nohttp-plain` | `+http-plain[=value], +h2c[=value], +nohttp-plain, +noh2c` |
| `+http-plain-get[=value], +nohttp-plain-get` | `+http-plain-get[=value], +h2c-get[=value], +nohttp-plain-get, +noh2c-get` |
| `+http-plain-post[=value], +nohttp-plain-post` | `+http-plain-post[=value], +h2c-post[=value], +nohttp-plain-post, +noh2c-post` |
The use cases for this are:
* Reduction of some options length down to just 30% of the current.
* In the future ability to differentiate them from `+h3*` versions of these options when support for HTTP/3 DoH3 and DoQ is added (e.g. via nghttp3).
### Links / references
For HTTP `:authority` pseudo-header and `Host:` header request see:
* [Section 7.2 of RFC 9110: HTTP Semantics](https://datatracker.ietf.org/doc/html/rfc9110#section-7.2).
* [Section 8.3.1 of RFC 9113: HTTP/2](https://datatracker.ietf.org/doc/html/rfc9113#section-8.3.1).
* [Section 4.3.1 of RFC 9114: HTTP/3](https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1).
For standard definitions of `h2`, `h2c`, `h3`, `dot` and `doq` protocol identifiers see:
* [TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids)
* [Section 3.1 of RFC 9113: HTTP/2](https://datatracker.ietf.org/doc/html/rfc9113#section-3.1).
* [Section 11.1 of RFC 9114: HTTP/3](https://datatracker.ietf.org/doc/html/rfc9114#section-11.1).Not plannedArtem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3490ARM-9.18.5: Debug-Level for the example regarding "query-errors" is not corre...2022-08-16T12:37:09ZThomas AmgartenARM-9.18.5: Debug-Level for the example regarding "query-errors" is not correct documented<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
Regarding the current ARM (9.18.5) on page 102 (explanation about the 'The query-errors Category'), the message "fetch completed at resolver.c:..." about the detailed context information which results in ```SERVFAIL``` should be logged in ```debug``` level 2 or higher, but in reality, this message will only be logged with ```debug``` level 4 or higher. See the corresponding output with ```debug``` level 4 in BIND-9.18.5 below:
```
12-Aug-2022 08:47:08.225 query-errors: debug 4: fetch completed at resolver.c:5607 for dnssec-failed.org/A in 1.204014: broken trust chain/broken trust chain [domain:dnssec-failed.org,referral:1,restart:2,qrysent:1,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:1
```
### BIND version used
9.18.5
### Steps to reproduce
* Enable query-errors logging with level 2
```
logging {
channel query-errors {
file "/var/log/named/named.log";
severity debug 2;
print-severity yes;
print-time yes;
print-category yes;
category query-errors { query-errors; };
};
```
* ```dig``` for ```dnssec-failed.org``` and check the output for the detailed information. In ```severity debug 2;```, the log contains only the following message **and not** the detailed information:
```
12-Aug-2022 08:57:30.971 query-errors: debug 1: client @0x7f8960a0a168 192.168.236.2#58015 (dnssec-failed.org): query failed (broken trust chain) for dnssec-failed.org/IN/A at query.c:7722
```
### What is the current *bug* behavior?
Debug level information is wrong in the ARM.
### What is the expected *correct* behavior?
The correct debug level like this:
_At ```debug``` level 4 or higher, detailed context information about recursive resolutions that resulted in SERVFAIL is logged.
The log message looks like this:_
```
...
...
```
### Relevant configuration filesNot plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3432module_postgres support2022-07-01T06:52:04ZCaglar Ulkudernermodule_postgres support### Description
Since old style dlz drivers have been removed, module_postgres is not supported on new bind.
### Request
Please include module_postgres support to enable multi cpu on dlz query.
### Links / references### Description
Since old style dlz drivers have been removed, module_postgres is not supported on new bind.
### Request
Please include module_postgres support to enable multi cpu on dlz query.
### Links / referencesNot plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/30979.16 responds with Additional section even though "minimal-responses" is set ...2022-03-21T14:37:51ZGreg Choules9.16 responds with Additional section even though "minimal-responses" is set to yesAs reported in [20030](https://support.isc.org/Ticket/Display.html?id=20030)
An authoritative server (secondary, but it happens on a primary as well) is configured with "minimal-responses yes;". Queries to it - either recursive or non-r...As reported in [20030](https://support.isc.org/Ticket/Display.html?id=20030)
An authoritative server (secondary, but it happens on a primary as well) is configured with "minimal-responses yes;". Queries to it - either recursive or non-recursive - for a name it owns receive a response containing the answer + an Additional section. For comparison, 9.11 provides only the answer section.
This issue is, firstly, a question: why does 9.16 do this and do subsequent versions behave the same way?
Secondly, if this behaviour is unintended can it be fixed?
**Config**
```
options {
minimal-responses yes;
zone "junk" {
type primary;
file "db.junk";
};
```
**zone data**
```
@ SOA test test 2022011301 10800 3600 604800 1800
@ NS a.nsset.junk.
@ NS b.nsset.junk.
a.nsset A 1.2.3.4
b.nsset A 1.2.3.5
```
**dig output**
```
; <<>> DiG 9.16.19 <<>> @127.0.0.1 junk ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44384
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a42ac059d64983360100000061e06294be1d9cc3a16e3adc (good)
;; QUESTION SECTION:
;junk. IN NS
;; ANSWER SECTION:
junk. 1800 IN NS b.nsset.junk.
junk. 1800 IN NS a.nsset.junk.
;; ADDITIONAL SECTION:
a.nsset.junk. 1800 IN A 1.2.3.4
b.nsset.junk. 1800 IN A 1.2.3.5
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 13 17:34:12 GMT 2022
;; MSG SIZE rcvd: 135
```Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3059Follow-up from "Draft: Resolve #3055 by examining RTM_NEWADDR, RTM_DELADDR me...2021-12-20T11:58:16ZEvan HuntFollow-up from "Draft: Resolve #3055 by examining RTM_NEWADDR, RTM_DELADDR messages contents"The following discussion from !5638 should be addressed:
- [ ] @marka started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5638#note_254568): (+3 comments)
> We could also just take the RTM_NEWADDR and...The following discussion from !5638 should be addressed:
- [ ] @marka started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5638#note_254568): (+3 comments)
> We could also just take the RTM_NEWADDR and RTM_DELADDR content and add/delete the interfaces individually rather than scanning at all. Leave scanning for startup / reconfiguration. Queue up events while scanning then process any queued events at the end.
Also, see #3064.https://gitlab.isc.org/isc-projects/bind9/-/issues/3030Feature request: allow named-checkconf to accept "-" as a filename argument a...2023-11-02T17:02:20Zlibchap1Feature request: allow named-checkconf to accept "-" as a filename argument and read from stdinIt would be nice if `named-checkconf` (and possibly other utilities as well) accepted `-` as a source filename with the meaning of stdin.
It's possible to use `/dev/stdin`, but it does not work e.g. from within Python (calling by `subpr...It would be nice if `named-checkconf` (and possibly other utilities as well) accepted `-` as a source filename with the meaning of stdin.
It's possible to use `/dev/stdin`, but it does not work e.g. from within Python (calling by `subprocess.Popen(stdin=PIPE, ...)`.
It's also possible to use `/dev/fd/0`, but it seems not to be very nice.
Related issues: #1014 #1279
Thank you!Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3011rndc addzone accepts secondary zone without primaries2023-11-02T16:26:08ZJP Mensrndc addzone accepts secondary zone without primaries`rndc addzone` accepts addition of secondary zone to a running server without me specifying primaries, even though such a configuration is not permitted in `named.conf`. Is this an error or does it cater for a use-case I'm not familiar w...`rndc addzone` accepts addition of secondary zone to a running server without me specifying primaries, even though such a configuration is not permitted in `named.conf`. Is this an error or does it cater for a use-case I'm not familiar with?
`BIND 9.17.19 (Development Release) <id:e8d1dd3>`
#### named.conf
```
key "rndc-key" {
algorithm hmac-sha256;
secret "4tFLJTPa4EXIY0bkrIzJOj1WNp1KSvYI4HJE+n2vrbo=";
};
options {
directory "/tmp/named";
allow-query { any; };
listen-on { 127.0.0.2; };
listen-on-v6 { none; };
allow-new-zones yes;
recursion no;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
```
#### named -g
```
# named -g
11-Nov-2021 09:41:36.716 starting BIND 9.17.19 (Development Release) <id:e8d1dd3>
11-Nov-2021 09:41:36.716 running on Darwin x86_64 19.6.0 Darwin Kernel Version 19.6.0: Thu Sep 16 20:58:47 PDT 2021; root:xnu-6153.141.40.1~1/RELEASE_X86_64
11-Nov-2021 09:41:36.716 built with '--prefix=/usr/local/bind9git' '--with-libxml2' '--with-json-c' '--with-openssl=/usr/local/Cellar/openssl@1.1/1.1.1l_1/' 'LDFLAGS=-L/usr/local/Cellar/openssl@1.1/1.1.1l_1//lib/' 'CPPFLAGS=-I/usr/local/Cellar/openssl@1.1/1.1.1l_1//include/' 'PYTHON=/usr/local/bin/python3.9'
11-Nov-2021 09:41:36.716 running as: named -g -c /usr/local/etc/named-addzones.conf
11-Nov-2021 09:41:36.716 compiled by CLANG Apple LLVM 12.0.0 (clang-1200.0.32.29)
11-Nov-2021 09:41:36.716 compiled with OpenSSL version: OpenSSL 1.1.1l 24 Aug 2021
11-Nov-2021 09:41:36.716 linked to OpenSSL version: OpenSSL 1.1.1l 24 Aug 2021
11-Nov-2021 09:41:36.716 compiled with libxml2 version: 2.9.4
11-Nov-2021 09:41:36.716 linked to libxml2 version: 20904
11-Nov-2021 09:41:36.716 compiled with json-c version: 0.15
11-Nov-2021 09:41:36.716 linked to json-c version: 0.15
11-Nov-2021 09:41:36.716 compiled with zlib version: 1.2.11
11-Nov-2021 09:41:36.716 linked to zlib version: 1.2.11
...
11-Nov-2021 09:41:44.997 received control channel command 'addzone example.com { type secondary; file "example.com"; };'
11-Nov-2021 09:41:44.997 zone example.com/IN: cannot refresh: no primaries
11-Nov-2021 09:41:44.998 added zone example.com in view _default via addzone
```
#### rndc addzone
```console
$ rndc -k rndc.key addzone example.com '{ type secondary; file "example.com"; };'
```
#### nzf file
```console
# named-nzd2nzf /tmp/named/_default.nzd
zone "example.com" { type secondary; file "example.com"; };
```
If I try to load a `named.conf` with a statically configured secondary without primaries
```
zone "example.net" IN {
type secondary;
file "example.net";
};
```
I get an error:
```
named-addzones.conf:22: zone 'example.net': missing 'primaries' entry
```Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2577Support for RFC 5424 structured syslog data2021-03-15T23:00:42ZCarsten StrotmannSupport for RFC 5424 structured syslog data### Description
The current BIND 9 log data send to syslog is unstructured RFC 3164 style data.
### Request
The newer RFC 5424 defines an optional structure for syslog messages. However applications such as BIND 9 must provide this ad...### Description
The current BIND 9 log data send to syslog is unstructured RFC 3164 style data.
### Request
The newer RFC 5424 defines an optional structure for syslog messages. However applications such as BIND 9 must provide this additional syslog format.
The RFC 5424 format allows easy and robust parsing and filtering of syslog messages.
### Links / references
https://tools.ietf.org/html/rfc5424Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2301Add FIPS mode enabled builds to GitLab CI2022-06-22T15:06:44ZMichal NowakAdd FIPS mode enabled builds to GitLab CIBIND9 supports FIPS mode (`--enable-fips-mode`) but is not regularly tested in the CI. For this to happen this needs to be accomplished:
- [ ] Basic FIPS build fixes integrated https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/...BIND9 supports FIPS mode (`--enable-fips-mode`) but is not regularly tested in the CI. For this to happen this needs to be accomplished:
- [ ] Basic FIPS build fixes integrated https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4281 ([performs](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4281/diffs#87db583be5c13c1f7b3c958b10e03d67b6a2ca06) builds with `--enable-fips-mode`)
- [ ] System test can run without MD5 (there's plenty of `algorithm hmac-md5;` in system test or implicit expectation of MD5 in `dig` invocations in `acl` and `allow-query` system tests)
- [ ] Red Hat FIPS patches by @pemensik at https://src.fedoraproject.org/rpms/bind/tree/master for `v9_11` evaluated
- [ ] FIPS-enabled host or VM image (most likely with CentOS)
- [ ] CI job(s) with `--enable-fips-mode` in the build stage and subsequent unit and system test CI jobsNot plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2206Revisit the DNS Flag Day 2020 documentation and release notes for 9.18.02021-10-07T08:41:45ZOndřej SurýRevisit the DNS Flag Day 2020 documentation and release notes for 9.18.0https://gitlab.isc.org/isc-projects/bind9/-/issues/2182statschannel python test leave no forensic traces to work out what went wrong.2023-11-02T17:00:03ZMark Andrewsstatschannel python test leave no forensic traces to work out what went wrong.Job [#1177271](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1177271) failed for 7a822740e09fd56900383d35889892827dcf94c6:Job [#1177271](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1177271) failed for 7a822740e09fd56900383d35889892827dcf94c6:Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1964Improve A/AAAA ADB and expiration synchronization for servers with addresses...2024-02-19T07:02:23ZBrian ConryImprove A/AAAA ADB and expiration synchronization for servers with addresses in both families[Support ticket #16736](https://support.isc.org/Ticket/Display.html?id=16738)
A customer had sufficient issues with the upstream IPv6 routing that they followed the advice from one of our KB articles and added `server ::/0 { bogus yes; ...[Support ticket #16736](https://support.isc.org/Ticket/Display.html?id=16738)
A customer had sufficient issues with the upstream IPv6 routing that they followed the advice from one of our KB articles and added `server ::/0 { bogus yes; };` to their configuration.
Unexpectedly, this led to an increase in their SERVFAIL rate, impacting their customers.
The customer has done a detailed investigation into this and has identified that in a lot of cases the SERVFAIL is generated when the server is fetching fresh address records and the AAAA response returns before the A response, with the SERVFAIL being generated in the gap between the responses.
It seems that maybe we should wait for responses to both queries before proceeding?
In thinking about this further, I believe the same thing could happen if the A response arrives before the AAAA response and the two responses are processed in different seconds, pushing the expiration of the AAAA records to be later even if they are received with the same TTL.
Could/should we maybe force all of the address records for a name (A and AAAA) to expire at the same time by clamping them to all match the soonest expiration?Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1961RFC 5011: confusing use of add hold-down timer2023-11-02T16:58:17ZMichał KępieńRFC 5011: confusing use of add hold-down timerThe add hold-down timer in each trust anchor's `managed-keys.bind`
record is "overloaded" with multiple semantic meanings:
a) it is the point in time in the future when an untrusted key should
become trusted,
b) it is also the po...The add hold-down timer in each trust anchor's `managed-keys.bind`
record is "overloaded" with multiple semantic meanings:
a) it is the point in time in the future when an untrusted key should
become trusted,
b) it is also the point in time in the past since which a given key has
been trusted,
c) it also determines whether a given key is an initializing key or not
(if the add hold-down timer is set to 0, the key is treated as an
initializing one).
This does *not* break RFC 5011, but mixing different semantic meanings
in code causes at least three undesired side effects:
1. **"Doubled refresh cycles" after loading a `managed-keys.bind` file
created by a previous `named` instance.**
I think log excerpts best demonstrate this issue:
```
$ cat /etc/named.conf
options {
directory "/tmp";
};
key rndc_key {
algorithm hmac-md5;
secret "1234abcd8765";
};
controls {
inet ::1 port 9953 allow { ::1; } keys { rndc_key; };
};
$ named
$ rndc managed-keys status
view: _default
next scheduled event: Tue, 23 Jun 2020 07:12:16 GMT
name: .
keyid: 20326
algorithm: RSASHA256
flags: SEP
next refresh: Tue, 23 Jun 2020 07:12:16 GMT
trusted since: Mon, 22 Jun 2020 07:12:16 GMT
$ rndc stop
$ named
$ rndc managed-keys status
view: _default
next scheduled event: Tue, 23 Jun 2020 07:12:16 GMT
name: .
keyid: 20326
algorithm: RSASHA256
flags: SEP
next refresh: Tue, 23 Jun 2020 07:12:25 GMT
trusted since: Mon, 22 Jun 2020 07:12:16 GMT
```
During the first `named` run, everything looks as expected.
During the second run, however, here is what happens:
1. `load_secroots()` schedules an immediate key refresh.
2. When the key refresh is started, the `set_refreshkeytimer()`
[call][1] in `zone_refreshkeys()` schedules the next key event
to the key refresh time stored in `managed-keys.bind` by the
previous `named` instance (this is fine).
3. When the refresh is finished (i.e. a `./DNSKEY` response is
received), the refresh timer for the key is [updated][2], but
the timer set in step 2 does *not* get updated because... it is
(understandably) set to a time earlier than the revised key
refresh time.
Effectively, this causes `named` to refresh each key twice per each
refresh period - once according to the previous instance's cycle,
once according to the current instance's cycle.
A keen reader would notice that the above only means that `named`
will *consider* refreshing a given key twice during each refresh
period because key timers are examined before sending out a refresh
query and only the keys really needing a refresh at that point are
queried for. Well, yes, but this is where we reach the second
issue.
2. **All trusted keys are refreshed during all key events, regardless
of their refresh timer.**
Due to semantic meanings a) and b) being conflated, the `kd.addhd <=
now` [check][3] which is meant to trigger a key refresh when a given
(untrusted) key is meant to become trusted always evaluates to
`true` for all keys which are already trusted (because, by
definition, their add hold-down timer must be in the past).
Issues 1 & 2 combined cause `named` to send way more refresh queries
than actually mandated by RFC 5011 (at least 2x as many as required
with a single trust anchor).
3. **Confusing log messages.**
Another issue stemming from semantic meanings a) and b) being
conflated is that a different `kd.addhd <= now` [check][4] which is
meant to log a message once a given (untrusted) key becomes trusted
always evaluates to `true` for keys which are already trusted,
causing the following message to be logged after *every* refresh of
each key:
```
managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
```
This message is confusing because it suggests that the key's add
hold-down timer has only fired just now - but in fact that key has
likely been trusted before the refresh was even scheduled.
Here is a two-line summary of all three issues:
```
22-Jun-2020 09:43:16.871 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
22-Jun-2020 09:43:26.896 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
```
As an administrator, I find these log messages unexpected at best.
I do not have any verified solutions to propose; one idea I have is to
implement a helper routine that would replace the `keydata.addhd <= now`
checks with something more nuanced that would also check the trust
status of a given key. I believe this could solve issues 2 & 3, which
would make issue 1 more benign.
@each: thoughts?
[1]: https://gitlab.isc.org/isc-projects/bind9/-/blob/5238433f784935cb1c84a9f5dcb32d28f243fb0c/lib/dns/zone.c#L10737
[2]: https://gitlab.isc.org/isc-projects/bind9/-/blob/5238433f784935cb1c84a9f5dcb32d28f243fb0c/lib/dns/zone.c#L10522
[3]: https://gitlab.isc.org/isc-projects/bind9/-/blob/5238433f784935cb1c84a9f5dcb32d28f243fb0c/lib/dns/zone.c#L10727-10730
[4]: https://gitlab.isc.org/isc-projects/bind9/-/blob/5238433f784935cb1c84a9f5dcb32d28f243fb0c/lib/dns/zone.c#L10447-10457Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1900Runtime system test fails badly when run as root on non-linux systems.2023-11-02T16:58:16ZMark AndrewsRuntime system test fails badly when run as root on non-linux systems.Lots of the sub tests depend on capabilities being enabled to get "permission denied" when run as root.
```
% sudo sh run.sh runtime
Making check in dyndb/driver
make[1]: Nothing to be done for `check'.
Making check in dlzexternal/drive...Lots of the sub tests depend on capabilities being enabled to get "permission denied" when run as root.
```
% sudo sh run.sh runtime
Making check in dyndb/driver
make[1]: Nothing to be done for `check'.
Making check in dlzexternal/driver
make[1]: Nothing to be done for `check'.
/Applications/Xcode.app/Contents/Developer/usr/bin/make feature-test makejournal pipelined/pipequeries rndc/gencheck rpz/dnsrps tkey/keycreate tkey/keydelete
make[2]: `feature-test' is up to date.
make[2]: `makejournal' is up to date.
make[2]: `pipelined/pipequeries' is up to date.
make[2]: `rndc/gencheck' is up to date.
make[2]: `rpz/dnsrps' is up to date.
make[2]: `tkey/keycreate' is up to date.
make[2]: `tkey/keydelete' is up to date.
/Applications/Xcode.app/Contents/Developer/usr/bin/make check-TESTS
S:runtime:2020-06-01T09:18:45+1000
T:runtime:1:A
A:runtime:System test runtime
I:runtime:PORTS:5330,5331,5332,5333,5334,5335,5336,5337,5338,5339
I:runtime:starting servers
I:runtime:verifying that named started normally (1)
I:runtime:verifying that named checks for conflicting named processes (2)
I:runtime:verifying that 'lock-file none' disables process check (3)
I:runtime:checking that named refuses to reconfigure if working directory is not writable (4)
I:runtime:failed
I:runtime:checking that named refuses to reconfigure if managed-keys-directory is not writable (5)
I:runtime:failed
I:runtime:checking that named refuses to reconfigure if new-zones-directory is not writable (6)
I:runtime:failed
I:runtime:checking that named recovers when configuration file is valid again (7)
I:runtime:failed
I:runtime:checking that named refuses to start if working directory is not writable (8)
I:runtime:failed
I:runtime:checking that named refuses to start if managed-keys-directory is not writable (9)
I:runtime:failed
I:runtime:checking that named refuses to start if new-zones-directory is not writable (10)
I:runtime:failed
I:runtime:checking that named logs control characters in octal notation (11)
I:runtime:checking that named escapes special characters in the logs (12)
I:runtime:checking that named logs an ellipsis when the command line is larger than 8k bytes (13)
I:runtime:verifying that named switches UID (14)
I:runtime:failed
I:runtime:exit status: 8
I:runtime:stopping servers
R:runtime:FAIL
E:runtime:2020-06-01T09:19:22+1000
FAIL: runtime
============================================================================
Testsuite summary for BIND 9.17.1-dev
============================================================================
# TOTAL: 1
# PASS: 0
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
============================================================================
See bin/tests/system/run.log
Please report to info@isc.org
============================================================================
make[3]: *** [run.log] Error 1
make[2]: *** [check-TESTS] Error 2
make[1]: *** [check-am] Error 2
make: *** [check-recursive] Error 1
%
```
Additionally it appears that the following also fails on centos8 (from bind-users) which is what prompted me to check.
```
I:runtime:verifying that named switches UID (14)
I:runtime:failed
```Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1746Clarifications in ARM about catalog zones2023-11-02T17:00:02ZDan MahoneyClarifications in ARM about catalog zonesAt the bottom of the catalog zones syntax in the 9.14 ARM, the following example is listed for a catalog zone:
```
masters.5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example. IN A 192.0.2.2
label.masters.5960775ba382e7a4e092...At the bottom of the catalog zones syntax in the 9.14 ARM, the following example is listed for a catalog zone:
```
masters.5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example. IN A 192.0.2.2
label.masters.5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example. IN AAAA 2001:db8::2
label.masters.5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example. IN TXT "tsig_key"
allow-query.5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example. IN APL 1:10.0.0.0/24
```
This is a sort of uncommon usage which is basically like:
```
zone "hash" {
masters { 192.0.2.2; 2001:db8::2 key tsig_key; };
allow-query 10.0.0.0/24;
}
```
It's odd that a zone would be configured with one master with a TSIG key, and one without. I think the intent was to show the flexibility here, but if you want to show this it would be better to specify a second zone example that includes the TSIG key.
For the various examples given in this file, it would also be helpful to show the equivalent named.conf clause, to help understanding of a new concept.Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1659Test that in tree and oot installs install the same set of files.2023-11-02T16:51:54ZMark AndrewsTest that in tree and oot installs install the same set of files.In the past we have had different files installed with in tree to oot builds. We should make sure we catch this in the CI.In the past we have had different files installed with in tree to oot builds. We should make sure we catch this in the CI.Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1587Intermittent test failure in reclimit system test2023-11-02T16:51:52ZMatthijs Mekkingmatthijs@isc.orgIntermittent test failure in reclimit system testhttps://gitlab.isc.org/isc-projects/bind9/-/jobs/605399
```
...
--- test-reclimit ---
I:reclimit:count 51 (actual) != 50 (expected)
I:reclimit:failed
...
```https://gitlab.isc.org/isc-projects/bind9/-/jobs/605399
```
...
--- test-reclimit ---
I:reclimit:count 51 (actual) != 50 (expected)
I:reclimit:failed
...
```Not planned