Open james-stevens opened 2 years ago
[error] (ns) EFORMERR: unexpected authority.
hm weird that you're still seeing this error even disabling IXFR. It's unfortunate but this error is thrown even before the plugin could see and handle it. We have to change this in bns lib. The error is of a type DNSError which returns a FORMERR response here. So as long as bind is fine with it it should be harmless.
Is bind still doing AXFR without issues despite this error?
Is bind still doing AXFR without issues despite this error?
Yes - everything is working fine - even the edns no
& request-ixfr no
were really only to get rid of errors - it was working fine without.
I don't like errors cos they have a terrible habit of being really important at 3am on a Sunday after you just went to a friend's wedding & had a few beers.
I don't like errors cos they have a terrible habit of being really important at 3am on a Sunday after you just went to a friend's wedding & had a few beers
I hear ya bns needs to be updated anyway i'll try to submit a PR soon to clean up a few things in bns and fix this issue as well
Sure no worries - it's just me being paranoid
that said, last night I had four alerts in the night - nothing serious, but it does kinda duck up your whole day
Getting some additional weird error messages now & I think it might be broken now as I'm no longer getting the name collision for
messages.
Unfortunately, because the signing bind
maintains the SOA Serial in its own special way, I don't really have anyway to tell what the SOA Serial was on the data it imported from hsd
. This is becuase bind
needs to roll the SOA Serial when it refreshes RRSIG
records on RR Sets that haven't changed in a while.
BTW: named-handshake-bridge
is the instance of bind
that gets the zone from hsd
& signs it, 127.0.0.9
is hsd
Dec 23 14:41:01 hasroot local0.err named-handshake-bridge[996]: transfer of './IN (unsigned)' from 127.0.0.9#53: failed while receiving responses: extra input data
Dec 23 14:41:01 hasroot user.notice hsd: [error] (axfr) [127.0.0.1:33255] Transfer cancelled
Dec 23 14:41:01 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 14:52:44 hasroot user.notice hsd: [error] (ns) EFORMERR: unexpected authority.
Dec 23 14:52:44 hasroot user.notice hsd: at RootServer.answer (/usr/local/hsd/node_modules/bns/lib/server/dns.js:242:13)
Dec 23 14:52:44 hasroot user.notice hsd: at RootServer.handle (/usr/local/hsd/node_modules/bns/lib/server/dns.js:316:24)
Dec 23 14:52:44 hasroot user.notice hsd: at Server.<anonymous> (/usr/local/hsd/node_modules/bns/lib/server/dns.js:72:20)
Dec 23 14:52:44 hasroot user.notice hsd: at Server.emit (events.js:400:28)
Dec 23 14:52:44 hasroot user.notice hsd: at TCPSocket.fire (/usr/local/hsd/node_modules/bns/lib/internal/net.js:350:17)
Dec 23 14:52:44 hasroot user.notice hsd: at Parser.<anonymous> (/usr/local/hsd/node_modules/bns/lib/internal/net.js:365:12)
Dec 23 14:52:44 hasroot user.notice hsd: at Parser.emit (events.js:400:28)
Dec 23 14:52:44 hasroot user.notice hsd: at Parser.feed (/usr/local/hsd/node_modules/bns/lib/internal/net.js:574:12)
Dec 23 14:52:44 hasroot user.notice hsd: at Socket.<anonymous> (/usr/local/hsd/node_modules/bns/lib/internal/net.js:396:19)
Dec 23 14:52:44 hasroot user.notice hsd: at Socket.emit (events.js:400:28)
Dec 23 14:55:06 hasroot local0.err named-handshake-bridge[996]: transfer of './IN (unsigned)' from 127.0.0.9#53: failed while receiving responses: extra input data
Dec 23 14:55:06 hasroot user.notice hsd: [error] (axfr) [127.0.0.1:33163] Transfer cancelled
Dec 23 14:55:06 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 15:07:09 hasroot user.notice hsd: [error] (ns) EFORMERR: unexpected authority.
Dec 23 15:07:09 hasroot user.notice hsd: at RootServer.answer (/usr/local/hsd/node_modules/bns/lib/server/dns.js:242:13)
Dec 23 15:07:09 hasroot user.notice hsd: at RootServer.handle (/usr/local/hsd/node_modules/bns/lib/server/dns.js:316:24)
Dec 23 15:07:09 hasroot user.notice hsd: at Server.<anonymous> (/usr/local/hsd/node_modules/bns/lib/server/dns.js:72:20)
Dec 23 15:07:09 hasroot user.notice hsd: at Server.emit (events.js:400:28)
Dec 23 15:07:09 hasroot user.notice hsd: at TCPSocket.fire (/usr/local/hsd/node_modules/bns/lib/internal/net.js:350:17)
Dec 23 15:07:09 hasroot user.notice hsd: at Parser.<anonymous> (/usr/local/hsd/node_modules/bns/lib/internal/net.js:365:12)
Dec 23 15:07:09 hasroot user.notice hsd: at Parser.emit (events.js:400:28)
Dec 23 15:07:09 hasroot user.notice hsd: at Parser.feed (/usr/local/hsd/node_modules/bns/lib/internal/net.js:574:12)
Dec 23 15:07:09 hasroot user.notice hsd: at Socket.<anonymous> (/usr/local/hsd/node_modules/bns/lib/internal/net.js:396:19)
Dec 23 15:07:09 hasroot user.notice hsd: at Socket.emit (events.js:400:28)
Dec 23 15:09:27 hasroot local0.err named-handshake-bridge[996]: transfer of './IN (unsigned)' from 127.0.0.9#53: failed while receiving responses: extra input data
Dec 23 15:09:27 hasroot user.notice hsd: [error] (axfr) [127.0.0.1:37721] Transfer cancelled
Dec 23 15:09:27 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
The Root server middleware resolution failed for name
messages only started two days ago (I've not changed anything!!!!) - they seem to be mutually exclusive with the collision
messages.
Also, oddly, it seemed to fix itself for a while, then broke again.
My local copy of the ICANN ROOT zone seems to be working fine.
Dec 22 16:12:00 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 16:23:56 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 16:38:00 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 16:52:04 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 17:03:53 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 17:17:34 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 17:31:31 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 17:46:06 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 17:58:52 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 18:13:45 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 18:27:40 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 18:39:06 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 18:52:58 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 22 19:07:24 hasroot user.notice hsd: [warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: true)
Dec 22 19:07:50 hasroot user.notice hsd: [warning] (axfr) name collision for music. (prefer icann: true)
Dec 22 19:09:48 hasroot user.notice hsd: [warning] (axfr) name collision for xn--jlq480n2rg. (prefer icann: true)
Dec 22 19:10:25 hasroot user.notice hsd: [warning] (axfr) name collision for xn--4dbrk0ce. (prefer icann: true)
Dec 22 20:35:36 hasroot user.notice hsd: [warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: true)
Dec 22 20:36:01 hasroot user.notice hsd: [warning] (axfr) name collision for music. (prefer icann: true)
Dec 22 20:37:59 hasroot user.notice hsd: [warning] (axfr) name collision for xn--jlq480n2rg. (prefer icann: true)
Dec 22 20:38:35 hasroot user.notice hsd: [warning] (axfr) name collision for xn--4dbrk0ce. (prefer icann: true)
Dec 22 21:09:48 hasroot user.notice hsd: [warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: true)
Dec 22 21:10:15 hasroot user.notice hsd: [warning] (axfr) name collision for music. (prefer icann: true)
Dec 22 21:12:17 hasroot user.notice hsd: [warning] (axfr) name collision for xn--jlq480n2rg. (prefer icann: true)
Dec 22 21:12:56 hasroot user.notice hsd: [warning] (axfr) name collision for xn--4dbrk0ce. (prefer icann: true)
Dec 22 22:37:15 hasroot user.notice hsd: [warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: true)
Dec 22 22:37:42 hasroot user.notice hsd: [warning] (axfr) name collision for music. (prefer icann: true)
Dec 22 22:39:42 hasroot user.notice hsd: [warning] (axfr) name collision for xn--jlq480n2rg. (prefer icann: true)
Dec 22 22:40:20 hasroot user.notice hsd: [warning] (axfr) name collision for xn--4dbrk0ce. (prefer icann: true)
Dec 22 23:07:25 hasroot user.notice hsd: [warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: true)
Dec 22 23:07:52 hasroot user.notice hsd: [warning] (axfr) name collision for music. (prefer icann: true)
Dec 22 23:09:52 hasroot user.notice hsd: [warning] (axfr) name collision for xn--jlq480n2rg. (prefer icann: true)
Dec 22 23:10:31 hasroot user.notice hsd: [warning] (axfr) name collision for xn--4dbrk0ce. (prefer icann: true)
Dec 23 00:35:36 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 00:50:17 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 01:02:35 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 01:14:37 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 01:27:12 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 01:40:27 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 01:52:51 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 02:06:59 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 02:19:59 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 02:33:42 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 02:48:26 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
I'll change this to info
and see what I get - debug
is just a little too noisy for me!
} catch (e) {
this.logger.warning(
'Root server middleware resolution failed for name: %s',
name
);
this.logger.debug(e.stack);
}
lib/dns/server.js [READONLY] line 489 of 809 (60%)
Looks like it fixed itself again !
Dec 23 16:29:13 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 16:42:27 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 16:56:44 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 17:10:20 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 17:24:58 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 17:39:24 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 17:52:24 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 18:04:08 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 18:17:12 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 18:29:34 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 18:44:30 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 18:59:04 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 19:12:19 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Dec 23 19:27:17 hasroot user.notice hsd: [warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: true)
Dec 23 19:27:43 hasroot user.notice hsd: [warning] (axfr) name collision for music. (prefer icann: true)
Dec 23 19:29:31 hasroot user.notice hsd: [warning] (axfr) name collision for xn--jlq480n2rg. (prefer icann: true)
Dec 23 19:30:06 hasroot user.notice hsd: [warning] (axfr) name collision for xn--4dbrk0ce. (prefer icann: true)
Dec 23 20:46:47 hasroot user.notice hsd: [warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: true)
Dec 23 20:47:12 hasroot user.notice hsd: [warning] (axfr) name collision for music. (prefer icann: true)
Dec 23 20:49:02 hasroot user.notice hsd: [warning] (axfr) name collision for xn--jlq480n2rg. (prefer icann: true)
Dec 23 20:49:37 hasroot user.notice hsd: [warning] (axfr) name collision for xn--4dbrk0ce. (prefer icann: true)
Dec 23 21:21:30 hasroot user.notice hsd: [warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: true)
Dec 23 21:21:54 hasroot user.notice hsd: [warning] (axfr) name collision for music. (prefer icann: true)
Dec 23 21:23:46 hasroot user.notice hsd: [warning] (axfr) name collision for xn--jlq480n2rg. (prefer icann: true)
Dec 23 21:24:19 hasroot user.notice hsd: [warning] (axfr) name collision for xn--4dbrk0ce. (prefer icann: true)
Dec 23 22:48:14 hasroot user.notice hsd: [warning] (axfr) name collision for xn--cckwcxetd. (prefer icann: true)
So long as the axfr
works, this prob doesn't matter, but the bind
settings I've described above might be useful for others.
I still get Root server middleware resolution failed for name
- it seems to be caused by two axfr
instances starting at the same time - one works, the other fails with that error - but it looks like the second axfr
is getting cancelled anyway .. this is doing the axfr
by running dig
, so I have no idea why it would run two.
Previously, I was running the axfr
directly into bind
.
Apr 23 04:44:02 hasroot user.notice hsd: [info] (axfr) [192.168.3.160:48559] Starting zone transfer
Apr 23 04:44:12 hasroot user.notice hsd: [info] (axfr) [192.168.3.160:37135] Starting zone transfer
Apr 23 04:44:16 hasroot user.notice hsd: [info] (axfr) [192.168.3.160:37135] Records sent 1005
Apr 23 04:44:16 hasroot user.notice hsd: [info] (axfr) [192.168.3.160:48559] Records sent 1005
Apr 23 04:44:16 hasroot user.notice hsd: [error] (axfr) [192.168.3.160:48559] Transfer cancelled
Apr 23 04:44:16 hasroot user.notice hsd: [warning] (ns) Root server middleware resolution failed for name: .
Apr 23 04:44:16 hasroot user.notice hsd: [info] (ns) Error: unable to write message
Apr 23 04:44:16 hasroot user.notice hsd: at MessageWriter.flush (/usr/local/hsd/axfr/lib/client.js:378:13)
Apr 23 04:44:16 hasroot user.notice hsd: at async MessageWriter.writeRR (/usr/local/hsd/axfr/lib/client.js:361:7)
Apr 23 04:44:16 hasroot user.notice hsd: at async Plugin.sendAXFR (/usr/local/hsd/axfr/lib/axfr.js:240:9)
Apr 23 04:44:16 hasroot user.notice hsd: at async RootServer.Plugin.ns.middle (/usr/local/hsd/axfr/lib/axfr.js:81:16)
Apr 23 04:44:16 hasroot user.notice hsd: at async RootServer.resolve (/usr/local/hsd/lib/dns/server.js:486:15)
Apr 23 04:44:16 hasroot user.notice hsd: at async RootServer.answer (/usr/local/hsd/node_modules/bns/lib/server/dns.js:249:17)
Apr 23 04:44:16 hasroot user.notice hsd: at async RootServer.handle (/usr/local/hsd/node_modules/bns/lib/server/dns.js:316:13)
Apr 23 04:44:16 hasroot user.notice hsd: at async Server.<anonymous> (/usr/local/hsd/node_modules/bns/lib/server/dns.js:72:9)
Apr 23 04:44:29 hasroot user.notice hsd: [info] (axfr) [192.168.3.160:37135] Records sent 1974
Apr 23 04:44:40 hasroot user.notice hsd: [info] (axfr) [192.168.3.160:37135] Records sent 2967
Apr 23 04:44:50 hasroot user.notice hsd: [info] (axfr) [192.168.3.160:37135] Records sent 3986
Apr 23 04:44:59 hasroot user.notice hsd: [info] (axfr) [192.168.3.160:37135] Records sent 4963
Any chance you can enable "Discussions" on this repo, so I can make comments without using "Issues" ?
The comment I wanted to make was, now the Handshake ROOT is so big, and the VAST majority of TLDs will never get any queries, the value of dumping the entire zone is massively diminished. The cost of the zone transfer is so high (without IXFR support), its almost certainly better to run bind
set for sending ROOT zone queries to hsd
, like I do here
https://github.com/james-stevens/handshake-bind-hns
bind
will then cache the answers from hsd
, and you can just run more hsd
if there's a bottleneck at that point. You could probably also run an extra layer of dedicated ROOT zone caches to reduce the queries sent to hsd
.
There's still the issue of getting DNSSEC working, but you're on the case there. Can you just send a NODATA response instead of an NXDOMAIN ?
Also - could you make a version of id.js
that worked as a plug-in for hsd
- that would be REALLY cool
In
bind
I've disabledIXFR
, DNS Cookies &EDNS
, but I'm still left with one error inhsd
whenbind
pulls anAXFR
I have no idea in the cycle when it occurs.
bind
will usually poll the SOA Serial over UDP before deciding to do anAXFR
.Here's the relevant options I added - might be useful to anybody else if they're interested in this kind of thing :)
There's absolutely no need for the
AXFR
fromhsd
to support any of these, so I'm more than happy to disable then all, but (as you know) I do think thehsd
resolver really should support DNS Cookies.BTW:
127.0.0.9
is myhsd
instance.