Problems with resolution of ldt2.evolvi.co.uk (unexpected NXDOMAIN)
Hello, I am investigating the DNS resolution issue of domain ldt2.evolvi.co.uk
using Knot Resolver, the domain is resolved without problems using public resolvers like GoogleDNS (8.8.8.8
), but when resolving the same domain using Knot Resolver ends up with NXDOMAIN. Based on the resolution plan, I am guessing that there might be a problem with \000 character found during DNS resolution?
See following resolution plan
[iterat][66545.00] 'ldt2.evolvi.co.uk.' type 'A' new uid was assigned .01, parent uid .00
[cache ][66545.01] => skipping unfit CNAME RR: rank 030, new TTL -340
[cache ][66545.01] => no NSEC* cached for zone: evolvi.co.uk.
[cache ][66545.01] => skipping zone: evolvi.co.uk., NSEC, hash 0;new TTL -123456789, ret -2
[cache ][66545.01] => skipping zone: evolvi.co.uk., NSEC, hash 0;new TTL -123456789, ret -2
[zoncut][66545.01] found cut: evolvi.co.uk. (rank 010 return codes: DS 1, DNSKEY 1)
[resolv][66545.01] => NS is provably without DS, going insecure
[select][66545.01] => id: '05621' choosing from addresses: 2 v4 + 0 v6; names to resolve: 2 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][66545.01] => id: '05621' choosing: 'dns1.mtgsy.co.uk.'@'172.105.69.234#00053' with timeout 54 ms zone cut: 'evolvi.co.uk.'
[resolv][66545.01] => id: '05621' querying: 'dns1.mtgsy.co.uk.'@'172.105.69.234#00053' zone cut: 'evolvi.co.uk.' qname: 'LdT2.eVoLVI.Co.uk.' qtype: 'A' proto: 'udp'
[select][66545.01] => id: '05621' updating: 'dns1.mtgsy.co.uk.'@'172.105.69.234#00053' zone cut: 'evolvi.co.uk.' with rtt 26 to srtt: 30 and variance: 6
[iterat][66545.01] <= answer received:
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 5621
;; Flags: qr aa cd QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 2
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 1232 B; ext-rcode: Unused
;; QUESTION SECTION
ldt2.evolvi.co.uk. A
;; ANSWER SECTION
ldt2.evolvi.co.uk. 300 CNAME azureprodev6ag.\000.
;; ADDITIONAL SECTION
azureprodev6ag.evolvi.co.uk. 600 A 51.105.12.148
[iterat][66545.01] <= rcode: NOERROR
[iterat][66545.01] <= cname chain, following
[cache ][66545.01] => stashed ldt2.evolvi.co.uk. CNAME, rank 030, 34 B total, incl. 0 RRSIGs
[iterat][66545.02] 'azureprodev6ag.\000.' type 'A' new uid was assigned .03, parent uid .00
[cache ][66545.03] => skipping zero-containing name azureprodev6ag.\000.
[zoncut][66545.03] found cut: . (rank 060 return codes: DS -2, DNSKEY 0)
[resolv][66545.03] >< TA: '.'
[select][66545.03] => id: '09381' choosing from addresses: 13 v4 + 0 v6; names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][66545.03] => id: '09381' choosing: 'j.root-servers.net.'@'192.58.128.30#00053' with timeout 23 ms zone cut: '.'
[resolv][66545.03] => id: '09381' querying: 'j.root-servers.net.'@'192.58.128.30#00053' zone cut: '.' qname: '\000.' qtype: 'NS' proto: 'udp'
[select][66545.03] => id: '09381' updating: 'j.root-servers.net.'@'192.58.128.30#00053' zone cut: '.' with rtt 2 to srtt: 3 and variance: 1
[iterat][66545.03] <= answer received:
;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 9381
;; Flags: qr aa QUERY: 1; ANSWER: 0; AUTHORITY: 4; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 1472 B; ext-rcode: Unused
;; QUESTION SECTION
\000. NS
;; AUTHORITY SECTION
. 86400 NSEC aaa. NS SOA RRSIG NSEC DNSKEY
. 86400 RRSIG NSEC 8 0 86400 1683003600 1681876800 60955 . ntDYSODGiyW725OVm7aEdZi0/52owv36Fp6ZLSd2MELmroK/1TX8VjEUdmM1OXDxO72gNPwVhU4NTGugPGxYjO4deCV7O4VBvTEc+ayksGIpLhoHkHaeTvnEE4JBPgvhGmxkzHjbPsml8X78qLIe1iC9OX3lKCZKicJivA9Mb+4vSsPnRK00O2SS6b95daEeAyMnNl9KN3+Mh0YQAd0EsZ+dLqVV4nKN8Kq9n2iBuZXJEFb2x94qhXHbkA/uiHNGRaQ7WsylDF2A86uQaVelsPdGk5Z3PB7qGeN3QwMdZbN/rHPvnwSxPxJNcgMIli8SMe/I2eTtr1ltU0SbbOyWgQ==
. 86400 SOA a.root-servers.net. nstld.verisign-grs.com. 2023041900 1800 900 604800 86400
. 86400 RRSIG SOA 8 0 86400 1683003600 1681876800 60955 . fJ1IV7H70mU48wQVVaS6FvfFE83Yc6jrvm3BBROrj3bhFaA2Sb1rIC5ZgxIOERVGfCiZuIA2BDmSf+TpK6hNeqE3sfM5uDzJqKD8HSOAwRjBckOyIIY1Ln4rn8vBkDr6sPPgzMinrOjP4/vQLuH3a95nZXYqKOTBL8SF9/BNSCjmtsiNoUvIdSy/l9tgc+cSEMJIxI03C7f4cCbufMF+gPWriQw5M0yBJkmzlVmUIPTNw44VeHX+6RLpumSWcArAUahWSv5AUWLAtKWcvsmbHei5VeCuaRYYHJgyRF39NWvTgQ8y4/VWrT3h9Yox/r3ABdGzYyCkXdbQWiDma8+Ygw==
;; ADDITIONAL SECTION
[iterat][66545.03] <= rcode: NXDOMAIN
[iterat][66545.03] <= retrying with non-minimized name
[cache ][66545.03] => skipping zero-containing name \000.
[iterat][66545.03] 'azureprodev6ag.\000.' type 'A' new uid was assigned .04, parent uid .00
[select][66545.04] => id: '52347' choosing from addresses: 13 v4 + 0 v6; names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][66545.04] => id: '52347' choosing: 'j.root-servers.net.'@'192.58.128.30#00053' with timeout 23 ms zone cut: '.'
[resolv][66545.04] => id: '52347' querying: 'j.root-servers.net.'@'192.58.128.30#00053' zone cut: '.' qname: 'AzureprodEv6ag.\000.' qtype: 'A' proto: 'udp'
[select][66545.04] => id: '52347' updating: 'j.root-servers.net.'@'192.58.128.30#00053' zone cut: '.' with rtt 2 to srtt: 3 and variance: 1
[iterat][66545.04] <= answer received:
;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 52347
;; Flags: qr aa QUERY: 1; ANSWER: 0; AUTHORITY: 4; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 1472 B; ext-rcode: Unused
;; QUESTION SECTION
azureprodev6ag.\000. A
;; AUTHORITY SECTION
. 86400 NSEC aaa. NS SOA RRSIG NSEC DNSKEY
. 86400 RRSIG NSEC 8 0 86400 1683003600 1681876800 60955 . ntDYSODGiyW725OVm7aEdZi0/52owv36Fp6ZLSd2MELmroK/1TX8VjEUdmM1OXDxO72gNPwVhU4NTGugPGxYjO4deCV7O4VBvTEc+ayksGIpLhoHkHaeTvnEE4JBPgvhGmxkzHjbPsml8X78qLIe1iC9OX3lKCZKicJivA9Mb+4vSsPnRK00O2SS6b95daEeAyMnNl9KN3+Mh0YQAd0EsZ+dLqVV4nKN8Kq9n2iBuZXJEFb2x94qhXHbkA/uiHNGRaQ7WsylDF2A86uQaVelsPdGk5Z3PB7qGeN3QwMdZbN/rHPvnwSxPxJNcgMIli8SMe/I2eTtr1ltU0SbbOyWgQ==
. 86400 SOA a.root-servers.net. nstld.verisign-grs.com. 2023041900 1800 900 604800 86400
. 86400 RRSIG SOA 8 0 86400 1683003600 1681876800 60955 . fJ1IV7H70mU48wQVVaS6FvfFE83Yc6jrvm3BBROrj3bhFaA2Sb1rIC5ZgxIOERVGfCiZuIA2BDmSf+TpK6hNeqE3sfM5uDzJqKD8HSOAwRjBckOyIIY1Ln4rn8vBkDr6sPPgzMinrOjP4/vQLuH3a95nZXYqKOTBL8SF9/BNSCjmtsiNoUvIdSy/l9tgc+cSEMJIxI03C7f4cCbufMF+gPWriQw5M0yBJkmzlVmUIPTNw44VeHX+6RLpumSWcArAUahWSv5AUWLAtKWcvsmbHei5VeCuaRYYHJgyRF39NWvTgQ8y4/VWrT3h9Yox/r3ABdGzYyCkXdbQWiDma8+Ygw==
;; ADDITIONAL SECTION
[iterat][66545.04] <= rcode: NXDOMAIN
[valdtr][66545.04] <= answer valid, OK
[cache ][66545.04] => stashed . SOA, rank 060, 358 B total, incl. 1 RRSIGs
[cache ][66545.04] => stashed . NSEC, rank 060, 308 B total, incl. 1 RRSIGs
[cache ][66545.04] => nsec_p stash for . skipped (extra TTL: 968, hash: 0)
[cache ][66545.04] => skipping zero-containing name azureprodev6ag.\000.
[resolv][66545.04] AD: request NOT classified as SECURE
[resolv][66545.04] finished in state: 4, queries: 2, mempool: 98352 B
;; selected from ANSWER sections:
; ranked rrset to_wire true, rank 030 (auth insecure), cached true, qry_uid 1, revalidations 0
ldt2.evolvi.co.uk. 300 CNAME azureprodev6ag.\000.
;; selected from AUTHORITY sections:
; ranked rrset to_wire true, rank 060 (auth secure), cached true, qry_uid 4, revalidations 0
. 3600 NSEC aaa. NS SOA RRSIG NSEC DNSKEY
; ranked rrset to_wire true, rank 060 (auth secure), cached true, qry_uid 4, revalidations 0
. 3600 RRSIG NSEC 8 0 86400 1683003600 1681876800 60955 . ntDYSODGiyW725OVm7aEdZi0/52owv36Fp6ZLSd2MELmroK/1TX8VjEUdmM1OXDxO72gNPwVhU4NTGugPGxYjO4deCV7O4VBvTEc+ayksGIpLhoHkHaeTvnEE4JBPgvhGmxkzHjbPsml8X78qLIe1iC9OX3lKCZKicJivA9Mb+4vSsPnRK00O2SS6b95daEeAyMnNl9KN3+Mh0YQAd0EsZ+dLqVV4nKN8Kq9n2iBuZXJEFb2x94qhXHbkA/uiHNGRaQ7WsylDF2A86uQaVelsPdGk5Z3PB7qGeN3QwMdZbN/rHPvnwSxPxJNcgMIli8SMe/I2eTtr1ltU0SbbOyWgQ==
; ranked rrset to_wire true, rank 060 (auth secure), cached true, qry_uid 4, revalidations 0
. 3600 SOA a.root-servers.net. nstld.verisign-grs.com. 2023041900 1800 900 604800 86400
; ranked rrset to_wire true, rank 060 (auth secure), cached true, qry_uid 4, revalidations 0
. 3600 RRSIG SOA 8 0 86400 1683003600 1681876800 60955 . fJ1IV7H70mU48wQVVaS6FvfFE83Yc6jrvm3BBROrj3bhFaA2Sb1rIC5ZgxIOERVGfCiZuIA2BDmSf+TpK6hNeqE3sfM5uDzJqKD8HSOAwRjBckOyIIY1Ln4rn8vBkDr6sPPgzMinrOjP4/vQLuH3a95nZXYqKOTBL8SF9/BNSCjmtsiNoUvIdSy/l9tgc+cSEMJIxI03C7f4cCbufMF+gPWriQw5M0yBJkmzlVmUIPTNw44VeHX+6RLpumSWcArAUahWSv5AUWLAtKWcvsmbHei5VeCuaRYYHJgyRF39NWvTgQ8y4/VWrT3h9Yox/r3ABdGzYyCkXdbQWiDma8+Ygw==```
Thanks!