Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

systemd-resolved: resolve call failed: DNSSEC validation failed: failed-auxiliary #4003

Closed
mikken opened this issue Aug 20, 2016 · 7 comments
Closed

systemd-resolved: resolve call failed: DNSSEC validation failed: failed-auxiliary #4003

mikken opened this issue Aug 20, 2016 · 7 comments
Labels
needs-reporter-feedback ❓ There's an unanswered question, the reporter needs to answer resolve

Comments

@mikken
Copy link

mikken commented Aug 20, 2016

Submission type

  • Bug report

systemd version the issue has been seen with

231

Used distribution

Gentoo

Unexpected behaviour you saw

I see a failed resolution with some domain names, this is one example:

systemd-resolve echo.msk.ru
echo.msk.ru: resolve call failed: DNSSEC validation failed: failed-auxiliary

I saw similar reports in already closed bugs, but they seem to be fixed by v231 and this happens in v231.
I can reproduce with both DNSSEC=yes and DNSSEC=allow-downrade.
My upstream Unbound server with DNSSEC checks enabled sees no problem with these names.

Some logs:

Positive Trust Anchors:
. IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa corp home internal intranet lan local private test
Using system hostname 'melforce'.
New scope on link *, protocol dns, family *
Found new link 5/vboxnet0
Found new link 4/vpn0
Found new link 3/br0
Found new link 2/eth0
Found new link 1/lo
New scope on link eth0, protocol dns, family *
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello cookie=1 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.7625 object=n/a interface=n/a member=n/a cookie=1 reply_cookie=1 error=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RequestName cookie=2 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.7625 object=n/a interface=n/a member=n/a cookie=4 reply_cookie=2 error=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=3 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.7625 object=n/a interface=n/a member=n/a cookie=5 reply_cookie=3 error=n/a
Got message type=signal sender=org.freedesktop.DBus destination=:1.7625 object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=2 reply_cookie=0 error=n/a
Got message type=signal sender=org.freedesktop.DBus destination=:1.7625 object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=3 reply_cookie=0 error=n/a
Got message type=method_call sender=:1.7626 destination=org.freedesktop.resolve1 object=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager member=ResolveHostname cookie=2 reply_cookie=0 error=n/a
Looking up RR for echo.msk.ru IN A.
Looking up RR for echo.msk.ru IN AAAA.
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=4 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.7625 object=n/a interface=n/a member=n/a cookie=6 reply_cookie=4 error=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner cookie=5 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.7625 object=n/a interface=n/a member=n/a cookie=7 reply_cookie=5 error=n/a
Cache miss for echo.msk.ru IN A
Transaction 10489 for <echo.msk.ru IN A> scope dns on */*.
Transaction 10489 for <echo.msk.ru IN A> on scope dns on */* now complete with <no-servers> from none (unsigned).
Cache miss for echo.msk.ru IN AAAA
Transaction 64922 for <echo.msk.ru IN AAAA> scope dns on */*.
Transaction 64922 for <echo.msk.ru IN AAAA> on scope dns on */* now complete with <no-servers> from none (unsigned).
Switching to DNS server 192.168.1.6 for interface eth0.
Cache miss for echo.msk.ru IN A
Transaction 59745 for <echo.msk.ru IN A> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 59745.
Using DNS server 192.168.1.6 for transaction 59745.
Sending query packet with id 59745.
Cache miss for echo.msk.ru IN AAAA
Transaction 60331 for <echo.msk.ru IN AAAA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 60331.
Using DNS server 192.168.1.6 for transaction 60331.
Sending query packet with id 60331.
Processing incoming packet on transaction 59745.
Verified we get a response at feature level UDP+EDNS0+DO from DNS server 192.168.1.6.
Requesting SOA to validate transaction 59745 (echo.msk.ru, unsigned non-SOA/NS RRset <echo.msk.ru IN A 190.115.28.10>).
Cache miss for echo.msk.ru IN SOA
Transaction 27080 for <echo.msk.ru IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 27080.
Using DNS server 192.168.1.6 for transaction 27080.
Sending query packet with id 27080.
Processing incoming packet on transaction 60331.
Requesting SOA to validate transaction 60331 (echo.msk.ru, unsigned empty non-SOA/NS/DS response).
Processing incoming packet on transaction 27080.
Requesting DS to validate transaction 27080 (echo.msk.ru, unsigned SOA/NS RRset).
Cache miss for echo.msk.ru IN DS
Transaction 43171 for <echo.msk.ru IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 43171.
Using DNS server 192.168.1.6 for transaction 43171.
Sending query packet with id 43171.
Processing incoming packet on transaction 43171.
Requesting DNSKEY to validate transaction 43171 (O3B20RS3AQ050A8ODKR8SVJFOO58JV03.msk.ru, RRSIG with key tag: 42318).
Cache miss for msk.ru IN DNSKEY
Transaction 6326 for <msk.ru IN DNSKEY> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 6326.
Using DNS server 192.168.1.6 for transaction 6326.
Sending query packet with id 6326.
Requesting DNSKEY to validate transaction 43171 (msk.ru, RRSIG with key tag: 42318).
Processing incoming packet on transaction 6326.
Requesting DS to validate transaction 6326 (msk.ru, DNSKEY with key tag: 42318).
Cache miss for msk.ru IN DS
Transaction 24036 for <msk.ru IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 24036.
Using DNS server 192.168.1.6 for transaction 24036.
Sending query packet with id 24036.
Requesting DS to validate transaction 6326 (msk.ru, DNSKEY with key tag: 63316).
Processing incoming packet on transaction 24036.
Requesting DNSKEY to validate transaction 24036 (msk.ru, RRSIG with key tag: 53664).
Cache miss for ru IN DNSKEY
Transaction 15397 for <ru IN DNSKEY> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 15397.
Using DNS server 192.168.1.6 for transaction 15397.
Sending query packet with id 15397.
Processing incoming packet on transaction 15397.
Requesting DS to validate transaction 15397 (ru, DNSKEY with key tag: 53664).
Cache miss for ru IN DS
Transaction 29365 for <ru IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 29365.
Using DNS server 192.168.1.6 for transaction 29365.
Sending query packet with id 29365.
Requesting DS to validate transaction 15397 (ru, DNSKEY with key tag: 30526).
Processing incoming packet on transaction 29365.
Requesting DNSKEY to validate transaction 29365 (ru, RRSIG with key tag: 46551).
Cache miss for . IN DNSKEY
Transaction 6394 for <. IN DNSKEY> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 6394.
Using DNS server 192.168.1.6 for transaction 6394.
Sending query packet with id 6394.
Processing incoming packet on transaction 6394.
Requesting DS to validate transaction 6394 (., DNSKEY with key tag: 19036).
Requesting DS to validate transaction 6394 (., DNSKEY with key tag: 46551).
Validating response from transaction 6394 (. IN DNSKEY).
Looking at . IN DNSKEY 257 3 RSASHA256 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJR
                            kxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtu
                            A6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwh
                            YB4N7knNnulqQxA+Uk1ihz0=
        -- Flags: SEP ZONE_KEY
        -- Key tag: 19036: validated
Found verdict for lookup . IN DNSKEY: secure
Added positive authenticated cache entry for . IN DNSKEY 7200s on */INET/192.168.1.6
Added positive authenticated cache entry for . IN DNSKEY 7200s on */INET/192.168.1.6
Transaction 6394 for <. IN DNSKEY> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 29365 (ru IN DS).
Looking at ru IN DS 30526 8 2 d25b218ff1a386c340712ec2694a42f12066b90c69123b4264827cdf3ae6b7a8: validated
Found verdict for lookup ru IN DS: secure
Added positive authenticated cache entry for ru IN DS 7200s on */INET/192.168.1.6
Transaction 29365 for <ru IN DS> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 15397 (ru IN DNSKEY).
Looking at ru IN DNSKEY 256 3 RSASHA256 AwEAAb7qCOMC2eJ9XDMWbh3tEQ5eWKu76tdmeFm4v6SVY62ki9o/zPQSDvCJ/ZT5OeLjxbrMyUIJ126v92O3Sfsw/zNO3Eut89MzhL1Bf+T
                             Op2lPRTDTdOP0eJAxUnSRcAHF9jLzVZ+sdyOssMBkzmj1XvNl9E3yUFm65/sZMeN4o/Ad
        -- Flags: ZONE_KEY
        -- Key tag: 53664: validated
Found verdict for lookup ru IN DNSKEY: secure
Added positive authenticated cache entry for ru IN DNSKEY 3869s on */INET/192.168.1.6
Added positive authenticated cache entry for ru IN DNSKEY 3869s on */INET/192.168.1.6
Transaction 15397 for <ru IN DNSKEY> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 24036 (msk.ru IN DS).
Looking at msk.ru IN DS 63316 8 2 5242e22d335029e01dc7c123fdaee8bdafdb30bc0f1d1bff399ff2808b25016b: validated
Found verdict for lookup msk.ru IN DS: secure
Added positive authenticated cache entry for msk.ru IN DS 4227s on */INET/192.168.1.6
Transaction 24036 for <msk.ru IN DS> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 6326 (msk.ru IN DNSKEY).
Looking at msk.ru IN DNSKEY 256 3 RSASHA256 AwEAAcPukUt/Qn9uUQTU8CiDJAfhmR1boxYui9jm5yzPqNqpt/A0x1k/WTLEUle+RTuXmu1j2gCeedW7AB23GaJdontBZoA1cEqwL/M
                                 ksrokjIz/lROV5NC9qFOS49ZGXEVRERRAJnH4CLXhIaNBZREsvBXfhP9IpVzlogzizmb514FB
        -- Flags: ZONE_KEY
        -- Key tag: 42318: validated
Found verdict for lookup msk.ru IN DNSKEY: secure
Added positive authenticated cache entry for msk.ru IN DNSKEY 2133s on */INET/192.168.1.6
Added positive authenticated cache entry for msk.ru IN DNSKEY 2133s on */INET/192.168.1.6
Transaction 6326 for <msk.ru IN DNSKEY> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 43171 (echo.msk.ru IN DS).
Looking at O3B20RS3AQ050A8ODKR8SVJFOO58JV03.msk.ru IN NSEC3 1 1 10 00ff O3B20RS3AQ050A8ODKR8SVJFOO58JV03 ( NS SOA RRSIG DNSKEY NSEC3PARAM ): validated
Found verdict for lookup O3B20RS3AQ050A8ODKR8SVJFOO58JV03.msk.ru IN NSEC3: secure
Looking at msk.ru IN SOA ns3-geo.nic.ru hostmaster.nic.ru 53895 7200 900 2592000 3600: validated
Found verdict for lookup msk.ru IN SOA: secure
Transaction 43171 for <echo.msk.ru IN DS> on scope dns on eth0/* now complete with <EINVAL> from network (unsigned).
Auxiliary DNSSEC RR query failed with errno
DNSSEC validation failed for question echo.msk.ru IN SOA: failed-auxiliary
Transaction 27080 for <echo.msk.ru IN SOA> on scope dns on eth0/* now complete with <dnssec-failed> from network (unsigned).
Auxiliary DNSSEC RR query failed validation: failed-auxiliary
DNSSEC validation failed for question echo.msk.ru IN A: failed-auxiliary
Transaction 59745 for <echo.msk.ru IN A> on scope dns on eth0/* now complete with <dnssec-failed> from network (unsigned).
Auxiliary DNSSEC RR query failed validation: failed-auxiliary
DNSSEC validation failed for question echo.msk.ru IN AAAA: failed-auxiliary
Transaction 60331 for <echo.msk.ru IN AAAA> on scope dns on eth0/* now complete with <dnssec-failed> from network (unsigned).
Freeing transaction 10489.
Freeing transaction 64922.
Freeing transaction 59745.
Sent message type=error sender=n/a destination=:1.7626 object=n/a interface=n/a member=n/a cookie=6 reply_cookie=2 error=DNSSEC validation failed: failed-auxiliary
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch cookie=7 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.7625 object=n/a interface=n/a member=n/a cookie=8 reply_cookie=7 error=n/a
Freeing transaction 60331.
Freeing transaction 27080.
Freeing transaction 43171.
Freeing transaction 6326.
Freeing transaction 24036.
Freeing transaction 15397.
Freeing transaction 29365.
Freeing transaction 6394.
^CRemoving scope on link eth0, protocol dns, family *
Removing scope on link *, protocol dns, family *
@poettering poettering added this to the v232 milestone Aug 21, 2016
@poettering
Copy link
Member

The interesting lines are probably these ones:

Transaction 43171 for <echo.msk.ru IN DS> on scope dns on eth0/* now complete with <EINVAL> from network (unsigned).
Auxiliary DNSSEC RR query failed with errno

The question is why we get EINVAL there...

@poettering poettering modified the milestones: v233, v232 Oct 20, 2016
@muwlgr
Copy link

muwlgr commented Dec 12, 2016
edited
Loading

Still reproducible in Ubuntu Zesty after systemd upgrade to v. 232-7
happens on very simple domains, like dl.google.com, static.c9.io, etc.

@poettering
Copy link
Member

@mikken hmm, so the lookup you are doing there works fine here with git master at least. Any chance you could retry the lookup locally with current git master? If the issue is still reproducible, and chance you could add the following lines to top of resolved-dns-dnssec.c, resolved-dns-trust-anchor.c, resolved-dns-transaction.c:

#undef EINVAL
#define EINVAL __LINE__

and recompile systemd?

You don't even have to install the git version of systemd for that, all you'd need to do is build it, and run resolved directly from the source tree, after temporarily masking the installed resolved (systemctl mask --now --runtime systemd-resolved).

The above changes are a nice hack that tells us which line precisely generated the EINVAL... It's a debugging hack.

Then, run this, trigger the issue and send me the logs...

@poettering poettering removed this from the v233 milestone Feb 14, 2017
@poettering poettering added the needs-reporter-feedback ❓ There's an unanswered question, the reporter needs to answer label Feb 14, 2017
@mikken
Copy link
Author

mikken commented Feb 14, 2017

Test domain will now be us.ynuf.alipay.com since echo.msk.ru now resolves fine with v232 as well.
alipay.com is unsigned domain, testing is done with DNSSEC=yes, no problems with DNSSEC=no.

Error now looks different:

systemd-resolve us.ynuf.alipay.com
us.ynuf.alipay.com: resolve call failed: Connection timed out

Logs from patched git version:

Positive Trust Anchors:
. IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Using system hostname 'melforce'.
New scope on link *, protocol dns, family *
Found new link 4/vpn0
Found new link 3/br0
Found new link 2/eth0
Found new link 1/lo
New scope on link eth0, protocol dns, family *
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello cookie=1 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=1 reply_cookie=1 error=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RequestName cookie=2 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=4 reply_cookie=2 error=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=3 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=5 reply_cookie=3 error=n/a
Got message type=signal sender=org.freedesktop.DBus destination=:1.5232 object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=2 reply_cookie=0 error=n/a
Got message type=signal sender=org.freedesktop.DBus destination=:1.5232 object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=3 reply_cookie=0 error=n/a
Got message type=method_call sender=:1.5233 destination=org.freedesktop.resolve1 object=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager member=ResolveHostname cookie=2 reply_cookie=0 error=n/a
Looking up RR for us.ynuf.alipay.com IN A.
Looking up RR for us.ynuf.alipay.com IN AAAA.
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=4 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=6 reply_cookie=4 error=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner cookie=5 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=7 reply_cookie=5 error=n/a
Switching to DNS server 192.168.1.6 for interface eth0.
Cache miss for us.ynuf.alipay.com IN A
Transaction 41287 for <us.ynuf.alipay.com IN A> scope dns on */*.
Transaction 41287 for <us.ynuf.alipay.com IN A> on scope dns on */* now complete with <no-servers> from none (unsigned).
Cache miss for us.ynuf.alipay.com IN AAAA
Transaction 9736 for <us.ynuf.alipay.com IN AAAA> scope dns on */*.
Transaction 9736 for <us.ynuf.alipay.com IN AAAA> on scope dns on */* now complete with <no-servers> from none (unsigned).
Cache miss for us.ynuf.alipay.com IN A
Transaction 39394 for <us.ynuf.alipay.com IN A> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 39394.
Using DNS server 192.168.1.6 for transaction 39394.
Sending query packet with id 39394.
Cache miss for us.ynuf.alipay.com IN AAAA
Transaction 19915 for <us.ynuf.alipay.com IN AAAA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 19915.
Using DNS server 192.168.1.6 for transaction 19915.
Sending query packet with id 19915.
Processing incoming packet on transaction 39394.
Verified we get a response at feature level UDP+EDNS0+DO from DNS server 192.168.1.6.
Requesting parent SOA to validate transaction 39394 (us.ynuf.alipay.com, unsigned CNAME/DNAME/DS RRset).
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 12530.
Using DNS server 192.168.1.6 for transaction 12530.
Sending query packet with id 12530.
Processing incoming packet on transaction 19915.
Requesting parent SOA to validate transaction 19915 (us.ynuf.alipay.com, unsigned CNAME/DNAME/DS RRset).
Timeout reached on transaction 12530.
Retrying transaction 12530.
Switching to DNS server fdd5:e0e1:b7b1:1e33::1:6 for interface eth0.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 12530.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 12530.
Sending query packet with id 12530.
Timeout reached on transaction 12530.
Retrying transaction 12530.
Switching to DNS server 192.168.1.6 for interface eth0.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 12530.
Using DNS server 192.168.1.6 for transaction 12530.
Sending query packet with id 12530.
Timeout reached on transaction 12530.
Retrying transaction 12530.
Switching to DNS server fdd5:e0e1:b7b1:1e33::1:6 for interface eth0.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 12530.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 12530.
Sending query packet with id 12530.
Timeout reached on transaction 12530.
Retrying transaction 12530.
Switching to DNS server 192.168.1.6 for interface eth0.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 12530.
Using DNS server 192.168.1.6 for transaction 12530.
Sending query packet with id 12530.
Timeout reached on transaction 12530.
Retrying transaction 12530.
Switching to DNS server fdd5:e0e1:b7b1:1e33::1:6 for interface eth0.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO+LARGE for transaction 12530.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 12530.
Sending query packet with id 12530.
Timeout reached on transaction 12530.
Retrying transaction 12530.
Switching to DNS server 192.168.1.6 for interface eth0.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Lost too many UDP packets, downgrading feature level...
Using degraded feature set (UDP+EDNS0+DO) for DNS server 192.168.1.6.
Using feature level UDP+EDNS0+DO for transaction 12530.
Using DNS server 192.168.1.6 for transaction 12530.
Sending query packet with id 12530.
Timeout reached on transaction 12530.
Retrying transaction 12530.
Switching to DNS server fdd5:e0e1:b7b1:1e33::1:6 for interface eth0.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Lost too many UDP packets, downgrading feature level...
Using degraded feature set (UDP+EDNS0+DO) for DNS server fdd5:e0e1:b7b1:1e33::1:6.
Using feature level UDP+EDNS0+DO for transaction 12530.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 12530.
Sending query packet with id 12530.
Processing incoming packet on transaction 12530.
Server returned error SERVFAIL, retrying transaction with reduced feature level UDP+EDNS0.
Retrying transaction 12530.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0 for transaction 12530.
Sending query packet with id 12530.
Processing incoming packet on transaction 12530.
Server returned error SERVFAIL, retrying transaction with reduced feature level UDP.
Retrying transaction 12530.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Using feature level UDP for transaction 12530.
Sending query packet with id 12530.
Processing incoming packet on transaction 12530.
Server returned error SERVFAIL, retrying transaction with reduced feature level TCP.
Retrying transaction 12530.
Cache miss for ynuf.alipay.com IN SOA
Transaction 12530 for <ynuf.alipay.com IN SOA> scope dns on eth0/*.
Using feature level TCP for transaction 12530.
Sending query via TCP since server doesn't support UDP.
Using feature level TCP for transaction 12530.
Processing incoming packet on transaction 12530.
Server returned error: SERVFAIL
Verified we get a response at feature level TCP from DNS server fdd5:e0e1:b7b1:1e33::1:6.
Requesting DS to validate transaction 12530 (ynuf.alipay.com, unsigned empty SOA/NS response).
Cache miss for ynuf.alipay.com IN DS
Transaction 64479 for <ynuf.alipay.com IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 64479.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 64479.
Sending query packet with id 64479.
Processing incoming packet on transaction 64479.
Verified we get a response at feature level UDP+EDNS0+DO from DNS server fdd5:e0e1:b7b1:1e33::1:6.
Requesting parent SOA to validate transaction 64479 (ynuf.alipay.com, unsigned CNAME/DNAME/DS RRset).
Cache miss for alipay.com IN SOA
Transaction 2876 for <alipay.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 2876.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 2876.
Sending query packet with id 2876.
Processing incoming packet on transaction 2876.
Requesting DS to validate transaction 2876 (alipay.com, unsigned SOA/NS RRset).
Cache miss for alipay.com IN DS
Transaction 23559 for <alipay.com IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 23559.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 23559.
Sending query packet with id 23559.
Processing incoming packet on transaction 23559.
Reply truncated, retrying via TCP.
Using feature level UDP+EDNS0+DO for transaction 23559.
Processing incoming packet on transaction 23559.
Requesting DNSKEY to validate transaction 23559 (CK0POJMG874LJREF7EFN8430QVIT8BSM.com, RRSIG with key tag: 31697).
Cache miss for com IN DNSKEY
Transaction 52416 for <com IN DNSKEY> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 52416.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 52416.
Sending query packet with id 52416.
Requesting DNSKEY to validate transaction 23559 (com, RRSIG with key tag: 31697).
Requesting DNSKEY to validate transaction 23559 (913EP54S0NLD69QHTDQGU6EUJK3UQ2P5.com, RRSIG with key tag: 31697).
Processing incoming packet on transaction 52416.
Reply truncated, retrying via TCP.
Using feature level UDP+EDNS0+DO for transaction 52416.
Processing incoming packet on transaction 52416.
Requesting DS to validate transaction 52416 (com, DNSKEY with key tag: 31697).
Cache miss for com IN DS
Transaction 1240 for <com IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 1240.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 1240.
Sending query packet with id 1240.
Requesting DS to validate transaction 52416 (com, DNSKEY with key tag: 30909).
Processing incoming packet on transaction 1240.
Requesting DNSKEY to validate transaction 1240 (com, RRSIG with key tag: 61045).
Cache miss for . IN DNSKEY
Transaction 51830 for <. IN DNSKEY> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 51830.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 51830.
Sending query packet with id 51830.
Processing incoming packet on transaction 51830.
Reply truncated, retrying via TCP.
Using feature level UDP+EDNS0+DO for transaction 51830.
Processing incoming packet on transaction 51830.
Requesting DS to validate transaction 51830 (., DNSKEY with key tag: 61045).
Requesting DS to validate transaction 51830 (., DNSKEY with key tag: 19036).
Validating response from transaction 51830 (. IN DNSKEY).
Looking at . IN DNSKEY 256 3 RSASHA256 AwEAAYvgWbYkpeGgdPKaKTJU3Us4YSTRgy7+dzvfArIhi2tKoZ/WR1Dfw883SOU6Uw7tpVRkLarN0oIMK/xbOBD1DcXnyfElBwKsz4sVVWmf
                            yr/x+igD/UjrcJ5zEBUrUmVtHyjar7ccaVc1/3ntkhZjI1hcungAlOhPhHlkMeX+5Azx6GdX//An5OgrdyH3o/JmOPMDX1mt806JI/hf0EwA
                            p1pBwo5e8SrSuR1tD3sgNjr6IzCdrKSgqi92z49zcdis3EaY199WFW60DCS7ydu++T5Xa+GyOw1quagwf/JUC/mEpeBQYWrnpkBbpDB3sy4+
                            P2i8iCvavehbRyVm9U0MlIc=
        -- Flags: ZONE_KEY
        -- Key tag: 61045: validated
Found verdict for lookup . IN DNSKEY: secure
Added positive authenticated cache entry for . IN DNSKEY 7200s on eth0/INET6/fdd5:e0e1:b7b1:1e33::1:6
Added positive authenticated cache entry for . IN DNSKEY 7200s on eth0/INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 51830 for <. IN DNSKEY> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 1240 (com IN DS).
Looking at com IN DS 30909 8 2 e2d3c916f6deeac73294e8268fb5885044a833fc5459588f4a9184cfc41a5766: validated
Found verdict for lookup com IN DS: secure
Added positive authenticated cache entry for com IN DS 7200s on */INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 1240 for <com IN DS> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 52416 (com IN DNSKEY).
Looking at com IN DNSKEY 256 3 RSASHA256 AQPIrVL+sww6NOFbc2IB7W0qP3WILOzmKzpHJJ2cv836Laxs/CYb4FNmL1NnYNnCajNl3LbFbWgSj9TraARwr0zdLENyQ3J61afU6BtidT
                              YfACxy6EHQ2Tj/4pooSycdSYy9/+7slfujSZXxvNQsNhjDVHBJLj9BpcliW4PHhX0wZw==
        -- Flags: ZONE_KEY
        -- Key tag: 31697: validated
Found verdict for lookup com IN DNSKEY: secure
Added positive authenticated cache entry for com IN DNSKEY 7200s on eth0/INET6/fdd5:e0e1:b7b1:1e33::1:6
Added positive authenticated cache entry for com IN DNSKEY 7200s on eth0/INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 52416 for <com IN DNSKEY> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 23559 (alipay.com IN DS).
Looking at CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A ( NS SOA RRSIG DNSKEY NSEC3PARAM ): validated
Found verdict for lookup CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3: secure
Looking at 913EP54S0NLD69QHTDQGU6EUJK3UQ2P5.com IN NSEC3 1 1 0 - 913I0QSTK92PQVBN5QUD9IRA2CV80666 ( NS DS RRSIG ): validated
Found verdict for lookup 913EP54S0NLD69QHTDQGU6EUJK3UQ2P5.com IN NSEC3: secure
Looking at com IN SOA a.gtld-servers.net nstld.verisign-grs.com 1487106228 1800 900 604800 86400: validated
Found verdict for lookup com IN SOA: secure
Data is NSEC3 opt-out via NSEC/NSEC3 for transaction 23559 (alipay.com IN DS)
Found verdict for lookup alipay.com IN DS: insecure
Added positive authenticated cache entry for CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 7200s on eth0/INET6/fdd5:e0e1:b7b1:1e33::1:6
Added positive authenticated cache entry for com IN SOA 508s on eth0/INET6/fdd5:e0e1:b7b1:1e33::1:6
Added NODATA cache entry for alipay.com IN DS 508s
Transaction 23559 for <alipay.com IN DS> on scope dns on eth0/* now complete with <success> from network (unsigned).
Validating response from transaction 2876 (alipay.com IN SOA).
Looking at alipay.com IN SOA ns1.alipay.com hm.alipay.com 1702141733 3600 1200 315360000 360: no-signature
Found verdict for lookup alipay.com IN SOA: insecure
Added positive unauthenticated cache entry for alipay.com IN SOA 459s on */INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 2876 for <alipay.com IN SOA> on scope dns on eth0/* now complete with <success> from network (unsigned).
Validating response from transaction 64479 (ynuf.alipay.com IN DS).
Looking at ynuf.alipay.com IN CNAME zhg.alibaba.com: no-signature
Found verdict for lookup ynuf.alipay.com IN CNAME: insecure
Looking at zhg.alibaba.com IN CNAME zhg.gds.alibaba.com: no-signature
Looking at gds.alibaba.com IN SOA gdsns1.alibaba.com hostmaster.gds.alibaba.com 2014072118 1800 600 1814400 300: no-signature
Added positive unauthenticated cache entry for ynuf.alipay.com IN CNAME 458s on */INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 64479 for <ynuf.alipay.com IN DS> on scope dns on eth0/* now complete with <success> from network (unsigned).
Validating response from transaction 12530 (ynuf.alipay.com IN SOA).
Found verdict for lookup ynuf.alipay.com IN SOA: insecure
Transaction 12530 for <ynuf.alipay.com IN SOA> on scope dns on eth0/* now complete with <rcode-failure> from network (unsigned).
Server feature level is now lower than when we began our transaction. Restarting with new ID.
Transaction 39394 is now 64516.
Cache miss for us.ynuf.alipay.com IN A
Transaction 64516 for <us.ynuf.alipay.com IN A> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 64516.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 64516.
Sending query packet with id 64516.
Server feature level is now lower than when we began our transaction. Restarting with new ID.
Transaction 19915 is now 15678.
Cache miss for us.ynuf.alipay.com IN AAAA
Transaction 15678 for <us.ynuf.alipay.com IN AAAA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 15678.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 15678.
Sending query packet with id 15678.
Freeing transaction 12530.
Freeing transaction 64479.
Freeing transaction 2876.
Freeing transaction 23559.
Freeing transaction 52416.
Freeing transaction 1240.
Freeing transaction 51830.
Processing incoming packet on transaction 64516.
Requesting parent SOA to validate transaction 64516 (us.ynuf.alipay.com, unsigned CNAME/DNAME/DS RRset).
Positive cache hit for ynuf.alipay.com IN SOA
Transaction 46803 for <ynuf.alipay.com IN SOA> on scope dns on eth0/* now complete with <success> from cache (unsigned).
Validating response from transaction 64516 (us.ynuf.alipay.com IN A).
Looking at us.ynuf.alipay.com IN CNAME ynuf.alibaba.com: no-signature
Found verdict for lookup us.ynuf.alipay.com IN CNAME: insecure
Looking at ynuf.alibaba.com IN CNAME ynuf.alibaba.com.gds.alibabadns.com: no-signature
Looking at ynuf.alibaba.com.gds.alibabadns.com IN A 198.11.132.225: no-signature
Added positive unauthenticated cache entry for us.ynuf.alipay.com IN CNAME 442s on */INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 64516 for <us.ynuf.alipay.com IN A> on scope dns on eth0/* now complete with <success> from network (unsigned).
Processing incoming packet on transaction 15678.
Requesting parent SOA to validate transaction 15678 (us.ynuf.alipay.com, unsigned CNAME/DNAME/DS RRset).
Validating response from transaction 15678 (us.ynuf.alipay.com IN AAAA).
Looking at us.ynuf.alipay.com IN CNAME ynuf.alibaba.com: no-signature
Found verdict for lookup us.ynuf.alipay.com IN CNAME: insecure
Looking at ynuf.alibaba.com IN CNAME ynuf.alibaba.com.gds.alibabadns.com: no-signature
Looking at gds.alibabadns.com IN SOA gdsns1.alibabadns.com none 2015080610 1800 600 3600 360: no-signature
Added positive unauthenticated cache entry for us.ynuf.alipay.com IN CNAME 442s on */INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 15678 for <us.ynuf.alipay.com IN AAAA> on scope dns on eth0/* now complete with <success> from network (unsigned).
Freeing transaction 41287.
Freeing transaction 9736.
Freeing transaction 64516.
Following CNAME/DNAME us.ynuf.alipay.com → ynuf.alibaba.com.
Cache miss for ynuf.alibaba.com IN AAAA
Transaction 11066 for <ynuf.alibaba.com IN AAAA> scope dns on */*.
Transaction 11066 for <ynuf.alibaba.com IN AAAA> on scope dns on */* now complete with <no-servers> from none (unsigned).
Cache miss for ynuf.alibaba.com IN A
Transaction 54349 for <ynuf.alibaba.com IN A> scope dns on */*.
Transaction 54349 for <ynuf.alibaba.com IN A> on scope dns on */* now complete with <no-servers> from none (unsigned).
Cache miss for ynuf.alibaba.com IN A
Transaction 60739 for <ynuf.alibaba.com IN A> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 60739.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 60739.
Sending query packet with id 60739.
Cache miss for ynuf.alibaba.com IN AAAA
Transaction 46947 for <ynuf.alibaba.com IN AAAA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 46947.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 46947.
Sending query packet with id 46947.
Freeing transaction 15678.
Freeing transaction 46803.
Processing incoming packet on transaction 60739.
Requesting parent SOA to validate transaction 60739 (ynuf.alibaba.com, unsigned CNAME/DNAME/DS RRset).
Cache miss for alibaba.com IN SOA
Transaction 37136 for <alibaba.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 37136.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 37136.
Sending query packet with id 37136.
Processing incoming packet on transaction 46947.
Requesting parent SOA to validate transaction 46947 (ynuf.alibaba.com, unsigned CNAME/DNAME/DS RRset).
Processing incoming packet on transaction 37136.
Requesting DS to validate transaction 37136 (alibaba.com, unsigned SOA/NS RRset).
Cache miss for alibaba.com IN DS
Transaction 21802 for <alibaba.com IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 21802.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 21802.
Sending query packet with id 21802.
Processing incoming packet on transaction 21802.
Reply truncated, retrying via TCP.
Using feature level UDP+EDNS0+DO for transaction 21802.
Processing incoming packet on transaction 21802.
Requesting DNSKEY to validate transaction 21802 (CK0POJMG874LJREF7EFN8430QVIT8BSM.com, RRSIG with key tag: 31697).
Positive cache hit for com IN DNSKEY
Transaction 64653 for <com IN DNSKEY> on scope dns on eth0/* now complete with <success> from cache (authenticated).
Requesting DNSKEY to validate transaction 21802 (com, RRSIG with key tag: 31697).
Requesting DNSKEY to validate transaction 21802 (NGE65DLSJCLC9QR1249PGSN8T90UIC9P.com, RRSIG with key tag: 31697).
Validating response from transaction 21802 (alibaba.com IN DS).
Looking at CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A ( NS SOA RRSIG DNSKEY NSEC3PARAM ): validated
Found verdict for lookup CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3: secure
Looking at NGE65DLSJCLC9QR1249PGSN8T90UIC9P.com IN NSEC3 1 1 0 - NGE6NK76B15BAQLI82VS8LDBOBLPJHLI ( NS DS RRSIG ): validated
Found verdict for lookup NGE65DLSJCLC9QR1249PGSN8T90UIC9P.com IN NSEC3: secure
Looking at com IN SOA a.gtld-servers.net nstld.verisign-grs.com 1487106228 1800 900 604800 86400: validated
Found verdict for lookup com IN SOA: secure
Data is NSEC3 opt-out via NSEC/NSEC3 for transaction 21802 (alibaba.com IN DS)
Found verdict for lookup alibaba.com IN DS: insecure
Added positive authenticated cache entry for CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 7200s on eth0/INET6/fdd5:e0e1:b7b1:1e33::1:6
Added positive authenticated cache entry for com IN SOA 508s on eth0/INET6/fdd5:e0e1:b7b1:1e33::1:6
Added NODATA cache entry for alibaba.com IN DS 508s
Transaction 21802 for <alibaba.com IN DS> on scope dns on eth0/* now complete with <success> from network (unsigned).
Validating response from transaction 37136 (alibaba.com IN SOA).
Looking at alibaba.com IN SOA nsp.alibabaonline.com dnsadmin.alibaba-inc.com 1337538821 300 900 2592000 600: no-signature
Found verdict for lookup alibaba.com IN SOA: insecure
Added positive unauthenticated cache entry for alibaba.com IN SOA 7200s on */INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 37136 for <alibaba.com IN SOA> on scope dns on eth0/* now complete with <success> from network (unsigned).
Validating response from transaction 60739 (ynuf.alibaba.com IN A).
Looking at ynuf.alibaba.com IN CNAME ynuf.alibaba.com.gds.alibabadns.com: no-signature
Found verdict for lookup ynuf.alibaba.com IN CNAME: insecure
Looking at ynuf.alibaba.com.gds.alibabadns.com IN A 198.11.132.225: no-signature
Added positive unauthenticated cache entry for ynuf.alibaba.com IN CNAME 442s on */INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 60739 for <ynuf.alibaba.com IN A> on scope dns on eth0/* now complete with <success> from network (unsigned).
Validating response from transaction 46947 (ynuf.alibaba.com IN AAAA).
Looking at ynuf.alibaba.com IN CNAME ynuf.alibaba.com.gds.alibabadns.com: no-signature
Found verdict for lookup ynuf.alibaba.com IN CNAME: insecure
Looking at gds.alibabadns.com IN SOA gdsns1.alibabadns.com none 2015080610 1800 600 3600 360: no-signature
Added positive unauthenticated cache entry for ynuf.alibaba.com IN CNAME 442s on */INET6/fdd5:e0e1:b7b1:1e33::1:6
Transaction 46947 for <ynuf.alibaba.com IN AAAA> on scope dns on eth0/* now complete with <success> from network (unsigned).
Freeing transaction 11066.
Freeing transaction 54349.
Freeing transaction 60739.
Following CNAME/DNAME ynuf.alibaba.com → ynuf.alibaba.com.gds.alibabadns.com.
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN A
Transaction 60028 for <ynuf.alibaba.com.gds.alibabadns.com IN A> scope dns on */*.
Transaction 60028 for <ynuf.alibaba.com.gds.alibabadns.com IN A> on scope dns on */* now complete with <no-servers> from none (unsigned).
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN AAAA
Transaction 1024 for <ynuf.alibaba.com.gds.alibabadns.com IN AAAA> scope dns on */*.
Transaction 1024 for <ynuf.alibaba.com.gds.alibabadns.com IN AAAA> on scope dns on */* now complete with <no-servers> from none (unsigned).
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN AAAA
Transaction 21648 for <ynuf.alibaba.com.gds.alibabadns.com IN AAAA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 21648.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 21648.
Sending query packet with id 21648.
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN A
Transaction 933 for <ynuf.alibaba.com.gds.alibabadns.com IN A> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 933.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 933.
Sending query packet with id 933.
Freeing transaction 46947.
Freeing transaction 37136.
Freeing transaction 21802.
Freeing transaction 64653.
Processing incoming packet on transaction 21648.
Requesting SOA to validate transaction 21648 (ynuf.alibaba.com.gds.alibabadns.com, unsigned empty non-SOA/NS/DS response).
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN SOA
Transaction 11199 for <ynuf.alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 11199.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 11199.
Sending query packet with id 11199.
Processing incoming packet on transaction 933.
Requesting SOA to validate transaction 933 (ynuf.alibaba.com.gds.alibabadns.com, unsigned non-SOA/NS RRset <ynuf.alibaba.com.gds.alibabadns.com IN A 198.11.132.225>).
Timeout reached on transaction 11199.
Retrying transaction 11199.
Switching to DNS server 192.168.1.6 for interface eth0.
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN SOA
Transaction 11199 for <ynuf.alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 11199.
Using DNS server 192.168.1.6 for transaction 11199.
Sending query packet with id 11199.
Timeout reached on transaction 11199.
Retrying transaction 11199.
Switching to DNS server fdd5:e0e1:b7b1:1e33::1:6 for interface eth0.
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN SOA
Transaction 11199 for <ynuf.alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 11199.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 11199.
Sending query packet with id 11199.
Timeout reached on transaction 11199.
Retrying transaction 11199.
Switching to DNS server 192.168.1.6 for interface eth0.
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN SOA
Transaction 11199 for <ynuf.alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 11199.
Using DNS server 192.168.1.6 for transaction 11199.
Sending query packet with id 11199.
Timeout reached on transaction 11199.
Retrying transaction 11199.
Switching to DNS server fdd5:e0e1:b7b1:1e33::1:6 for interface eth0.
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN SOA
Transaction 11199 for <ynuf.alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 11199.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 11199.
Sending query packet with id 11199.
Processing incoming packet on transaction 11199.
Server returned error SERVFAIL, retrying transaction with reduced feature level UDP+EDNS0.
Retrying transaction 11199.
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN SOA
Transaction 11199 for <ynuf.alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0 for transaction 11199.
Sending query packet with id 11199.
Processing incoming packet on transaction 11199.
Server returned error SERVFAIL, retrying transaction with reduced feature level UDP.
Retrying transaction 11199.
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN SOA
Transaction 11199 for <ynuf.alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP for transaction 11199.
Sending query packet with id 11199.
Processing incoming packet on transaction 11199.
Server returned error SERVFAIL, retrying transaction with reduced feature level TCP.
Retrying transaction 11199.
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN SOA
Transaction 11199 for <ynuf.alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level TCP for transaction 11199.
Sending query via TCP since server doesn't support UDP.
Using feature level TCP for transaction 11199.
Processing incoming packet on transaction 11199.
Server returned error: SERVFAIL
Requesting DS to validate transaction 11199 (ynuf.alibaba.com.gds.alibabadns.com, unsigned empty SOA/NS response).
Cache miss for ynuf.alibaba.com.gds.alibabadns.com IN DS
Transaction 19359 for <ynuf.alibaba.com.gds.alibabadns.com IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 19359.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 19359.
Sending query packet with id 19359.
Processing incoming packet on transaction 19359.
Requesting parent SOA to validate transaction 19359 (ynuf.alibaba.com.gds.alibabadns.com, unsigned empty DS response).
Cache miss for alibaba.com.gds.alibabadns.com IN SOA
Transaction 46794 for <alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 46794.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 46794.
Sending query packet with id 46794.
Timeout reached on transaction 46794.
Retrying transaction 46794.
Switching to DNS server 192.168.1.6 for interface eth0.
Cache miss for alibaba.com.gds.alibabadns.com IN SOA
Transaction 46794 for <alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 46794.
Using DNS server 192.168.1.6 for transaction 46794.
Sending query packet with id 46794.
Got message type=method_call sender=:1.5234 destination=org.freedesktop.resolve1 object=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager member=ResolveHostname cookie=2 reply_cookie=0 error=n/a
Looking up RR for lleo.me IN A.
Looking up RR for lleo.me IN AAAA.
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=6 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=8 reply_cookie=6 error=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner cookie=7 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=9 reply_cookie=7 error=n/a
Cache miss for lleo.me IN A
Transaction 55807 for <lleo.me IN A> scope dns on */*.
Transaction 55807 for <lleo.me IN A> on scope dns on */* now complete with <no-servers> from none (unsigned).
Cache miss for lleo.me IN AAAA
Transaction 2806 for <lleo.me IN AAAA> scope dns on */*.
Transaction 2806 for <lleo.me IN AAAA> on scope dns on */* now complete with <no-servers> from none (unsigned).
Cache miss for lleo.me IN A
Transaction 914 for <lleo.me IN A> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 914.
Using DNS server 192.168.1.6 for transaction 914.
Sending query packet with id 914.
Cache miss for lleo.me IN AAAA
Transaction 2432 for <lleo.me IN AAAA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 2432.
Using DNS server 192.168.1.6 for transaction 2432.
Sending query packet with id 2432.
Processing incoming packet on transaction 914.
Requesting SOA to validate transaction 914 (lleo.me, unsigned non-SOA/NS RRset <lleo.me IN A 104.18.37.157>).
Cache miss for lleo.me IN SOA
Transaction 62368 for <lleo.me IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 62368.
Using DNS server 192.168.1.6 for transaction 62368.
Sending query packet with id 62368.
Requesting SOA to validate transaction 914 (lleo.me, unsigned non-SOA/NS RRset <lleo.me IN A 104.18.36.157>).
Processing incoming packet on transaction 2432.
Requesting SOA to validate transaction 2432 (lleo.me, unsigned non-SOA/NS RRset <lleo.me IN AAAA 2400:cb00:2048:1::6812:249d>).
Requesting SOA to validate transaction 2432 (lleo.me, unsigned non-SOA/NS RRset <lleo.me IN AAAA 2400:cb00:2048:1::6812:259d>).
Processing incoming packet on transaction 62368.
Requesting DS to validate transaction 62368 (lleo.me, unsigned SOA/NS RRset).
Cache miss for lleo.me IN DS
Transaction 50586 for <lleo.me IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 50586.
Using DNS server 192.168.1.6 for transaction 50586.
Sending query packet with id 50586.
Processing incoming packet on transaction 50586.
Reply truncated, retrying via TCP.
Using feature level UDP+EDNS0+DO for transaction 50586.
Processing incoming packet on transaction 50586.
Requesting DNSKEY to validate transaction 50586 (me, RRSIG with key tag: 57618).
Cache miss for me IN DNSKEY
Transaction 14603 for <me IN DNSKEY> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 14603.
Using DNS server 192.168.1.6 for transaction 14603.
Sending query packet with id 14603.
Requesting DNSKEY to validate transaction 50586 (fsip6fkr2u8cf2kkg7scot4glihao6s1.me, RRSIG with key tag: 57618).
Requesting DNSKEY to validate transaction 50586 (jnodn4gqdall553lnbo8gbf9ru6sa3f0.me, RRSIG with key tag: 57618).
Processing incoming packet on transaction 14603.
Reply truncated, retrying via TCP.
Using feature level UDP+EDNS0+DO for transaction 14603.
Processing incoming packet on transaction 14603.
Requesting DS to validate transaction 14603 (me, DNSKEY with key tag: 57618).
Cache miss for me IN DS
Transaction 27715 for <me IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 27715.
Using DNS server 192.168.1.6 for transaction 27715.
Sending query packet with id 27715.
Requesting DS to validate transaction 14603 (me, DNSKEY with key tag: 2208).
Requesting DS to validate transaction 14603 (me, DNSKEY with key tag: 2569).
Requesting DS to validate transaction 14603 (me, DNSKEY with key tag: 53233).
Processing incoming packet on transaction 27715.
Requesting DNSKEY to validate transaction 27715 (me, RRSIG with key tag: 61045).
Cache miss for . IN DNSKEY
Transaction 42570 for <. IN DNSKEY> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 42570.
Using DNS server 192.168.1.6 for transaction 42570.
Sending query packet with id 42570.
Processing incoming packet on transaction 42570.
Reply truncated, retrying via TCP.
Using feature level UDP+EDNS0+DO for transaction 42570.
Processing incoming packet on transaction 42570.
Requesting DS to validate transaction 42570 (., DNSKEY with key tag: 61045).
Requesting DS to validate transaction 42570 (., DNSKEY with key tag: 19036).
Validating response from transaction 42570 (. IN DNSKEY).
Looking at . IN DNSKEY 256 3 RSASHA256 AwEAAYvgWbYkpeGgdPKaKTJU3Us4YSTRgy7+dzvfArIhi2tKoZ/WR1Dfw883SOU6Uw7tpVRkLarN0oIMK/xbOBD1DcXnyfElBwKsz4sVVWmf
                            yr/x+igD/UjrcJ5zEBUrUmVtHyjar7ccaVc1/3ntkhZjI1hcungAlOhPhHlkMeX+5Azx6GdX//An5OgrdyH3o/JmOPMDX1mt806JI/hf0EwA
                            p1pBwo5e8SrSuR1tD3sgNjr6IzCdrKSgqi92z49zcdis3EaY199WFW60DCS7ydu++T5Xa+GyOw1quagwf/JUC/mEpeBQYWrnpkBbpDB3sy4+
                            P2i8iCvavehbRyVm9U0MlIc=
        -- Flags: ZONE_KEY
        -- Key tag: 61045: validated
Found verdict for lookup . IN DNSKEY: secure
Added positive authenticated cache entry for . IN DNSKEY 7200s on eth0/INET/192.168.1.6
Added positive authenticated cache entry for . IN DNSKEY 7200s on eth0/INET/192.168.1.6
Transaction 42570 for <. IN DNSKEY> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 27715 (me IN DS).
Looking at me IN DS 2569 7 1 09ba1eb4d20402620881fd9848994417800db26a: validated
Found verdict for lookup me IN DS: secure
Added positive authenticated cache entry for me IN DS 7200s on */INET/192.168.1.6
Added positive authenticated cache entry for me IN DS 7200s on */INET/192.168.1.6
Transaction 27715 for <me IN DS> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 14603 (me IN DNSKEY).
Looking at me IN DNSKEY 256 3 RSASHA1-NSEC3-SHA1 AwEAAax9XReMD5glsfOCeSyU3oNYKVw5hfWm8hFYSkyxZWuCm/FK70X0NZRlVJ1ac7zohq+0gmn74bpsXNtCsfWg5Ij/FwdTHk
                                      M8zI/uRehg6Jfdzu2lXjICBf4iffW5BTHqgorwCHEY/dMLVi0v4Q2wIFOFAskQRqrnQZLKEjjXyt7L
        -- Flags: ZONE_KEY
        -- Key tag: 57618: validated
Found verdict for lookup me IN DNSKEY: secure
Added positive authenticated cache entry for me IN DNSKEY 600s on eth0/INET/192.168.1.6
Added positive authenticated cache entry for me IN DNSKEY 600s on eth0/INET/192.168.1.6
Added positive authenticated cache entry for me IN DNSKEY 600s on eth0/INET/192.168.1.6
Added positive authenticated cache entry for me IN DNSKEY 600s on eth0/INET/192.168.1.6
Transaction 14603 for <me IN DNSKEY> on scope dns on eth0/* now complete with <success> from network (authenticated).
Validating response from transaction 50586 (lleo.me IN DS).
Looking at fsip6fkr2u8cf2kkg7scot4glihao6s1.me IN NSEC3 1 1 1 d399eaab FSKPKSN7KA65C6KINMB572AU38E1PJKI ( NS SOA RRSIG DNSKEY NSEC3PARAM ): validated
Found verdict for lookup fsip6fkr2u8cf2kkg7scot4glihao6s1.me IN NSEC3: secure
Looking at jnodn4gqdall553lnbo8gbf9ru6sa3f0.me IN NSEC3 1 1 1 d399eaab JNTFVCDRBVAF19UJAOHL6SH5M8KU42CQ ( A RRSIG ): validated
Found verdict for lookup jnodn4gqdall553lnbo8gbf9ru6sa3f0.me IN NSEC3: secure
Looking at me IN SOA ns.nic.me noc.afilias-nst.info 2010304404 3600 3600 3600000 8400: validated
Found verdict for lookup me IN SOA: secure
Data is NSEC3 opt-out via NSEC/NSEC3 for transaction 50586 (lleo.me IN DS)
Found verdict for lookup lleo.me IN DS: insecure
Added positive authenticated cache entry for fsip6fkr2u8cf2kkg7scot4glihao6s1.me IN NSEC3 7200s on eth0/INET/192.168.1.6
Added positive authenticated cache entry for jnodn4gqdall553lnbo8gbf9ru6sa3f0.me IN NSEC3 7200s on eth0/INET/192.168.1.6
Added positive authenticated cache entry for me IN SOA 899s on eth0/INET/192.168.1.6
Added NODATA cache entry for lleo.me IN DS 899s
Transaction 50586 for <lleo.me IN DS> on scope dns on eth0/* now complete with <success> from network (unsigned).
Validating response from transaction 62368 (lleo.me IN SOA).
Looking at lleo.me IN SOA brit.ns.cloudflare.com dns.cloudflare.com 2023808237 10000 2400 604800 3600: no-signature
Found verdict for lookup lleo.me IN SOA: insecure
Added positive unauthenticated cache entry for lleo.me IN SOA 7200s on */INET/192.168.1.6
Transaction 62368 for <lleo.me IN SOA> on scope dns on eth0/* now complete with <success> from network (unsigned).
Validating response from transaction 914 (lleo.me IN A).
Looking at lleo.me IN A 104.18.37.157: no-signature
Found verdict for lookup lleo.me IN A: insecure
Added positive unauthenticated cache entry for lleo.me IN A 600s on */INET/192.168.1.6
Added positive unauthenticated cache entry for lleo.me IN A 600s on */INET/192.168.1.6
Transaction 914 for <lleo.me IN A> on scope dns on eth0/* now complete with <success> from network (unsigned).
Validating response from transaction 2432 (lleo.me IN AAAA).
Looking at lleo.me IN AAAA 2400:cb00:2048:1::6812:249d: no-signature
Found verdict for lookup lleo.me IN AAAA: insecure
Added positive unauthenticated cache entry for lleo.me IN AAAA 600s on */INET/192.168.1.6
Added positive unauthenticated cache entry for lleo.me IN AAAA 600s on */INET/192.168.1.6
Transaction 2432 for <lleo.me IN AAAA> on scope dns on eth0/* now complete with <success> from network (unsigned).
Freeing transaction 55807.
Freeing transaction 2806.
Freeing transaction 914.
Sent message type=method_return sender=n/a destination=:1.5234 object=n/a interface=n/a member=n/a cookie=8 reply_cookie=2 error=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch cookie=9 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=10 reply_cookie=9 error=n/a
Freeing transaction 2432.
Freeing transaction 62368.
Freeing transaction 50586.
Freeing transaction 14603.
Freeing transaction 27715.
Freeing transaction 42570.
Timeout reached on transaction 46794.
Retrying transaction 46794.
Switching to DNS server fdd5:e0e1:b7b1:1e33::1:6 for interface eth0.
Cache miss for alibaba.com.gds.alibabadns.com IN SOA
Transaction 46794 for <alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 46794.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 46794.
Sending query packet with id 46794.
Timeout reached on transaction 46794.
Retrying transaction 46794.
Switching to DNS server 192.168.1.6 for interface eth0.
Cache miss for alibaba.com.gds.alibabadns.com IN SOA
Transaction 46794 for <alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 46794.
Using DNS server 192.168.1.6 for transaction 46794.
Sending query packet with id 46794.
Timeout reached on transaction 46794.
Retrying transaction 46794.
Switching to DNS server fdd5:e0e1:b7b1:1e33::1:6 for interface eth0.
Cache miss for alibaba.com.gds.alibabadns.com IN SOA
Transaction 46794 for <alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 46794.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 46794.
Sending query packet with id 46794.
Processing incoming packet on transaction 46794.
Server returned error SERVFAIL, retrying transaction with reduced feature level UDP+EDNS0.
Retrying transaction 46794.
Cache miss for alibaba.com.gds.alibabadns.com IN SOA
Transaction 46794 for <alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0 for transaction 46794.
Sending query packet with id 46794.
Processing incoming packet on transaction 46794.
Server returned error SERVFAIL, retrying transaction with reduced feature level UDP.
Retrying transaction 46794.
Cache miss for alibaba.com.gds.alibabadns.com IN SOA
Transaction 46794 for <alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP for transaction 46794.
Sending query packet with id 46794.
Processing incoming packet on transaction 46794.
Server returned error SERVFAIL, retrying transaction with reduced feature level TCP.
Retrying transaction 46794.
Cache miss for alibaba.com.gds.alibabadns.com IN SOA
Transaction 46794 for <alibaba.com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level TCP for transaction 46794.
Sending query via TCP since server doesn't support UDP.
Using feature level TCP for transaction 46794.
Processing incoming packet on transaction 46794.
Server returned error: SERVFAIL
Requesting DS to validate transaction 46794 (alibaba.com.gds.alibabadns.com, unsigned empty SOA/NS response).
Cache miss for alibaba.com.gds.alibabadns.com IN DS
Transaction 5295 for <alibaba.com.gds.alibabadns.com IN DS> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 5295.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 5295.
Sending query packet with id 5295.
Processing incoming packet on transaction 5295.
Requesting parent SOA to validate transaction 5295 (alibaba.com.gds.alibabadns.com, unsigned empty DS response).
Cache miss for com.gds.alibabadns.com IN SOA
Transaction 12205 for <com.gds.alibabadns.com IN SOA> scope dns on eth0/*.
Using feature level UDP+EDNS0+DO for transaction 12205.
Using DNS server fdd5:e0e1:b7b1:1e33::1:6 for transaction 12205.
Sending query packet with id 12205.
Got message type=signal sender=org.freedesktop.DBus destination=n/a object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameOwnerChanged cookie=11 reply_cookie=0 error=n/a
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch cookie=10 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=12 reply_cookie=10 error=n/a
Client of active query vanished, aborting query.
Freeing transaction 60028.
Freeing transaction 1024.
Freeing transaction 21648.
Freeing transaction 933.
Freeing transaction 11199.
Freeing transaction 19359.
Freeing transaction 46794.
Freeing transaction 5295.
Freeing transaction 12205.
Sent message type=error sender=n/a destination=:1.5233 object=n/a interface=n/a member=n/a cookie=11 reply_cookie=2 error=Query aborted
Got message type=error sender=org.freedesktop.DBus destination=:1.5232 object=n/a interface=n/a member=n/a cookie=13 reply_cookie=11 error=The name :1.5233 was not provided by any .service files
^CRemoving scope on link eth0, protocol dns, family *
Removing scope on link *, protocol dns, family *

poettering added a commit to poettering/systemd that referenced this issue Feb 15, 2017
@poettering
resolved: extend various timeouts
0292afa 
Let's increase a number of timeouts as they apparently are too short for
some real-world lookups.

See:

systemd#4003 (comment)

In particular we change the following timeouts:

1) The first UDP retry we increase 500ms → 750ms. This is a good idea,
   since some servers need relatively long responses for trivial lookups,
   and giving up our first attempt also has the effect of trying a
   different server for the next attempt which has the side effect that
   we'll run two down-grade iterations in parallel, on both servers.
   Hence, let's give servers a bit more time in the first iteration.

2) Permit 24 retries instead of just 16 per transactions. If we end up
   downgrading all the way down to UDP for a lookup we already need 5
   iterations for that. If we want permit a couple of lost packages for
   each (let's say 4), then we already need 20 iterations.

3) Increase the overall query timeout on the service side to 60s (from
   45s), simply because very long and slow DNSSEC + CNAME chains (such as
   us.ynuf.alipay.com) hit this boundary too easily. The client side
   timeout for the bus method call is increased to 90s, in order to have
   room for the dbus reply to go through
@poettering
Copy link
Member

@mikken uh, seems that domain is actively evil.They responde to requests for SOA with SERVFAIL and delay each such reply for at least 1s. We use that looking for zone cuts, and as we cannot distuingish SERVFAIL as meaning "i don't speak the protocol version you are asking for" from "i am a weird domain which always responds SERVFAIL to SOA requests", we end up downgrading our protocol iteratively in the hope it's just a protocol issue. That takes a lot of time, which eventually makes us hit the timeout...

In #5347 i have now pushed a couple of fixes which will make things a bit faster, while at the same time making the timeouts longer. The lookup is still super-slow due to all the lookups involved (as they mix that with tons of CNAMEs), but at least works reliably here now. It's a pretty nasty situation...

@mikken
Copy link
Author

mikken commented Feb 16, 2017

Ok, I guess this is fixed then since other domains seem to resolve.

@mikken mikken closed this as completed Feb 16, 2017
poettering added a commit to poettering/systemd that referenced this issue Feb 17, 2017
@poettering
resolved: extend various timeouts
74a3ed7 
Let's increase a number of timeouts as they apparently are too short for
some real-world lookups.

See:

systemd#4003 (comment)

In particular we change the following timeouts:

1) The first UDP retry we increase 500ms → 750ms. This is a good idea,
   since some servers need relatively long responses for trivial lookups,
   and giving up our first attempt also has the effect of trying a
   different server for the next attempt which has the side effect that
   we'll run two down-grade iterations in parallel, on both servers.
   Hence, let's give servers a bit more time in the first iteration.

2) Permit 24 retries instead of just 16 per transactions. If we end up
   downgrading all the way down to UDP for a lookup we already need 5
   iterations for that. If we want permit a couple of lost packages for
   each (let's say 4), then we already need 20 iterations.

3) Increase the overall query timeout on the service side to 60s (from
   45s), simply because very long and slow DNSSEC + CNAME chains (such as
   us.ynuf.alipay.com) hit this boundary too easily. The client side
   timeout for the bus method call is increased to 90s, in order to have
   room for the dbus reply to go through
@q2dg
Copy link

q2dg commented Sep 30, 2017
edited
Loading

I have this error with every domain in Internet the first time I run systemd-resolve but the second time it just works fine. It's very strange...and worrying

EDIT: I'm using Fedora 26, Systemd v233

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-reporter-feedback ❓ There's an unanswered question, the reporter needs to answer resolve
Milestone
No milestone
Development

No branches or pull requests
4 participants
@muwlgr @poettering @mikken @q2dg