On F27 I have install bind-9.11.1-9.P3.fc27.x86_64 and configure it to
allow a internal dns server resolver for my local lan.
For some domain it's not possible to resolve the host name and into log
I get this error:
For example:
# host -ta www.osra.it
gen 11 16:18:34 named[1347]: bad cookie from 212.239.62.207#53
gen 11 16:18:34 named[1347]: bad cookie from 212.239.62.207#53
gen 11 16:18:39 named[1347]: bad cookie from 213.217.168.3#53
gen 11 16:18:39 named[1347]: bad cookie from 213.217.168.3#53
gen 11 16:18:39 named[1347]: bad cookie from 212.239.62.132#53
gen 11 16:18:39 named[1347]: bad cookie from 212.239.62.132#53
gen 11 16:18:40 named[1347]: bad cookie from 213.217.168.3#53
gen 11 16:18:40 named[1347]: bad cookie from 212.239.62.132#53
gen 11 16:18:41 named[1347]: bad cookie from 212.239.62.207#53
gen 11 16:18:42 named[1347]: bad cookie from 212.239.62.132#53
;; connection timed out; no servers could be reached
If I repeat the command 2 or 3 time, after a while the name is
resolved, but if I restart named the problem appears again
The only way to resolve this issue is disable use of cookies adding
this option to named.conf.
send-cookie no;
But this approach is deprecated:
> We don't recommend doing this, except in extremis. .. However, it is
> possible to disable the use of DNS COOKIE on your server entirely if
> you really need too (we hope that this is a temporary measure only):
> https://kb.isc.org/article/AA-01387/0/DNS-Cookies-in-BIND-9.10-and-9.11.html
Some suggest?
Many thanks
--
Dario Lesca
(inviato dal mio Linux Fedora 27 Workstation)
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
