Re: pkg DNS issue

Reply: Maku Bex : "Re: pkg DNS issue"
In reply to: Maku Bex : "Re: pkg DNS issue"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Paul Vixie <paul_at_redbarn.org>
Date: Mon, 14 Jul 2025 20:15:28 UTC
On Sunday, July 13, 2025 2:43:00 AM UTC Maku Bex wrote:
> Paul Procacci wrote:
> > On Sat, Jul 12, 2025 at 8:30 PM Maku Bex <zagazaw2004@gmail.com> wrote:
> >> Elaborate.
> >> 
> >> Paul Vixie wrote:
> >>> I see no srv records here.
> > 
> > Like Maku, I'm a bit perplexed.My question is, you see no records where?
> > ...

here:

> drill pkg.freebsd.org
>
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 20313
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;; pkg.freebsd.org. IN  A
>
> ;; ANSWER SECTION:
> pkg.freebsd.org.    300 IN  CNAME   pkgmir.geo.freebsd.org.
> pkgmir.geo.freebsd.org. 150 IN  A   173.228.147.98
>
> ;; AUTHORITY SECTION:
>
> ;; ADDITIONAL SECTION:
>
> ;; Query time: 294 msec
> ;; SERVER: 149.112.112.112
> ;; WHEN: Fri Jul 11 23:49:16 2025
> ;; MSG SIZE  rcvd: 74

that's not the domain name where SRV RR's would appear, as shown later in the 
thread (see below), and show a CNAME and an A but no SRV.

> # host -t SRV _http._tcp.pkg.FreeBSD.org
> _http._tcp.pkg.FreeBSD.org has SRV record 50 10 80 pkg0.pao.freebsd.org.
> _http._tcp.pkg.FreeBSD.org has SRV record 10 10 80 pkgmir.geo.freebsd.org.
> _http._tcp.pkg.FreeBSD.org has SRV record 50 10 80 pkg0.tuk.freebsd.org.
> _http._tcp.pkg.FreeBSD.org has SRV record 50 10 80 pkg0.nyi.freebsd.org.
> _http._tcp.pkg.FreeBSD.org has SRV record 50 10 80 pkg0.sjb.freebsd.org.

the "drill" example is doubly misleading, since in RFC 2782 we said:

   Target
        The domain name of the target host.  There MUST be one or more
        address records for this name, the name MUST NOT be an alias (in
        the sense of RFC 1034 or RFC 2181).  Implementors are urged, but
        not required, to return the address record(s) in the Additional
        Data section.  Unless and until permitted by future standards
        action, name compression is not to be used for this field.

note that aliases aren't allowed; the target of an SRV must be a name holding 
an A (or more recently AAAA). it was the CNAME which caught my eye. note also 
from RFC 2782:

   Name
        The domain this RR refers to.  The SRV RR is unique in that the
        name one searches for is not this name; the example near the end
        shows this clearly.

so when you did a "drill" against the name your client would be using, i knew 
you would never find an SRV there.

thus my reply. sorry to be so terse, i was on a mobile device in a hotel room.

-- 
Paul Vixie