[Dnscheck-dev] Filter not working

Anand Buddhdev anandb at ripe.net
Mon Jan 27 18:33:46 UTC 2014


On 27/01/2014 11:33, Anand Buddhdev wrote:

Hi Calle,

> This comment made me look closer, and I noticed my problem. I named my
> file config.yml, whereas DNSCheck is looking for config.yaml with an
> extra 'a' :)

So I fixed the name of the file, and now DNSCheck correctly applies the
filter I defined.

My next task is to complete this filter by defining all the various
tests that would normally result in an error, and downgrade them to
warnings. My use case is as follows:

When testing a zone, if one of the name servers for it is ns.ripe.net,
and checking ns.ripe.net results in a REFUSED or SERVFAIL response for
the SOA query of that zone, I want to downgrade that error to a warning.
Looking at the list of possible messages, I have come up with this list:

DNS:SOA_SERVFAIL (193.0.9.6 & 2001:67c:e0::6)
NAMESERVER:NOT_AUTH (ns.ripe.net, 193.0.9.6)

However, I have noticed that DNSCheck gives different results for tests
over IPv6. Instead of NOT_AUTH, it reports:

NAMESERVER:NO_UDP ns.ripe.net;2001:67c:e0:0:0:0:0:6;14.109.in-addr.arpa
NAMESERVER:NO_TCP ns.ripe.net;2001:67c:e0:0:0:0:0:6;14.109.in-addr.arpa

It's the same server (ns.ripe.net), giving the same SERVFAIL response
for that zone, over both IPv4 and IPv6, but DNSCheck appears to be
classifying the errors differently. Do you know why this is the case?

Anand


More information about the Dnscheck-dev mailing list