Community discussions

MikroTik App
 
bbs2web
Member Candidate
Member Candidate
Topic Author
Posts: 232
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

IP Cloud - DDNS zone structure problem

Fri Mar 19, 2021 11:46 pm

The following appears to be falling on deaf ears, really hoping that MikroTik fix the problem with the IP Cloud dynamic DNS service.

The problem?
Routers can dynamically maintain a DNS record to resolve to the router's public IP. The problem is that whilst <serial>.sn.mynetname.net resolves the intermediary domain returns a NXDOMAIN (does not exist) response to DNSSEC validating resolvers correctly mark all sub domains as invalid.

Demonstration:
[root@linux-test ~]# nslookup
> set q=any
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> sn.mynetname.net
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find sn.mynetname.net: SERVFAIL
> 8aff0abfe5e9.sn.mynetname.net
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find 8aff0abfe5e9.sn.mynetname.net: SERVFAIL
PS: Microsoft Windows Server DNS can also be set to validate DNSSEC signed responses and will provide the IP associated with the record when it's first queried but will thereafter not return answers as it walks the DNS FQDN and gets an answer that sn.mynetname.net does not exist.

You can see the same information being presented when analyzing the domain using DNSVIZ:
https://dnsviz.net/d/8aff0abfe5e9.sn.my ... et/dnssec/

Who is online

Users browsing this forum: No registered users and 20 guests