BIND 9.2 for NT and Timeout Issues
Danny Mayer
mayer at gis.net
Mon Oct 22 05:48:57 UTC 2001
At 05:42 PM 10/21/01, Kevin Vaughn wrote:
>I am fixing to upgrade my company's internal DNS servers that are running
>BIND 4.9.7. I am using the same zone files. The original zone files don't
>have any host names that BIND 8 and 9 shouldn't support. I rebuilt the BIND
>configuration files from scratch.
>
>I have built a small LAN consisting of four computers, a primary, a slave,
>and two resolvers. This small network is a test network. The real network
>has around 1400 hosts. On my test network I have built the zone that will
>contain all 1400 hosts. On the test network everything works fine.
>
>Today I moved my zones from my test servers to my real servers. Just to
>give you a little more info, the production slave server is doubling as our
>e-mail server. When I bring up the servers there are no problems. I can
>send and receive e-mail externally and internally. I can go to any
>websites, etc. After about ten minutes I start to get resolution timeouts.
>If I use nslookup, I get a message saying my default servers aren't
>available.
Please don't use nslookup, use dig. Does dig timeout?
> In my log I am getting errors like below:
>
>Oct 21 15:07:30.231 resolver: debug 1: createfetch:
>biz.finance.yahoo.akadns.net A
>Oct 21 15:07:32.231 client: warning: client 10.5.1.206#3517: error sending
>response: address not available
>Oct 21 15:07:32.231 client: warning: client 10.6.76.2#1074: error sending
>response: address not available
>Oct 21 15:07:32.231 client: warning: client 10.6.76.2#1074: error sending
>response: address not available
>Oct 21 15:07:34.231 queries: info: client 10.10.43.3#3044: query:
>csb.yahoo.com IN A
>Oct 21 15:07:34.231 client: warning: client 10.10.43.3#3044: error sending
>response: address not available
>Oct 21 15:07:34.231 queries: info: client 10.5.1.206#3517: query:
>biz.yahoo.com IN A
>Oct 21 15:07:34.231 client: warning: client 10.5.1.206#3517: error sending
>response: address not available
>Oct 21 15:07:34.231 queries: info: client 10.6.76.2#1074: query:
>zone.msn.com IN A
>
>Below is the portion of the log right before the errors start occuring:
>
>Oct 21 15:02:29.606 queries: info: client 10.6.59.3#4288: query:
>office.microsoft.com IN A
>Oct 21 15:02:29.606 queries: info: client 10.6.59.3#4288: query:
>office.microsoft.com IN A
>Oct 21 15:02:29.606 queries: info: client 10.10.8.200#1195: query:
>14.1.6.10.in-addr.arpa IN PTR
>Oct 21 15:02:29.606 queries: info: client 10.10.43.3#3041: query:
>csa.yahoo.com.pcca.com IN A
>Oct 21 15:02:29.606 general: debug 1: message has 1 byte(s) of trailing
>garbage
>Oct 21 15:02:29.606 queries: info: client 10.180.8.4#137: query:
>ADS.WEB.AOL.COM.pcca.com IN A
>Oct 21 15:02:37.653 client: warning: client 10.180.8.4#137: error sending
>response: address not available
>Oct 21 15:05:25.653 queries: info: client 10.10.83.2#1396: query:
>www.yahoo.com.pcca.com IN A
>Oct 21 15:05:25.653 client: warning: client 10.10.83.2#1396: error sending
>response: address not available
Those were the messages I was looking for. You can't use the Class A
10.x.x.x IP addresses on a public network. Those have to be behind a
firewall. The test named.conf didn't show any forwarders set up to forward
out of the internal network. Furthermore your domain name is being
appended to the queries. I suspect the client is doing that. For example:
www.yahoo.com.pcca.com.
>There is absolutely nothing in the log that gives any insight into why it
>just started failing. I would be willing to send my zone files if you are
>willing to look at them. I don't want to post them here.
You can send them to me directly. Your log DOES show something: bad
queries. How are they being generated? Do you have a tool doing lookups
or are these real queries?
>On a side note, I haven't generated a rndc.key file. My servers on the test
>network have been working fine without it so I decided to leave it out.
>Could NOT having a key cause the servers to timeout?
Not relevant to the problem.
Danny
More information about the bind-users
mailing list