Problem with 8.3.3 and SERVFAIL.
Greg Prosser
gregp at blackened.net
Tue Jul 9 03:18:31 UTC 2002
Feel free to thwack me with a cluebat if this is a stupid question, but I
have an issues with 8.3.3 that is "fixed" by downgrading to 8.2.x. I
haven't narrowed down the bug any farther than that. Obviously, for
security reasons, I'd like to use the newest version but this bug breaks
customers, so I don't really have a choice.
Example of bug:
dig @ns domain.com
The dig output shows a 10M ttl. So, I try in 10M, and sure enough, I get
an answer back with TTL 0. All good so far. If I try again, though,
rather than returning another answer with a new TTL of ten minutes (as
you'd expect to happen if the cache has expired, and bind has to go fetch
an answer again), bind returns SERVFAIL and continues to do so until named
is restarted.
8.2.x seems unaffected by this, and responds with the correct answer after
it expires.
I used a private server, since the one I was working on is far too busy,
and saw the following with -d 9 and -f on the command line:
[... output from last working query for the information, showing TTL 0]
datagram from [censored-dns-client-ip].1599, fd 20, len 29
ns_req(from [censored-dns-client-ip].1599)
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; censored-example-domain.com, type = A, class = IN
XX+/censored-dns-client-ip/censored-example-domain.com/A/IN
req: nlookup(censored-example-domain.com) id 4 type=1 class=1
req: found 'censored-example-domain.com' as 'censored-example-domain.com'
(cname=0)
stale: ttl 1026179251 -1 (x2)
stale: ttl 1026179251 -1 (x2)
stale: ttl 1026179251 -1 (x2)
delete_all(0x81070a0:"censored-example-domain" IN A)
rm_datum(812d9fc, 810f030, 810f060, 0) -> 812da20
rm_datum(812da20, 810f030, 810f060, 0) -> 8138000
wanted(0x810f030, IN A) [IN NS]
wanted(0x810f060, IN A) [IN NS]
wanted(0x8138000, IN A) [IN SOA]
findns: np 0x81070a0 'censored-example-domain'
findns: 2 NS's added for 'censored-example-domain'
ns_forw()
qnew(0x812e368)
find_zone(censored-example-domain.com, 1)
find_zone: unknown zone
find_zone(com, 1)
find_zone: unknown zone
find_zone(., 1)
find_zone: existing zone 1
nslookup(nsp=0xbfbfda1c, qp=0x812e368, "censored-example-domain.com", d=0)
nslookup: NS "NS1.censored-example-domain.com" c=1 t=2 (flags 0x2)
nslookup: NS "NS2.censored-example-domain.com" c=1 t=2 (flags 0x2)
nslookup: 0 ns addrs total
ns_forw: query(censored-example-domain.com) No possible A RRs
forw: nslookup reports danger
ns_freeqry(0x812e368)
ns_req: answer -> [censored-dns-client-ip].1599 fd=20 id=4 size=29 rc=2
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; censored-example-domain.com, type = A, class = IN
[.. repeated output with further queries]
I've censored my client IP and the domains name, as I don't want my client
freaking out getting 934234 queries from list members. I can provide it
off-list if someone wants to offer debug help.
Help?
(Please CC: replies to me as I'm not on the list)
-gnp
More information about the bind-users
mailing list