Bind - strange lookup failure

Mark Andrews Mark_Andrews at isc.org
Thu Oct 19 03:19:41 UTC 2006 

> Hello From France,
> 
> Due to hardware issues, I had to reinstall my BIND which works fine before.
> I had reinstalled in first a bind 9-2-4, and following the problem which 
> I will describe, I had upgraded in bind 9.3.2P1, the problem is always 
> present
> 
> Now I have got a critical issue with Bind now :
> 
> The first request is always very long or (sometimes fails), the others 
are ok. ( and lookup failure don't concern all domains, for example the 
> host smtp.wanadoo.fr causes one)
> The first query time for a host or a domain is never under 1200 to 1500 
> ms, which causes failures clients lookup (and "hosts not found" with" 
> mailer-daemon" with my mail system )
> 
> 
> --> I have checked my Bind config with www.dnsreports.com and all seems 
> to be good, idem for zonecheck.fr
> 
> In attachement, you cand find :
>  - a dig.smtp.wanadoo.fr example
> - my named.conf
> - named.conf.options
> - named.conf.local
> 
> Thanks to help me for solving this problem.
> 
> Thank for your help, From France!

	I would be looking for a firewall dropping UDP responses > 512
	octets.  Notice that the response is 517 octets.  Also make
	sure your firewall passes ip fragments.

; <<>> DiG 9.3.2-P1 <<>> smtp.wanadoo.fr +norec @ns.wanadoo.fr +dnssec
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30620
;; flags: qr aa; QUERY: 1, ANSWER: 21, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;smtp.wanadoo.fr.		IN	A

;; ANSWER SECTION:
smtp.wanadoo.fr.	600	IN	A	193.252.22.56
smtp.wanadoo.fr.	600	IN	A	193.252.22.65
smtp.wanadoo.fr.	600	IN	A	193.252.22.78
smtp.wanadoo.fr.	600	IN	A	193.252.22.79
smtp.wanadoo.fr.	600	IN	A	193.252.22.80
smtp.wanadoo.fr.	600	IN	A	193.252.22.81
smtp.wanadoo.fr.	600	IN	A	193.252.22.82
smtp.wanadoo.fr.	600	IN	A	193.252.22.83
smtp.wanadoo.fr.	600	IN	A	193.252.22.89
smtp.wanadoo.fr.	600	IN	A	193.252.22.92
smtp.wanadoo.fr.	600	IN	A	193.252.22.107
smtp.wanadoo.fr.	600	IN	A	193.252.22.116
smtp.wanadoo.fr.	600	IN	A	193.252.22.123
smtp.wanadoo.fr.	600	IN	A	193.252.23.67
smtp.wanadoo.fr.	600	IN	A	193.252.23.107
smtp.wanadoo.fr.	600	IN	A	193.252.23.110
smtp.wanadoo.fr.	600	IN	A	80.12.242.3
smtp.wanadoo.fr.	600	IN	A	80.12.242.6
smtp.wanadoo.fr.	600	IN	A	80.12.242.9
smtp.wanadoo.fr.	600	IN	A	80.12.242.12
smtp.wanadoo.fr.	600	IN	A	80.12.242.15

;; AUTHORITY SECTION:
wanadoo.fr.		600	IN	NS	ns10.wanadoo.fr.
wanadoo.fr.		600	IN	NS	ns11.wanadoo.fr.
wanadoo.fr.		600	IN	NS	ns.wanadoo.fr.
wanadoo.fr.		600	IN	NS	ns2.wanadoo.fr.

;; ADDITIONAL SECTION:
ns.wanadoo.fr.		3600	IN	A	80.12.255.24
ns2.wanadoo.fr.		3600	IN	A	80.12.255.159
ns10.wanadoo.fr.	3600	IN	A	80.12.255.23
ns11.wanadoo.fr.	3600	IN	A	80.12.255.152

;; Query time: 324 msec
;; SERVER: 80.12.255.24#53(80.12.255.24)
;; WHEN: Thu Oct 19 13:15:34 2006
;; MSG SIZE  rcvd: 517

> Christophe Dumonet.
> 
> #######################################################################
> pcdmz01:/home/dumonet# dig smtp.wanadoo.fr
> 
> ; <<>> DiG 9.2.4 <<>> smtp.wanadoo.fr
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8589
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 21, AUTHORITY: 4, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;smtp.wanadoo.fr.               IN      A
> 
> ;; ANSWER SECTION:
> smtp.wanadoo.fr.        243     IN      A       193.252.22.89
> smtp.wanadoo.fr.        243     IN      A       193.252.22.92
> smtp.wanadoo.fr.        243     IN      A       193.252.22.107
> smtp.wanadoo.fr.        243     IN      A       193.252.22.116
> smtp.wanadoo.fr.        243     IN      A       193.252.22.123
> smtp.wanadoo.fr.        243     IN      A       193.252.23.67
> smtp.wanadoo.fr.        243     IN      A       193.252.23.107
> smtp.wanadoo.fr.        243     IN      A       193.252.23.110
> smtp.wanadoo.fr.        243     IN      A       80.12.242.3
> smtp.wanadoo.fr.        243     IN      A       80.12.242.6
> smtp.wanadoo.fr.        243     IN      A       80.12.242.9
> smtp.wanadoo.fr.        243     IN      A       80.12.242.12
> smtp.wanadoo.fr.        243     IN      A       80.12.242.15
> smtp.wanadoo.fr.        243     IN      A       193.252.22.56
> smtp.wanadoo.fr.        243     IN      A       193.252.22.65
> smtp.wanadoo.fr.        243     IN      A       193.252.22.78
> smtp.wanadoo.fr.        243     IN      A       193.252.22.79
> smtp.wanadoo.fr.        243     IN      A       193.252.22.80
> smtp.wanadoo.fr.        243     IN      A       193.252.22.81
> smtp.wanadoo.fr.        243     IN      A       193.252.22.82
> smtp.wanadoo.fr.        243     IN      A       193.252.22.83
> 
> ;; AUTHORITY SECTION:
> wanadoo.fr.             243     IN      NS      ns2.wanadoo.fr.
> wanadoo.fr.             243     IN      NS      ns10.wanadoo.fr.
> wanadoo.fr.             243     IN      NS      ns11.wanadoo.fr.
> wanadoo.fr.             243     IN      NS      ns.wanadoo.fr.
> 
> ;; Query time: 1249 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Oct 16 10:12:39 2006
> ;; MSG SIZE  rcvd: 442
> ##############################################################
> 
> 
> 
> named.conf
> ################################################################
> include "/etc/bind/named.conf.options";
> 
> // prime the server with knowledge of the root servers
> zone "." {
>         type hint;
>         file "/etc/bind/named.ca";
> };
> 
> zone "localhost" {
>         type master;
>         file "/etc/bind/db.local";
> };
> 
> zone "127.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.127";
> };
> 
> zone "0.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.0";
> };
> 
> zone "255.in-addr.arpa" {
>         type master;
>         file "/etc/bind/db.255";
> };
> 
> // zone "com" { type delegation-only; };
> // zone "net" { type delegation-only; };
> 
> include "/etc/bind/named.conf.local";
> 
> ############fin de named.conf########################################
> 
> named.conf.options
> ##################################################################
> options {
>         directory "/etc/bind";
> 
>         //recursion no;
> 
>         // If there is a firewall between you and nameservers you want
>         // to talk to, you might need to uncomment the query-source
>         // directive below.  Previous versions of BIND always asked
>         // questions using port 53, but BIND 8.1 and later use an 
> unprivileged
>         // port by default.
> 
>         query-source address * port 53;
> 
>         // If your ISP provided one or more IP addresses for stable
>         // nameservers, you probably want to use them as forwarders.
>         // Uncomment the following block, and insert the addresses replacing
>         // the all-0's placeholder.
> 
>         // forwarders {
>         //      0.0.0.0;
>         // };
> 
>         allow-recursion {
>                 my-internal-and external-network
>         };
> 
>         auth-nxdomain no;    # conform to RFC1035
>         //listen-on-v6 { any; };
> 
>         tcp-clients 500;
>         recursive-clients 5000;
> 
> };
> #####################################################################
> 
> named.conf.local
> ######################################################################
> zone "ifma.fr" {
>         type master;
>         file "/etc/bind/ifma.fr";
> };
> 
> zone "231.54.193.in-addr.arpa" {
>         type master;
>         file "/etc/bind/231.54.193";
> };
> ######################################################################
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list