Strange failure with recursive zen.spamhaus.org NS query
Ronan Flood
usenet at umbral.org.uk
Fri Feb 15 15:27:57 UTC 2008
Simeon Miteff <simeon.miteff at uct.ac.za> wrote:
> When I followed Mark's advice and did some packet dumps, I discovered
> that bind is receiving a response from one of the spamhaus.org name
> servers, but not sending that to the client.
Looking at your log, it gets a referral from the parent zone rather than
an answer, so it tries to follow that. No point returning a referral to
the client.
> I reproduced the behavior on my Debian workstation with bind 9.4.2, from
> where I am able to resolve the NS records for zen.spamhaus.org using
> dig, directly.
Directly as in, say, "dig @65.182.198.204 zen.spamhaus.org. ns +norec" ?
> A debug log is available at:
> http://filterline.its.uct.ac.za/~smiteff/bind_issues/debug_log.txt
>
> Bind seems to receive the response at "15-Feb-2008 12:54:51.552", but
Again, that's a referral.
> I'm unable to figure out exactly where it decides to discard it (perhaps
> the 12th line from the end of the log?). I've copied the bind config
> files into the same directory above.
All those timeouts as it tries to chase the referral make it look
like maybe Spamhaus have blackholed you. Are you a heavy user?
www.spamhaus.org/organization/dnsblusage.html
--
Ronan Flood <usenet at umbral.org.uk>
More information about the bind-users
mailing list