Some domains don't resolve.

Ezequiel Aguerre ezeaguerrelistas at gmail.com
Fri May 30 07:27:54 UTC 2008 

Hi all!!
I was trying to set up a DNS server (with a really basic configuration) but
I've a problem: Some domains don't get resolved.
I'll start with my configuration: I have a router doing NAT, the D-Link
DI-604, all others computers are behind that router, including the DNS
server. My configuration file is pretty simple:

options {
    directory "/var/bind";

    recursion yes;
    forward first;
    forwarders {
        10.0.0.254;
    };

    listen-on-v6 { none; };
        listen-on { any; };

    pid-file "/var/run/named/named.pid";
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "localhost" IN {
    type master;
    file "pri/localhost.zone";
    allow-update { none; };
    notify no;
};

zone "127.in-addr.arpa" IN {
    type master;
    file "pri/127.zone";
    allow-update { none; };
    notify no;
};

If I do: "host www.google.com localhost" it works fine, but it doesn't with
www.google.com.ar, however, the following sequence does work:

$ host www.google.com.ar 10.0.0.3
Using domain server:
Name: 10.0.0.3
Address: 10.0.0.3#53
Aliases:

Host www.google.com.ar not found: 2(SERVFAIL)

$ host -t ANY www.google.com.ar 10.0.0.3
Using domain server:
Name: 10.0.0.3
Address: 10.0.0.3#53
Aliases:

www.google.com.ar is an alias for www.google.com.

$ host www.google.com.ar 10.0.0.3
Using domain server:
Name: 10.0.0.3
Address: 10.0.0.3#53
Aliases:

www.google.com.ar is an alias for www.google.com.
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 74.125.47.147
www.l.google.com has address 74.125.47.99
www.l.google.com has address 74.125.47.103
www.l.google.com has address 74.125.47.104

So, I can't query the address until I query for ANY. Why is that?, this is
what the server says:

$ named -4g
30-May-2008 03:50:18.360 starting BIND 9.4.2 -4g
30-May-2008 03:50:18.363 loading configuration from '/etc/bind/named.conf'
30-May-2008 03:50:18.363 listening on IPv4 interface lo, 127.0.0.1#53
30-May-2008 03:50:18.364 listening on IPv4 interface eth0, 10.0.0.3#53
30-May-2008 03:50:18.369 automatic empty zone: 254.169.IN-ADDR.ARPA
30-May-2008 03:50:18.369 automatic empty zone: 2.0.192.IN-ADDR.ARPA
30-May-2008 03:50:18.369 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
30-May-2008 03:50:18.369 automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
30-May-2008 03:50:18.369 automatic empty zone:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
30-May-2008 03:50:18.369 automatic empty zone: D.F.IP6.ARPA
30-May-2008 03:50:18.369 automatic empty zone: 8.E.F.IP6.ARPA
30-May-2008 03:50:18.369 automatic empty zone: 9.E.F.IP6.ARPA
30-May-2008 03:50:18.369 automatic empty zone: A.E.F.IP6.ARPA
30-May-2008 03:50:18.369 automatic empty zone: B.E.F.IP6.ARPA
30-May-2008 03:50:18.372 command channel listening on 127.0.0.1#953
30-May-2008 03:50:18.372 ignoring config file logging statement due to -g
option
30-May-2008 03:50:18.373 zone 127.in-addr.arpa/IN: loaded serial 2002081601
30-May-2008 03:50:18.374 zone localhost/IN: loaded serial 2002081601
30-May-2008 03:50:18.375 running
30-May-2008 03:50:37.922 FORMERR resolving 'www.google.com.ar/A/IN':
10.0.0.254#53
30-May-2008 03:50:37.967 FORMERR resolving 'www.google.com.ar/A/IN':
192.112.36.4#53
30-May-2008 03:50:38.020 FORMERR resolving 'www.google.com.ar/A/IN':
192.58.128.30#53
30-May-2008 03:50:38.061 FORMERR resolving 'www.google.com.ar/A/IN':
192.36.148.17#53
30-May-2008 03:50:38.146 FORMERR resolving 'www.google.com.ar/A/IN':
128.63.2.53#53
30-May-2008 03:50:38.174 FORMERR resolving 'www.google.com.ar/A/IN':
128.8.10.90#53
30-May-2008 03:50:38.202 FORMERR resolving 'www.google.com.ar/A/IN':
192.33.4.12#53
30-May-2008 03:50:38.257 FORMERR resolving 'www.google.com.ar/A/IN':
198.41.0.4#53
30-May-2008 03:50:38.347 FORMERR resolving 'www.google.com.ar/A/IN':
202.12.27.33#53
30-May-2008 03:50:38.387 FORMERR resolving 'www.google.com.ar/A/IN':
192.5.5.241#53
30-May-2008 03:50:38.416 FORMERR resolving 'www.google.com.ar/A/IN':
199.7.83.42#53
30-May-2008 03:50:38.461 FORMERR resolving 'www.google.com.ar/A/IN':
192.203.230.10#53
30-May-2008 03:50:38.554 FORMERR resolving 'www.google.com.ar/A/IN':
192.228.79.201#53
30-May-2008 03:50:38.584 FORMERR resolving 'www.google.com.ar/A/IN':
193.0.14.129#53
30-May-2008 03:50:38.662 FORMERR resolving 'www.google.com.ar/A/IN':
10.0.0.254#53
30-May-2008 03:50:38.687 FORMERR resolving 'www.google.com.ar/A/IN':
128.8.10.90#53
30-May-2008 03:50:38.737 FORMERR resolving 'www.google.com.ar/A/IN':
192.33.4.12#53
30-May-2008 03:50:38.764 FORMERR resolving 'www.google.com.ar/A/IN':
199.7.83.42#53
30-May-2008 03:50:38.791 FORMERR resolving 'www.google.com.ar/A/IN':
193.0.14.129#53
30-May-2008 03:50:38.839 FORMERR resolving 'www.google.com.ar/A/IN':
192.5.5.241#53
30-May-2008 03:50:38.864 FORMERR resolving 'www.google.com.ar/A/IN':
192.36.148.17#53
30-May-2008 03:50:38.891 FORMERR resolving 'www.google.com.ar/A/IN':
192.203.230.10#53
30-May-2008 03:50:38.917 FORMERR resolving 'www.google.com.ar/A/IN':
192.58.128.30#53
30-May-2008 03:50:38.944 FORMERR resolving 'www.google.com.ar/A/IN':
198.41.0.4#53
30-May-2008 03:50:39.004 FORMERR resolving 'www.google.com.ar/A/IN':
128.63.2.53#53
30-May-2008 03:50:39.028 FORMERR resolving 'www.google.com.ar/A/IN':
202.12.27.33#53
30-May-2008 03:50:39.054 FORMERR resolving 'www.google.com.ar/A/IN':
192.228.79.201#53
30-May-2008 03:50:39.139 FORMERR resolving 'www.google.com.ar/A/IN':
192.112.36.4#53

It seems it tries asking the router, when it fails it asks to the root
servers, failing again... I haven't detected anything strange (at least to
me) sniffing, except for one thing: the "Additional records" section of the
package (as shown by Wireshark) contains the following line:

<Root>: type OPT

does it mean BIND is asking for Root nameservers? I guess so because one of
the answers is this one:

    Answers
        <Root>: type NS, class IN, ns b.root-servers.net
        <Root>: type NS, class IN, ns c.root-servers.net
        <Root>: type NS, class IN, ns d.root-servers.net
        <Root>: type NS, class IN, ns e.root-servers.net
        <Root>: type NS, class IN, ns f.root-servers.net
        <Root>: type NS, class IN, ns i.root-servers.net
        <Root>: type NS, class IN, ns j.root-servers.net
        <Root>: type NS, class IN, ns k.root-servers.net
        <Root>: type NS, class IN, ns l.root-servers.net
        <Root>: type NS, class IN, ns m.root-servers.net
        <Root>: type NS, class IN, ns a.root-servers.net
        <Root>: type NS, class IN, ns ns4.catcher.co.uk
        <Root>: type NS, class IN, ns ns2.catcher.co.uk
        <Root>: type NS, class IN, ns ns2.i-business.co.uk
        <Root>: type NS, class IN, ns ns0.expireddomainservices.com
        <Root>: type NS, class IN, ns ns1.expireddomainservices.com
    Authoritative nameservers
        <Root>: type NS, class IN, ns b.root-servers.net
        <Root>: type NS, class IN, ns c.root-servers.net
        <Root>: type NS, class IN, ns d.root-servers.net
        <Root>: type NS, class IN, ns e.root-servers.net
        <Root>: type NS, class IN, ns f.root-servers.net
        <Root>: type NS, class IN, ns i.root-servers.net
        <Root>: type NS, class IN, ns j.root-servers.net
        <Root>: type NS, class IN, ns k.root-servers.net
        <Root>: type NS, class IN, ns l.root-servers.net
        <Root>: type NS, class IN, ns m.root-servers.net
        <Root>: type NS, class IN, ns a.root-servers.net
        <Root>: type NS, class IN, ns ns4.catcher.co.uk
        <Root>: type NS, class IN, ns ns2.catcher.co.uk

Why would I want the root servers? I already have them in the "hint" file.
Oh, and the answer to the original query is this:

Domain Name System (response)
    [Request In: 3]
    [Time: 0.027288000 seconds]
    Transaction ID: 0x8f66
    Flags: 0x8180 (Standard query response, No error)
    Questions: 1
    Answer RRs: 6
    Authority RRs: 4
    Additional RRs: 4
    Queries
    Answers
        www.google.com.ar: type CNAME, class IN, cname www.google.com
        www.google.com: type CNAME, class IN, cname www.l.google.com
        www.l.google.com: type A, class IN, addr 74.125.47.147
        www.l.google.com: type A, class IN, addr 74.125.47.99
        www.l.google.com: type A, class IN, addr 74.125.47.103
        www.l.google.com: type A, class IN, addr 74.125.47.104
    Authoritative nameservers
        google.com.ar: type NS, class IN, ns ns1.google.com
        google.com.ar: type NS, class IN, ns ns2.google.com
        google.com.ar: type NS, class IN, ns ns3.google.com
        google.com.ar: type NS, class IN, ns ns4.google.com
    Additional records
        ns1.google.com: type A, class IN, addr 216.239.32.10
        ns2.google.com: type A, class IN, addr 216.239.34.10
        ns3.google.com: type A, class IN, addr 216.239.36.10
        ns4.google.com: type A, class IN, addr 216.239.38.10

What's wrong with that? Shouldn't that work? The worst of all is this two
answers (www.google.com.ar and the root servers) get repeated with each
query to the servers. What I mean is: For every server (10.0.0.254 and all
the root servers) a query is made, and the answers are those two packets
above.

I hope it's something easy to get around :)
Thank you all in advance!!!

P.S: Sorry for my english :(
P.S2: I've searched for this in Google and the archives of this mailing
list, but I've found nothing usefull... :(

--
Ezequiel R. Aguerre

More information about the bind-users mailing list