Bind 9.11 serving up false answers for a single domain.
Paul Kosinski
bind at iment.com
Wed Feb 10 05:00:38 UTC 2021
Do you know about mxtoolbox.com? It (and other similar sites) does a good job of diagnosing DNS-related problems. I use it now and then to check out my own sites, as it gives a "second opinion".
In particular its "DNS Lookup' function reported the following for "internet-dns1.state.ma.us"
Type Domain Name IP Address TTL
A internet-dns1.state.ma.us 170.63.70.36 15 min
...
Reported by internet-dns3.state.ma.us on 2/9/2021 at 10:44:08 PM (UTC -6), just for you.
But its "DNS Check" function them reported
dns:internet-dns1.state.ma.us
No Results Found
...
Reported by internet-dns2.state.ma.us on 2/9/2021 at 10:51:04 PM (UTC -6)
and later
...
Reported by internet-dns3.state.ma.us on 2/9/2021 at 10:54:13 PM (UTC -6)
Strange indeed: sounds like they have problems.
On Tue, 9 Feb 2021 22:50:19 -0500
"sami's strat" <sami.strat at gmail.com> wrote:
> Thanks Mark.
>
> However, the traceroute to the hostnamed failed for the same reason.
> Please note:
>
> [root at myhost data]# dig internet-dns1.state.ma.us
>
>
>
> ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> internet-dns1.state.ma.us
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61641
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 4096
>
> ;; QUESTION SECTION:
>
> ;internet-dns1.state.ma.us. IN A
>
>
>
> ;; Query time: 1263 msec
>
> ;; SERVER: 192.168.33.12#53(192.168.33.12)
>
> ;; WHEN: Tue Feb 09 22:34:15 EST 2021
>
> ;; MSG SIZE rcvd: 54
>
>
>
> [root at myhost data]# dig internet-dns1.state.ma.us +trace
>
>
>
> ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> internet-dns1.state.ma.us
> +trace
>
> ;; global options: +cmd
>
> . 516485 IN NS c.root-servers.net.
>
> . 516485 IN NS e.root-servers.net.
>
> . 516485 IN NS f.root-servers.net.
>
> . 516485 IN NS l.root-servers.net.
>
> . 516485 IN NS m.root-servers.net.
>
> . 516485 IN NS d.root-servers.net.
>
> . 516485 IN NS g.root-servers.net.
>
> . 516485 IN NS k.root-servers.net.
>
> . 516485 IN NS b.root-servers.net.
>
> . 516485 IN NS h.root-servers.net.
>
> . 516485 IN NS a.root-servers.net.
>
> . 516485 IN NS i.root-servers.net.
>
> . 516485 IN NS j.root-servers.net.
>
> . 516485 IN RRSIG NS 8 0 518400
> 20210222230000 20210209220000 42351 .
> QCzDH8eHlHVbx4SxIIwk8xnk6ky/q+zRh8KAUfI98lqHcIP4NLxzCe6f
> mC2sNX1VcthEy6Lwnobm8OyJCRpNEHedYrS01aMhAVzUfM+/PJ9MWn0w
> SkmXxyZMJZXF/kl4GDNX0x/GW3+DkeTeZI9+B540Yvj47qJv2bD9nIQG
> NtE7bDze7bgMJkIuBlEzPfwp7YW5ud8qdC6HdUoEMqygwZcWAiQu8gpb
> q21z8W5hcdci1OouDFytNWrXAvfSsuR635+GzSj+RZjYo+447uP7lKsK
> N5aeVQ/BPh5jM32xVO+zwyp7v9Nky1vSP/BchMQ/3cqg3Ee7zobl8OQd CSd/SA==
>
> ;; Received 1097 bytes from 192.168.33.12#53(192.168.33.12) in 0 ms
>
>
>
> us. 172800 IN NS a.cctld.us.
>
> us. 172800 IN NS b.cctld.us.
>
> us. 172800 IN NS c.cctld.us.
>
> us. 172800 IN NS e.cctld.us.
>
> us. 172800 IN NS f.cctld.us.
>
> us. 172800 IN NS k.cctld.us.
>
> us. 86400 IN DS 21364 8 1
> 260D0461242BCF8F05473A08B05ED01E6FA59B9C
>
> us. 86400 IN DS 21364 8 2
> B499CFA7B54D25FDE1E6FE93076FB013DAA664DA1F26585324740A1E 6EBDAB26
>
> us. 86400 IN RRSIG DS 8 1 86400 20210222230000
> 20210209220000 42351 .
> rujvGB0s2bsqzBuzRliH6QK9vH84ETZV7gZMEhJyzMFofWhj9ZZaNWE/
> VvdA9rC16IOEocvARv2rOqk7G3KTzdkHHZcwcZSQyVqsOIaIywGFuEgd
> viSXF6+M5MocUgEMp5dtt6SBLHG+lE/FV/3HylKSHsxdO/F6PeWKgcBZ
> D4lZQ6w5asmlbdKJKMhlWPp6UaxBE7ACaxndBQixoNqXQuPrXpXi1Fnj
> ntFtTfn57hMyrdTojIJ8X7/HKjCrbm3CL/WJ+VZR051OGCdZVjpUaDXR
> x7G9lDhu3K5clar9PGYyUJM7+RBKzrQJep7HrjL2nZdoTyfY4i33S+EZ sTlTOA==
>
> ;; Received 707 bytes from 199.7.91.13#53(d.root-servers.net) in 4 ms
>
>
>
> state.ma.us. 7200 IN NS internet-dns3.state.ma.us.
>
> state.ma.us. 7200 IN NS internet-dns1.state.ma.us.
>
> state.ma.us. 7200 IN NS internet-dns2.state.ma.us.
>
> state.ma.us. 3600 IN DS 47628 7 2
> 5379F9F747214E5A63416775396BCFF98FA4867AE66E09BCBEBE0DCC 1682C369
>
> state.ma.us. 3600 IN DS 41388 7 1
> 36D899932AF794EADD671161515E48FE829BB7FE
>
> state.ma.us. 3600 IN DS 41388 7 2
> BBAB433D3853571F42516E70659AF1F85FA4FBA0FDFCEAD4D092592A 00C78769
>
> state.ma.us. 3600 IN DS 47628 7 1
> 485E0EE2F7C08FCE51D1E284321242930274833A
>
> state.ma.us. 3600 IN RRSIG DS 8 3 3600 20210307200856
> 20210205191212 53985 us.
> O8KqBHzlZsDqrZi0NQO4JEiN0b8j04/Lb8W2uVz5PyrAat1VgZKQ3Ws6
> 6PNtbZDMv6YX6QA8fWFLxNmeJ1/4L3wLu8EKYXaThA9Zxll7mKFj1iPf
> nqiVq5hOo8Ul3inmfM/tjCQ21IHc/v0JZygZNd/h0SxXWlQXi+W3G9LN
> +4z/qxtl9dGD1ka54Ln3MAVxB1Tp4pt0ri4qPLmfGKf/HA==
>
> couldn't get address for 'internet-dns3.state.ma.us': not found
>
> couldn't get address for 'internet-dns1.state.ma.us': not found
>
> couldn't get address for 'internet-dns2.state.ma.us': not found
>
> dig: couldn't get address for 'internet-dns3.state.ma.us': no more
>
> [root at myhost data]#
>
> On Tue, Feb 9, 2021 at 10:10 PM Mark Andrews <marka at isc.org> wrote:
>
> > Well you could try tracing the addresses of the nameservers for which
> > there where errors reported. It could be as simple as a routing issue
> > between you and these servers.
> >
> > > On 10 Feb 2021, at 13:25, sami's strat <sami.strat at gmail.com> wrote:
> > >
> > > couldn't get address for 'internet-dns1.state.ma.us': not found
> > > couldn't get address for 'internet-dns3.state.ma.us': not found
> > > couldn't get address for 'internet-dns2.state.ma.us': not found
> > > dig: couldn't get address for 'internet-dns1.state.ma.us': no more
> >
> > Yet, I do this on my personal computer at home, and it works without an
> > issue.
>
>
> Any other thoughts? TIA
More information about the bind-users
mailing list