Bind 9.11 serving up false answers for a single domain.
sami's strat
sami.strat at gmail.com
Wed Feb 10 17:54:05 UTC 2021
Thank you all for responding. One final query about this. I'm seeing this
issue on my production servers at work. Yet, when I run the same queries
at home, I don't see those failed queries. I actually flushed DNS cache,
cleared Linux O/S cache, and even bounced my personal DNS server trying to
reproduce the issue. But I could not.
TIA
On Wed, Feb 10, 2021 at 12:09 AM Mark Andrews <marka at isc.org> wrote:
> Run ‘dig +trace +all internet-dns1.state.ma.us’ which will show you the
> glue
> records then try ‘dig +dnssec +norec internet-dns1.state.ma.us
> @<address>’ for
> all the addresses in the glue records.
>
> e.g.
> dig +dnssec +norec internet-dns1.state.ma.us @146.243.122.17
>
> Mark
>
> > On 10 Feb 2021, at 14:50, sami's strat <sami.strat at gmail.com> wrote:
> >
> > Thanks Mark.
> >
> > However, the traceroute to the hostnamed failed for the same reason.
> Please note:
> >
> > [root at myhost data]# dig internet-dns1.state.ma.us
> >
> > ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>>
> internet-dns1.state.ma.us
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61641
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;internet-dns1.state.ma.us. IN A
> >
> > ;; Query time: 1263 msec
> > ;; SERVER: 192.168.33.12#53(192.168.33.12)
> > ;; WHEN: Tue Feb 09 22:34:15 EST 2021
> > ;; MSG SIZE rcvd: 54
> >
> > [root at myhost data]# dig internet-dns1.state.ma.us +trace
> >
> > ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>>
> internet-dns1.state.ma.us +trace
> > ;; global options: +cmd
> > . 516485 IN NS c.root-servers.net.
> > . 516485 IN NS e.root-servers.net.
> > . 516485 IN NS f.root-servers.net.
> > . 516485 IN NS l.root-servers.net.
> > . 516485 IN NS m.root-servers.net.
> > . 516485 IN NS d.root-servers.net.
> > . 516485 IN NS g.root-servers.net.
> > . 516485 IN NS k.root-servers.net.
> > . 516485 IN NS b.root-servers.net.
> > . 516485 IN NS h.root-servers.net.
> > . 516485 IN NS a.root-servers.net.
> > . 516485 IN NS i.root-servers.net.
> > . 516485 IN NS j.root-servers.net.
> > . 516485 IN RRSIG NS 8 0 518400
> 20210222230000 20210209220000 42351 .
> QCzDH8eHlHVbx4SxIIwk8xnk6ky/q+zRh8KAUfI98lqHcIP4NLxzCe6f
> mC2sNX1VcthEy6Lwnobm8OyJCRpNEHedYrS01aMhAVzUfM+/PJ9MWn0w
> SkmXxyZMJZXF/kl4GDNX0x/GW3+DkeTeZI9+B540Yvj47qJv2bD9nIQG
> NtE7bDze7bgMJkIuBlEzPfwp7YW5ud8qdC6HdUoEMqygwZcWAiQu8gpb
> q21z8W5hcdci1OouDFytNWrXAvfSsuR635+GzSj+RZjYo+447uP7lKsK
> N5aeVQ/BPh5jM32xVO+zwyp7v9Nky1vSP/BchMQ/3cqg3Ee7zobl8OQd CSd/SA==
> > ;; Received 1097 bytes from 192.168.33.12#53(192.168.33.12) in 0 ms
> >
> > us. 172800 IN NS a.cctld.us.
> > us. 172800 IN NS b.cctld.us.
> > us. 172800 IN NS c.cctld.us.
> > us. 172800 IN NS e.cctld.us.
> > us. 172800 IN NS f.cctld.us.
> > us. 172800 IN NS k.cctld.us.
> > us. 86400 IN DS 21364 8 1
> 260D0461242BCF8F05473A08B05ED01E6FA59B9C
> > us. 86400 IN DS 21364 8 2
> B499CFA7B54D25FDE1E6FE93076FB013DAA664DA1F26585324740A1E 6EBDAB26
> > us. 86400 IN RRSIG DS 8 1 86400
> 20210222230000 20210209220000 42351 .
> rujvGB0s2bsqzBuzRliH6QK9vH84ETZV7gZMEhJyzMFofWhj9ZZaNWE/
> VvdA9rC16IOEocvARv2rOqk7G3KTzdkHHZcwcZSQyVqsOIaIywGFuEgd
> viSXF6+M5MocUgEMp5dtt6SBLHG+lE/FV/3HylKSHsxdO/F6PeWKgcBZ
> D4lZQ6w5asmlbdKJKMhlWPp6UaxBE7ACaxndBQixoNqXQuPrXpXi1Fnj
> ntFtTfn57hMyrdTojIJ8X7/HKjCrbm3CL/WJ+VZR051OGCdZVjpUaDXR
> x7G9lDhu3K5clar9PGYyUJM7+RBKzrQJep7HrjL2nZdoTyfY4i33S+EZ sTlTOA==
> > ;; Received 707 bytes from 199.7.91.13#53(d.root-servers.net) in 4 ms
> >
> > state.ma.us. 7200 IN NS
> internet-dns3.state.ma.us.
> > state.ma.us. 7200 IN NS
> internet-dns1.state.ma.us.
> > state.ma.us. 7200 IN NS
> internet-dns2.state.ma.us.
> > state.ma.us. 3600 IN DS 47628 7 2
> 5379F9F747214E5A63416775396BCFF98FA4867AE66E09BCBEBE0DCC 1682C369
> > state.ma.us. 3600 IN DS 41388 7 1
> 36D899932AF794EADD671161515E48FE829BB7FE
> > state.ma.us. 3600 IN DS 41388 7 2
> BBAB433D3853571F42516E70659AF1F85FA4FBA0FDFCEAD4D092592A 00C78769
> > state.ma.us. 3600 IN DS 47628 7 1
> 485E0EE2F7C08FCE51D1E284321242930274833A
> > state.ma.us. 3600 IN RRSIG DS 8 3 3600
> 20210307200856 20210205191212 53985 us.
> O8KqBHzlZsDqrZi0NQO4JEiN0b8j04/Lb8W2uVz5PyrAat1VgZKQ3Ws6
> 6PNtbZDMv6YX6QA8fWFLxNmeJ1/4L3wLu8EKYXaThA9Zxll7mKFj1iPf
> nqiVq5hOo8Ul3inmfM/tjCQ21IHc/v0JZygZNd/h0SxXWlQXi+W3G9LN
> +4z/qxtl9dGD1ka54Ln3MAVxB1Tp4pt0ri4qPLmfGKf/HA==
> > couldn't get address for 'internet-dns3.state.ma.us': not found
> > couldn't get address for 'internet-dns1.state.ma.us': not found
> > couldn't get address for 'internet-dns2.state.ma.us': not found
> > dig: couldn't get address for 'internet-dns3.state.ma.us': no more
> > [root at myhost data]#
> >
> > On Tue, Feb 9, 2021 at 10:10 PM Mark Andrews <marka at isc.org> wrote:
> > Well you could try tracing the addresses of the nameservers for which
> > there where errors reported. It could be as simple as a routing issue
> > between you and these servers.
> >
> > > On 10 Feb 2021, at 13:25, sami's strat <sami.strat at gmail.com> wrote:
> > >
> > > couldn't get address for 'internet-dns1.state.ma.us': not found
> > > couldn't get address for 'internet-dns3.state.ma.us': not found
> > > couldn't get address for 'internet-dns2.state.ma.us': not found
> > > dig: couldn't get address for 'internet-dns1.state.ma.us': no more
> >
> > Yet, I do this on my personal computer at home, and it works without an
> issue.
> >
> > Any other thoughts? TIA
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210210/59747580/attachment.htm>
More information about the bind-users
mailing list