your mail

Diego Garcia diegargon at gmail.com
Fri Jan 14 22:58:09 UTC 2022 

 Hello

Still with problems. That setup was running fine for few years.
Bind Server is on DMZ and doing NAT for the local net. Test Server is
behing NAT

Must have another problem

I try this days a lot of things and nothing works, think in try reinstall
but i preferred to know what happened and solve it

I increase logging and give some additional data but i not understand if is
relevant.

lots of :

adb reached high water mark
DNS_EVENT_ADBNOMOREADDRESSE

network unreachable resolving 'play.google.com/A/IN': 216.239.36.10#53
timed out resolving 'google.com/A/IN': 1.1.1.1#53
(first unreacheable then timeout)

08-Jan-2022 00:14:21.588 expire_v4 set to MIN(2147483647,1641597271)
import_rdataset
08-Jan-2022 00:14:21.588 dns_adb_createfind: found A for name
m.root-servers.net (0x7f901a5e53a0) in db
08-Jan-2022 00:14:21.644 delete_node(): 0x7f901a73b450
static-assets-prod.s3.amazonaws.com (bucket 17)
08-Jan-2022 00:14:21.648 dns_adb_destroyfind on find 0x7f901a5eb110
08-Jan-2022 00:14:21.648 dns_adb_destroyfind on find 0x7f901a5eef10

08-Jan-2022 00:23:40.915 dispatch 0x7f901435e1f0 response 0x7f901a355ca8
198.97.190.53#53: attached to task 0x7f901a81f5f8
08-Jan-2022 00:23:41.023 dispatch 0x7f901435e1f0 response 0x7f901a355ca8
198.97.190.53#53: detaching from task 0x7f901a81f5f8
08-Jan-2022 00:23:41.023 dispatch 0x7f901435e1f0: detach: refcount 2
08-Jan-2022 00:23:41.039 dispatchmgr 0x7f901e3451c8: destroy_mgr_ok:
shuttingdown=1, listnonempty=1, depool=7, rpool=0, dpool=7
08-Jan-2022 00:23:41.039 dispatch 0x7f901435caf0: shutting down; detaching
from sock (nil), task 0x7f901a626880

08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
starting
08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
attempting insecurity proof
08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
checking existence of DS at 'net'
08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
checking existence of DS at 'whatsapp.net'
08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
marking as answer (proveunsecure (4))
08-Jan-2022 00:22:31.479 view internal: validator @0x7f9004034a70:
dns_validator_destroy

Some:
success/success [domain:ifconfig.me
,referral:0,restart:1,qrysent:1,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
timed out resolving 'android.l.google.com/A/IN': 1.1.1.1#53
broken trust chain resolving '_.clients6.google.com/A/IN': 216.239.34.10#53


And the tiemout error:
timed out/success [domain:google.com
,referral:0,restart:4,qrysent:13,timeout:12,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]



thanks

ps: sorry list for wrong subject

On Wed, Jan 12, 2022 at 1:15 PM Tony Finch <dot at dotat.at> wrote:

> Diego Garcia <diegargon at gmail.com> wrote:
> >
> > Each 20/30 minutes and lasting about 5 minutes i got 'timeout' in bind
> > querys. After that time everything works fine again.
> >
> > My bind server got response (from 0.1 to 2 seconds) but reply with a ICMP
> > 'port unreachable'.
> >
> > Any idea the problem or what i can check?
> >
> > Firewall is off while testing.
> >
> > My bind server is a NAT router.
>
> It sounds like the NAT is interfering with BIND's resolver. In general,
> NAT (as well as stateful firewalls) do not work well with the DNS, because
> UDP port randomization uses a lot of (mostly useless) connection-tracking
> state. So it's best to put a full service resolver outside a NAT if
> possible.
>
> In your case, I guess there are several possible IP addresses that BIND
> can use as the query source address. Try setting the query-source option
> in named.conf to an IP address that's outside the NAT. You will need to
> use tcpdump to verify that the right packets with the right addresses are
> appearing on the wire.
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  https://dotat.at/
> Portland, Plymouth: Northeast, veering east or southeast, 3 or 4.
> Slight or moderate, occasionally rough at first in Plymouth. Fog
> patches at first in south. Moderate or good, occasionally very poor at
> first in south.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220114/54e17e68/attachment.htm>

More information about the bind-users mailing list