Upgrade to 8.2.1 causing problems

Geoff Steer Geoff.Steer at fujitsu.com.au
Wed Aug 11 10:26:10 UTC 1999 

We've recently updated the hardware of our name server and took the
opportunity to upgrade to a later version of BIND. All seems well except
for certain queries.

1. If I try a lookup to www.microsoft.com it fails except for the first
lookup after a named restart.

2. A lookup to gateway.compuserve.com will fail at least half of the
time.
[This is fairly serious for us as we provide the help desk/support for
Compuserve Pacific]
There may well be others' that fail, but these ones were giving
repeatable results.
I'm using dig on the new nameserver i.e

dig www.microsoft.com

The error returned for both sites is a timeout.
Trying a ping from an NT or W95 workstation (just to force a lookup)
gives an error:

'Bad IP address www.microsoft.com'

If the same queries are made via the old nameserver (dnshost), they work
e.g.

dig @dnshost.fujitsu.com.au www.microsoft.au

The same queries aimed at the firewall DNS also work.

The only thing that we have noticed about both of these sites is that
the TTL for records is short, in the case of www.microsoft.com it's 0
seconds. Other queries seem OK.

The configuration for our servers is:
New Server (mailhost) running BIND 8.2.1 (Linux RedHat 6.0)
Old Server (dnshost) running BIND 8.1.1 (Linux Slackware 3.?)

Both are set up as primary DNS for the fujitsu.com.au domain
and are set to forward to the DNS running on the firewall for unresolved
queries. The new server is also configured for a number of forward zones
so we can access other domains to which we connect directly i.e. not via
internet. I have tried the same tests with these zones disabled and the
results are the same.
The firewall is running Solaris 2.5.1 and  BIND 4.9.3-P1 which provide
the Internet view of fujitsu.com.au.

The named log on mailhost occassionally shows the error (from the
firewall named):

Malformed response (dn_expand failed in query)

But not enough to indicate that it is happening for each failed query.

I've tried adding 'added has-old-clients' to named.conf but this makes
no difference.

I feel it's incompatability problem between the 8.2.1 and 4.9.3 servers 
but I can't think of any way to prove this, short of installing 8.2.1 on
the firewall.

Hope someone can shed some light on this. I haven't included the full
named.conf(s) in order to keep the posting to a readable limit, but I'm
will to do this should it be required.

Regards
Geoff Steer
Fujitsu Australia Ltd.

More information about the bind-users mailing list