Server failed Errors from the Outside
Bill Chatfield
bill.chatfield at netcommunity.com
Sun Nov 28 00:36:26 UTC 1999
I am having a problem resolving host names on our network from the
outside. By this I mean when you use a name server other than our own
primary name server to resolve names in our domain. I call these
"indirect" queries because the outside name server has to ask a root
name server for our name server's address and then contact our name
server. Technically this is a recursive lookup, but "indirect" makes
much more sense to me because "recursive" is too vague to convey any
useful information.
I am using bind 4.9.3 P1 on Solaris 2.5.1. I have applied the current
patch, 103663-15, from Sun. I have installed bind 8.2.2 P5 and it has
the same problem. I have been over the config files many times and can
find no errors in them.
All host names resolve correctly as long as you are on a machine in our
domain, netcommunity.com, resolving names using our primary name
server. The problem only occurs when you use a name server other than
our primary.
Sometimes a particular subset of our host names will resolve from the
outside and the rest will not resolve. They return a "Server failed"
error with nslookup. After some unknown period of time, the subset
changes. Other hosts will resolve and others won't.
I have set up an additional name server (Red Hat Linux 6.0, bind 8.2,
hereafter called "test") on our network so that I can test "indirect"
queries to our primary name server, because this is the only time the
error occurs.
I have figured out that if I specify a TTL value of 0 in the SOA record
for the domain in the primary name server, restart the test name server,
and run indirect queries through the test name server, the problem does
not occur. So, I think it has something to do with the cache.
With a normal TTL value (after a restart), the test name server will
indirectly resolve the first host name I ask it to resolve. It is a
caching only name server and is supposed to ask our primary name server
(through a root name server) for all host names on netcommunity.com.
Every host name query after the first results in a "Server falied"
error. Running snoop on the primary name server, I can see that the
test name server never contacts the primary name server for all lookups
following the first one. It does contact the primary for the first
lookup. It always contacts a root name server.
I've found the debug output of named to be impossible to read, but I
have seen ncache messages indicating that negative responses are being
cached.
I've attached the db file for netcommunity.com.
You can test this situation by doing this:
nslookup www.netcommunity.com ns1.kreber.com
nslookup pokey.netcommunity.com ns1.kreber.com
which will work every time. ns1.kreber.com is our primary name server.
Then try this:
nslookup www.netcommunity.com ns.redhat.com
nslookup pokey.netcommunity.com ns.redhat.com
nslookup jhad.netcommunity.com ns.redhat.com
One of those at any given time will not work, even though they are valid
names. You can substitue gumby.netcommunity.com or your name server for
ns.redhat.com. gumby has the name server I set up to run tests.
I really have no clue why this is happening. I'm hoping you can help.
If you need any additional information, let me know and I'll provide
it. Thanks.
--
Bill Chatfield - Vice President of Technology - NetCommunity
bill.chatfield at netcommunity.com
670 Harmon Avenue, Columbus, Ohio 43223
Phone: (614) 228-9977, FAX: (614) 228-2115
-- Attached file included as plaintext by Listar --
-- File: db.netcommunity.com
; ---------------------------------------------------------------------------
; This table was created by Bill Haase Internet Media Properties on Jan 27, 1998
; Emergency Contact is Bill Haase, Pager (614) 731-9033 Mobile (614) 207-4257
; ---------------------------------------------------------------------------
$ORIGIN netcommunity.com.
@ IN SOA ns1.kreber.com. billc.netcommunity.com. (
1999112701 ; serial
86400 ; refresh
21600 ; retry
604800 ; expire
0 ) ; TTL minimum
; TTL minimum use to be 86400
IN NS 198.212.27.4.
IN NS 206.183.224.8.
IN NS 206.183.224.7.
IN NS 206.183.226.10.
; ------------------------------------------------------------------------
;
netcommunity.com. IN MX 10 pokey.netcommunity.com.
jhad IN A 198.212.27.132
bodasheck IN A 198.212.27.143
burnbaby IN A 198.212.27.160
sales IN A 198.212.27.185
ns1 IN A 198.212.27.192
simba IN A 198.212.27.194
zuul IN A 198.212.27.195
winnt2 IN A 198.212.27.197
winnt3 IN A 198.212.27.198
pokey IN A 198.212.27.199
gumby IN A 198.212.27.200
winnt1 IN A 198.212.27.238
hal IN A 198.212.27.242
yaldwan IN A 198.212.27.243
www IN A 198.212.27.254
ftp IN CNAME pokey.netcommunity.com.
pulsar IN CNAME ns1.netcommunity.com.
mail IN CNAME pokey.netcommunity.com.
dev IN CNAME gumby.netcommunity.com.
; ------------------------------------------------------------------------
; Test sites currently on gumby.
; ------------------------------------------------------------------------
test.grangeinsurance IN A 198.212.27.200
test.gtgi IN A 198.212.27.200
test.netcommunity IN A 198.212.27.200
test.securitydocuments IN A 198.212.27.200
test.trimsystems IN A 198.212.27.200
test.flashpilot IN A 198.212.27.200
More information about the bind-users
mailing list