Connection timed out: BIND 9.0.1

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Mon Dec 4 04:54:27 UTC 2000 

> 
> [Sorry if this is a repost]
> 
> On Thu, Nov 30, 2000 at 12:22:07PM +1100, Mark.Andrews at nominum.com wrote:
> > 	GDS does not respond to EDNS probes (queries w/ additional data).
> > 
> > 	What you are seeing is the server trying with a EDNS query then
> > 	after timing out retrying w/o EDNS.
> > 
> > 	The GDS server should at least meet RFC 1035 and either ignore
> > 	the additional data in the query or send a FORMERR.  It does
> > 	neither.  It appears to just drop the ENDS query on the floor.
> > 
> 
> Mark, thank you for the quick response.  I've done some reading and have
> two followup questions.
> 
> First, since BIND is a full resolver, wouldn't it make sense that it
> not return an error until it has completed all of its iterations.  More
> specifically, since the EDNS0 probe fails and BIND automatically retries
> the query without ENDS0 and AD (per the migration doc), wouldn't it be
> proper for BIND to not return until it knows the results of the retried
> query?

	It doesn't return until it has a answer.  Dig timed out.
> 
> Second, is there an option to disable Extended DNS in BIND 9?

	No.  In general this wouldn't help either as your clients
	won't have this option set.

> 
> Brian
> P.S. Yes, I want Critical Path to fix their software too.
> 
> > > I have a strange problem with BIND 9.0.1 that I've never seen with our
> > > 8.2.x servers.  We are delegating a zone to our mail server (which uses
> > > Critical Path's Global Directory Server (GDS) for a name server).  The
> > > first time I ask BIND 9 for an answer, I get a Connection timed out,
> > > and the second time I ask, BIND 9 answers until the RR expires.  Then
> > > the cycle repeats.  Since all of our machines will point to this group
> > > of BIND name servers, I need BIND 9 to answer on the first query.
> > > 
> > > lyra.u.arizona.edu (the BIND 9 server) should be authoritative for
> > > email.arizona.edu.
> > > 
> > > lyra should delegate inbox.email.arizona.edu to phobos.email.arizona.edu
> > > and deimos.email.arizona.edu.
> > > 
> > > listserv and dns.ccit.arizona.edu are our production BIND 8 servers.  The
> y
> > > always answer on the first try.  Lyra and dns.ccit.arizona.edu are slaves
> > > to listserv, so I'm sure they all use the same zone file.
> > > 
> > > (First try)
> > > $ dig @lyra.u.arizona.edu murphy.inbox.email.arizona.edu
> > > 
> > > ; <<>> DiG 8.2 <<>> @lyra.u.arizona.edu murphy.inbox.email.arizona.edu 
> > > ; (1 server found)
> > > ;; res options: init recurs defnam dnsrch
> > > ;; res_nsend to server lyra.u.arizona.edu  128.196.137.175: Connection ti
> med 
> > > out
> > > 
> > > (Command recall and enter)
> > > $ dig @lyra.u.arizona.edu murphy.inbox.email.arizona.edu
> > > 
> > > ; <<>> DiG 8.2 <<>> @lyra.u.arizona.edu murphy.inbox.email.arizona.edu 
> > > ; (1 server found)
> > > ;; res options: init recurs defnam dnsrch
> > > ;; got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> > > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> > > ;; QUERY SECTION:
> > > ;;      murphy.inbox.email.arizona.edu, type = A, class = IN
> > > 
> > > ;; ANSWER SECTION:
> > > murphy.inbox.email.arizona.edu.  5M IN CNAME  phobos.email.arizona.edu.
> > > phobos.email.arizona.edu.  3H IN A  128.196.133.160
> > > 
> > > ;; AUTHORITY SECTION:
> > > email.arizona.edu.      3H IN NS        listserv.ccit.arizona.edu.
> > > email.arizona.edu.      3H IN NS        dns.ccit.arizona.edu.
> > > 
> > > ;; ADDITIONAL SECTION:
> > > listserv.ccit.arizona.edu.  1D IN A  128.196.137.14
> > > dns.ccit.arizona.edu.   1D IN A         128.196.139.46
> > > 
> > > ;; Total query time: 2240 msec
> > > ;; FROM: beavis.ccit.arizona.edu to SERVER: lyra.u.arizona.edu  128.196.1
> 37.1
> > > 75
> > > ;; WHEN: Wed Nov 29 16:34:31 2000
> > > ;; MSG SIZE  sent: 48  rcvd: 163
> > > 
> > > (querying the inbox.email.arizona.edu authority)
> > > $ dig @phobos.email.arizona.edu murphy.inbox.email.arizona.edu
> > > 
> > > ; <<>> DiG 8.2 <<>> @phobos.email.arizona.edu murphy.inbox.email.arizona.
> edu 
> > > ; (1 server found)
> > > ;; res options: init recurs defnam dnsrch
> > > ;; got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> > > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> > > ;; QUERY SECTION:
> > > ;;      murphy.inbox.email.arizona.edu, type = A, class = IN
> > > 
> > > ;; ANSWER SECTION:
> > > murphy.inbox.email.arizona.edu.  5M IN CNAME  phobos.email.arizona.edu.
> > > phobos.email.arizona.edu.  5M IN A  128.196.133.160
> > > 
> > > ;; Total query time: 10 msec
> > > ;; FROM: beavis.ccit.arizona.edu to SERVER: phobos.email.arizona.edu  128
> .196
> > > .133.160
> > > ;; WHEN: Wed Nov 29 17:02:08 2000
> > > ;; MSG SIZE  sent: 48  rcvd: 85
> > > 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list