help debug a BIND problem (debug output)
Barry Margolin
barmar at bbnplanet.com
Fri Feb 18 15:52:04 UTC 2000
In article <Pine.OSF.4.10.10002181826190.11498-100000 at singapura.singnet.com.sg>,
Mathias Koerber <mathias at staff.singnet.com.sg> wrote:
>Hi all,
>
>I have a wierd problem doing certain DNS lookups, and would like to
>solicit help with reading the BIND debug output.
>
>I'm using BIND-8.2.2p5
>
>The Problem: None of my nameservers can perform DNS lookups
>for www.chijstcs.moe.edu.sg, yet dig(1) queries for the same (from the
>same nameserver to the auth NS of the domain) work fine:
You did better than I could. I couldn't get a response when I queried the
auth NS unless I used TCP -- I timed out completely when using UDP, but TCP
works (slowly -- response time was 4-10 seconds). I used snoop to make
sure that I wasn't getting a response from a different address that dig
might have been ignoring; I saw no responses at all.
Pings also don't work to 166.121.9.200, but traceroute does.
> 1. Am I correct in my reading of the debug log?
I think so.
> 2. Why would the remote NS reply from a different IP address?
It has multiple NICs or virtual addresses, and the other IP address is the
preferred interface for sending replies back to you.
> 2.a Was this a sknown problem in a previ version of BIND or any other NS?
> (I have not managed to speak to the remote admin yet, I actually wanted
> some more data before I contact them).
This was a known problem in BIND 4.8.
> 3. Does dig(1) not care about the sender's IP address, but BIND does?
BIND definitely does, and I thought dig would as well, but perhaps not.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list