single query fails until named is killed and restarted
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Fri Nov 3 03:06:15 UTC 2000
The ca.gov delegation is broken. Both the names and the IP address
must agree.
Mark
; <<>> DiG 8.3 <<>> ns ca.gov @a.root-servers.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; QUERY SECTION:
;; ca.gov, type = NS, class = IN
;; ANSWER SECTION:
ca.gov. 1D IN NS NIC.TDCNET.ca.gov.
ca.gov. 1D IN NS NS2.TDCNET.ca.gov.
ca.gov. 1D IN NS NS3.NET.ca.gov.
;; ADDITIONAL SECTION:
NIC.TDCNET.ca.gov. 1D IN A 134.186.254.252
NS2.TDCNET.ca.gov. 1D IN A 134.186.4.253
NS3.NET.ca.gov. 1D IN A 205.225.130.209
;; Total query time: 485 msec
;; FROM: drugs.dv.isc.org to SERVER: a.root-servers.net 198.41.0.4
;; WHEN: Fri Nov 3 14:03:57 2000
;; MSG SIZE sent: 24 rcvd: 137
; <<>> DiG 8.3 <<>> ns ca.gov @NIC.TDCNET.ca.gov
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; QUERY SECTION:
;; ca.gov, type = NS, class = IN
;; ANSWER SECTION:
ca.gov. 1D IN NS ns1.net.ca.gov.
ca.gov. 1D IN NS ns2.net.ca.gov.
ca.gov. 1D IN NS ns3.net.ca.gov.
;; ADDITIONAL SECTION:
ns1.net.ca.gov. 1D IN A 134.186.254.252
ns2.net.ca.gov. 1D IN A 134.186.4.253
ns3.net.ca.gov. 1D IN A 205.225.130.209
;; Total query time: 325 msec
;; FROM: drugs.dv.isc.org to SERVER: NIC.TDCNET.ca.gov 134.186.254.252
;; WHEN: Fri Nov 3 14:04:14 2000
;; MSG SIZE sent: 24 rcvd: 130
> Hello,
>
> We have a few times had a problem resolving particular hostnames (hasn't
> been the same domain each time) from our only DNS server. The latest
> problem a user reported was with the domain "jbsis.courts.ca.gov." Our
> DNS server (bob) is on a secured subnet (DMZ) behind the same firewall
> as us (but we are behind a different subnet).
>
> This DNS server does recursive lookups for our internal servers and is
> NAT'd. The server is running Solaris 2.6 pretty current on patches and
> the DNS version is 8.2.2P5, the latest stable/non-beta release
> before BIND9.
>
> All kinds of other queries (to ibm.com, nbc.com, etc.) worked fine and
> nothing had been changed for months on either the DNS server or the
> Firewall. Additionally we have servers offsite w/ other ISPs' DNS
> servers and our own private ISP accounts and DNS lookups (at the same
> time as on the failing "bob") for jbsis.courts.ca.gov from those points
> worked fine. The name server for the problem site is ns1.pbi.net and
> doing "dig @ns1.pbi.net jbsis.courts.ca.gov" from the problem server
> (bob) also worked.
>
> What "cleared" the problem was simply killing the named daemon (ndc
> restart didn't do the trick) and then starting it up.
>
> The dns logs did not show any error (or anything) for this domain or
> it's IP (logging levels included below in our named.conf file). It
> didn't show anything because, as you can see from our logging, we
> don't log each query.
>
> So I am wondering: what happened? What was the problem? I can't figure
> it out as a dig in debug mode returned simple timeouts. What else
> could I have tried to troubleshoot this?
>
> Additionally, what can I check or run if/when this happens again so that
> I can gather more information and get to the bottom of what causes this
> occassional error.
>
> If I have left out any info, please let me know. And thanks for any
> tips or advice. By the way, I searched deja, AskMrDNS, and the BIND
> archives and found similar problem postings. Posts I saw and
> investigated which did not apply to us were: blocked by the firewall,
> overloaded remote server, and mismatched Nameserver. I did not find
> anything that might explain my own problem, however if you feel there is
> a post or explanation out there that applies, please let me know
> what subject or keywords to search on.
>
> thanks,
>
> Adam
>
> bob% dig jbsis.courts.ca.gov +debug=2
>
> ; <<>> DiG 8.2 <<>> jbsis.courts.ca.gov +debug=2
> ;; res_nmkquery(QUERY, jbsis.courts.ca.gov, IN, A)
> ;; res options: init debug recurs defnam dnsrch
> ;; res_send()
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56428
> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; jbsis.courts.ca.gov, type = A, class = IN
>
> ;; Querying server (# 1) address = 192.168.1.2
> ;; timeout
> ;; Querying server (# 1) address = 192.168.1.2
>
> bob% dig @ns1.pbi.net jbsis.courts.ca.gov
>
> ; <<>> DiG 8.2 <<>> @ns1.pbi.net jbsis.courts.ca.gov
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; jbsis.courts.ca.gov, type = A, class = IN
>
> ;; ANSWER SECTION:
> jbsis.courts.ca.gov. 2H IN A 209.157.104.251
>
> ;; AUTHORITY SECTION:
> courts.ca.gov. 2H IN NS ns1.pbi.net.
> courts.ca.gov. 2H IN NS ns2.pbi.net.
>
> ;; ADDITIONAL SECTION:
> ns1.pbi.net. 2D IN A 206.13.28.11
> ns2.pbi.net. 2D IN A 206.13.29.11
>
> ;; Total query time: 107 msec
> ;; FROM: bob to SERVER: ns1.pbi.net 206.13.28.11
> ;; WHEN: Thu Nov 2 09:50:00 2000
> ;; MSG SIZE sent: 37 rcvd: 141
>
> bob% more named.conf
> /*
> * BIND Configuration File
> */
>
> options {
> directory "/dns";
> statistics-file "named.stats";
> dump-file "named_dump.db";
> notify yes;
> recursion yes;
> statistics-interval 60;
> };
>
> logging {
> channel bob_syslog {
> syslog local4;
> severity info;
> };
> channel bob_dnslog {
> file "/logs/dnslog" versions 5 size 5M;
> // Set the severity to dynamic to see all the debug
> messages.
> severity dynamic;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
> category default { bob_syslog; };
> category panic { bob_syslog; bob_dnslog; };
> category packet { bob_dnslog; };
> category eventlib { bob_dnslog; };
> category statistics { bob_syslog; bob_dnslog; };
> category queries { null; };
> category lame-servers { null; };
> category cname { null; };
> };
>
> zone "." in {
> type hint;
> file "db.cache";
> };
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "db.127.0.0";
> };
>
> zone "our.zone.file" in {
> type master;
> file "db.ourzone";
> };
>
> zone "our2.zone2.file2" in {
> type master;
> file "db.ourzone2";
> };
> [rest of our domains and reverse lookups deleted]
>
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list