Connection timed out: BIND 9.0.1

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Thu Nov 30 01:22:07 UTC 2000 

	GDS does not respond to EDNS probes (queries w/ additional data).

	What you are seeing is the server trying with a EDNS query then
	after timing out retrying w/o EDNS.

	The GDS server should at least meet RFC 1035 and either ignore
	the additional data in the query or send a FORMERR.  It does
	neither.  It appears to just drop the ENDS query on the floor.

	Mark

> I have a strange problem with BIND 9.0.1 that I've never seen with our
> 8.2.x servers.  We are delegating a zone to our mail server (which uses
> Critical Path's Global Directory Server (GDS) for a name server).  The
> first time I ask BIND 9 for an answer, I get a Connection timed out,
> and the second time I ask, BIND 9 answers until the RR expires.  Then
> the cycle repeats.  Since all of our machines will point to this group
> of BIND name servers, I need BIND 9 to answer on the first query.
> 
> lyra.u.arizona.edu (the BIND 9 server) should be authoritative for
> email.arizona.edu.
> 
> lyra should delegate inbox.email.arizona.edu to phobos.email.arizona.edu
> and deimos.email.arizona.edu.
> 
> listserv and dns.ccit.arizona.edu are our production BIND 8 servers.  They
> always answer on the first try.  Lyra and dns.ccit.arizona.edu are slaves
> to listserv, so I'm sure they all use the same zone file.
> 
> (First try)
> $ dig @lyra.u.arizona.edu murphy.inbox.email.arizona.edu
> 
> ; <<>> DiG 8.2 <<>> @lyra.u.arizona.edu murphy.inbox.email.arizona.edu 
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; res_nsend to server lyra.u.arizona.edu  128.196.137.175: Connection timed 
> out
> 
> (Command recall and enter)
> $ dig @lyra.u.arizona.edu murphy.inbox.email.arizona.edu
> 
> ; <<>> DiG 8.2 <<>> @lyra.u.arizona.edu murphy.inbox.email.arizona.edu 
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;      murphy.inbox.email.arizona.edu, type = A, class = IN
> 
> ;; ANSWER SECTION:
> murphy.inbox.email.arizona.edu.  5M IN CNAME  phobos.email.arizona.edu.
> phobos.email.arizona.edu.  3H IN A  128.196.133.160
> 
> ;; AUTHORITY SECTION:
> email.arizona.edu.      3H IN NS        listserv.ccit.arizona.edu.
> email.arizona.edu.      3H IN NS        dns.ccit.arizona.edu.
> 
> ;; ADDITIONAL SECTION:
> listserv.ccit.arizona.edu.  1D IN A  128.196.137.14
> dns.ccit.arizona.edu.   1D IN A         128.196.139.46
> 
> ;; Total query time: 2240 msec
> ;; FROM: beavis.ccit.arizona.edu to SERVER: lyra.u.arizona.edu  128.196.137.1
> 75
> ;; WHEN: Wed Nov 29 16:34:31 2000
> ;; MSG SIZE  sent: 48  rcvd: 163
> 
> (querying the inbox.email.arizona.edu authority)
> $ dig @phobos.email.arizona.edu murphy.inbox.email.arizona.edu
> 
> ; <<>> DiG 8.2 <<>> @phobos.email.arizona.edu murphy.inbox.email.arizona.edu 
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      murphy.inbox.email.arizona.edu, type = A, class = IN
> 
> ;; ANSWER SECTION:
> murphy.inbox.email.arizona.edu.  5M IN CNAME  phobos.email.arizona.edu.
> phobos.email.arizona.edu.  5M IN A  128.196.133.160
> 
> ;; Total query time: 10 msec
> ;; FROM: beavis.ccit.arizona.edu to SERVER: phobos.email.arizona.edu  128.196
> .133.160
> ;; WHEN: Wed Nov 29 17:02:08 2000
> ;; MSG SIZE  sent: 48  rcvd: 85
> 
> 
> Phobos and Deimos (the Critical Path DNS servers) seem to give short answers,
> but is that the problem?  Should they be filling the authority section with
> themselves?  If they are doing something wrong, I need to know exactly what
> it is to pass onto the Critical Path engineers.  Regardless, why does BIND 9
> appear inconsistent?
> 
> I would be happy to provide more info if I've missed anything.
> 
> Thank you.
> 
> Brian Murphy
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list