intermittent resolving errors

Kelly Scroggins kelly at cliffhanger.com
Fri Nov 16 20:21:48 UTC 2001 

I am experiencing a problem I can't solve.  I hope
someone here with more Bind expertise can help me.

My internal name server (bind 8.x on Linux) is
resolving names intermittently.  Sometimes I can
run an nslookup on a Internet server such as
www.yahoo.com, or www.google.com and it will
return an error.  Then another try will return the
correct information.

This internal name server is the master of our
internal zones, and is configured to forward
queries to outside (our ISPs) name servers.

Here's an example of an nslookup failure:

  C:\>nslookup www.yahoo.com
  Server:  ns1.my-domain.com
  Address:  192.168.1.2
  
  *** ns1.my-domain.com can't find www.yahoo.com: Non-existent domain


I've also captured some packets of this error.
I've included a packet that shows an error below.

The most interesting thing about this is that the
name being queried is intermittently appended with
"my-domain.com".  As if it's in one of my local
zone files and does not have the 'trailing dot' at
the end of the RR.

i.e.,

    www.yahoo.com.my-domain.com: type A, class inet
        Name: www.yahoo.com.my-domain.com


Here's the capture :

	-- sniff trace begins --

Frame 168 (91 on wire, 91 captured)
    Arrival Time: Nov 15, 2001 11:29:44.9564
    Time delta from previous packet: 0.000000 seconds
    Frame Number: 168
    Packet Length: 91 bytes
    Capture Length: 91 bytes
Ethernet II
    Destination: 00:a0:c9:89:92:57 (00:a0:c9:89:92:57)
    Source: 00:10:5a:20:1d:86 (00:10:5a:20:1d:86)
    Type: IP (0x0800)
Internet Protocol
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Currently Unused: 0
    Total Length: 77
    Identification: 0x4e64
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (0x11)
    Header checksum: 0x1670 (correct)
    Source: cald.my-domain.com (192.168.1.1)
    Destination: ns1.my-domain.com (192.168.1.2)
User Datagram Protocol
    Source port: 4881 (4881)
    Destination port: domain (53)
    Length: 57
    Checksum: 0xf25e
Domain Name System (query)
    Transaction ID: 0x1537
    Flags: 0x0100 (Standard query)
        0... .... .... .... = Query
        .000 0... .... .... = Standard query
        .... ..0. .... .... = Message is not truncated
        .... ...1 .... .... = Do query recursively
        .... .... ...0 .... = Non-authenticated data is unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        www.yahoo.com.my-domain.com: type A, class inet
            Name: www.yahoo.com.my-domain.com
            Type: Host address
            Class: inet

Frame 169 (157 on wire, 157 captured)
    Arrival Time: Nov 15, 2001 11:29:44.9570
    Time delta from previous packet: 0.000629 seconds
    Frame Number: 169
    Packet Length: 157 bytes
    Capture Length: 157 bytes
Ethernet II
    Destination: 00:10:5a:20:1d:86 (00:10:5a:20:1d:86)
    Source: 00:a0:c9:89:92:57 (00:a0:c9:89:92:57)
    Type: IP (0x0800)
Internet Protocol
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Currently Unused: 0
    Total Length: 143
    Identification: 0x0362
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (0x11)
    Header checksum: 0x6130 (correct)
    Source: ns1.my-domain.com (192.168.1.2)
    Destination: cald.my-domain.com (192.168.1.1)
User Datagram Protocol
    Source port: domain (53)
    Destination port: 4881 (4881)
    Length: 123
    Checksum: 0x0d95
Domain Name System (response)
    Transaction ID: 0x1537
    Flags: 0x8583 (Standard query response, Name error)
        1... .... .... .... = Response
        .000 0... .... .... = Standard query
        .... .1.. .... .... = Server is an authority for domain
        .... ..0. .... .... = Message is not truncated
        .... ...1 .... .... = Do query recursively
        .... .... 1... .... = Server can do recursive queries
        .... .... ..0. .... = Answer/authority portion was not autenticated by the server
        .... .... .... 0011 = Name error
    Questions: 1
    Answer RRs: 0
    Authority RRs: 1
    Additional RRs: 0
    Queries
        www.yahoo.com.my-domain.com: type A, class inet
            Name: www.yahoo.com.my-domain.com
            Type: Host address
            Class: inet
    Authoritative nameservers
        my-domain.com: type SOA, class inet, mname ns1.my-domain.com
            Name: my-domain.com
            Type: Start of zone of authority
            Class: inet
            Time to live: 1 day
            Data length: 37
            Primary name server: ns1.my-domain.com
            Responsible authority's mailbox: hostmaster.my-domain.com
            Serial number: 2001111203
            Refresh interval: 3 hours
            Retry interval: 1 hour
            Expiration limit: 7 days
            Minimum TTL: 1 day


	-- sniff trace ends --

More information about the bind-users mailing list