Problems after 8.3.3 upgrade

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Jul 16 23:59:21 UTC 2002 

> 
> Since upgrading to 8.3.3, we have been experiencing problems with our two 
> corporate nameservers resolving certain hosts.  The only hosts reported 
> have been those in the yahoo.com domain which are cnames to akamai.
> 
> For example, I saw the following while debugging the problem today.  There 
> was a host that returned the following error no matter how many times I 
> tried to look it up.
> 
>   [nickh at lorien nickh]$ dig @ops click.shopping.yahoo.com
> 
>   ; <<>> DiG 9.2.0 <<>> @ops click.shopping.yahoo.com
>   ;; global options:  printcmd
>   ;; connection timed out; no servers could be reached
> 
> I dumped the database on backup and checked for shopping in the dump file:
> 
>   [nickh at ops named]$ sudo kill -INT `cat /var/run/named.pid `
>   [nickh at ops named]$ grep shopping /var/named/named_dump.db
>   [nickh at ops named]$
> 
> Nothing there.  Then I looked for the CNAME record specifically:
> 
>   [nickh at lorien nickh]$ dig @ops click.shopping.yahoo.com cname
> 
>   ; <<>> DiG 9.2.0 <<>> @ops click.shopping.yahoo.com cname
>   ;; global options:  printcmd
>   ;; Got answer:
>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38500
>   ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
> 
>   ;; QUESTION SECTION:
>   ;click.shopping.yahoo.com.      IN      CNAME
> 
>   ;; ANSWER SECTION:
>   click.shopping.yahoo.com. 1800  IN      CNAME     click.shopping.yahoo.akad
> ns.net.
> 
>   ;; AUTHORITY SECTION:
>   yahoo.com.              168024  IN      NS      ns1.yahoo.com.
>   yahoo.com.              168024  IN      NS      ns2.yahoo.com.
>   yahoo.com.              168024  IN      NS      ns3.yahoo.com.
>   yahoo.com.              168024  IN      NS      ns4.yahoo.com.
>   yahoo.com.              168024  IN      NS      ns5.yahoo.com.
> 
>   ;; ADDITIONAL SECTION:
>   ns1.yahoo.com.          168144  IN      A       66.218.71.63
>   ns2.yahoo.com.          168024  IN      A       209.132.1.28
>   ns3.yahoo.com.          168024  IN      A       217.12.4.104
>   ns4.yahoo.com.          168024  IN      A       63.250.206.138
>   ns5.yahoo.com.          168024  IN      A       64.58.77.85
> 
>   ;; Query time: 23 msec
>   ;; SERVER: 10.0.0.2#53(ops)
>   ;; WHEN: Tue Jul 16 15:44:51 2002
>   ;; MSG SIZE  rcvd: 281
> 
> Tried the db dump again, this time the record was there:
> 
>   [nickh at ops named]$ grep shopping /var/named/named_dump.db
>   $ORIGIN shopping.yahoo.com.
>   click   1795    IN      CNAME   click.shopping.yahoo.akadns.net.        ;Cr
> =auth [66.218.71.63]
> 
> Also, queries immediately started working:
> 
>   [nickh at lorien nickh]$ dig @ops click.shopping.yahoo.com
> 
>   ; <<>> DiG 9.2.0 <<>> @ops click.shopping.yahoo.com
>   ;; global options:  printcmd
>   ;; Got answer:
>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46741
>   ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 10, ADDITIONAL: 10
> 
>   ;; QUESTION SECTION:
>   ;click.shopping.yahoo.com.      IN      A
> 
>   ;; ANSWER SECTION:
>   click.shopping.yahoo.com. 1783  IN      CNAME     click.shopping.yahoo.akad
> ns.net.
>   click.shopping.yahoo.akadns.net. 300 IN A       66.218.75.129
> 
>   ;; AUTHORITY SECTION:
>   akadns.net.             168078  IN      NS      NS1-159.AKAM.net.
>   akadns.net.             168078  IN      NS      NS1-93.AKAM.net.
>   akadns.net.             168078  IN      NS      USE2.AKAM.net.
>   akadns.net.             168078  IN      NS      ZA.akadns.net.
>   akadns.net.             168078  IN      NS      ZC.akadns.net.
>   akadns.net.             168078  IN      NS      ZD.akadns.net.
>   akadns.net.             168078  IN      NS      ZE.akadns.net.
>   akadns.net.             168078  IN      NS      ZF.akadns.net.
>   akadns.net.             168078  IN      NS      ZG.akadns.net.
>   akadns.net.             168078  IN      NS      ZH.akadns.net.
> 
>   ;; ADDITIONAL SECTION:
>   NS1-159.AKAM.net.       55536   IN      A       193.108.91.159
>   NS1-93.AKAM.net.        55624   IN      A       193.108.91.93
>   USE2.AKAM.net.          55624   IN      A       63.209.170.136
>   ZA.akadns.net.          55624   IN      A       216.32.65.105
>   ZC.akadns.net.          55625   IN      A       63.241.199.50
>   ZD.akadns.net.          55625   IN      A       206.132.160.36
>   ZE.akadns.net.          55625   IN      A       12.47.217.11
>   ZF.akadns.net.          55625   IN      A       63.215.198.79
>   ZG.akadns.net.          55625   IN      A       204.248.36.131
>   ZH.akadns.net.          55625   IN      A       63.208.48.42
> 
>   ;; Query time: 25 msec
>   ;; SERVER: 10.0.0.2#53(ops)
>   ;; WHEN: Tue Jul 16 15:45:08 2002
>   ;; MSG SIZE  rcvd: 473
> 
> Has anyone had this problem with 8.3.3?  My workaround for the moment, 
> which is keeping all our Yahoo users happy, is to run a script that does 
> repeated cname lookups on the problem host names.
> 
> --
> For a successful technology, reality must take precedence over public
> relations, for nature cannot be fooled.
> 
> 

	The problem is that "aa" is not set in flags and should
	be.  As a result the answer is being rejected.

	Mark

; <<>> DiG 8.3 <<>> click.shopping.yahoo.com @NS1.yahoo.com +norec 
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62871
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 12
;; QUERY SECTION:
;;	click.shopping.yahoo.com, type = A, class = IN

;; ANSWER SECTION:
click.shopping.yahoo.com.  30M IN CNAME  click.shopping.yahoo.akadns.net.

;; AUTHORITY SECTION:
net.			1d19h18m52s IN NS  A.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  G.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  H.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  C.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  I.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  B.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  D.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  L.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  F.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  J.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  K.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  E.GTLD-SERVERS.net.
net.			1d19h18m52s IN NS  M.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net.	1d19h18m6s IN A  192.5.6.30
G.GTLD-SERVERS.net.	1d19h18m6s IN A  192.42.93.30
H.GTLD-SERVERS.net.	1d19h18m6s IN A  192.54.112.30
C.GTLD-SERVERS.net.	1d19h18m6s IN A  192.26.92.30
I.GTLD-SERVERS.net.	1d19h18m6s IN A  192.43.172.30
B.GTLD-SERVERS.net.	1d19h18m6s IN A  192.33.14.30
D.GTLD-SERVERS.net.	1d19h18m6s IN A  192.31.80.30
L.GTLD-SERVERS.net.	1d19h18m6s IN A  192.41.162.30
F.GTLD-SERVERS.net.	1d19h18m6s IN A  192.35.51.30
J.GTLD-SERVERS.net.	1d19h18m6s IN A  210.132.100.101
K.GTLD-SERVERS.net.	3d19h18m8s IN A  192.52.178.30
E.GTLD-SERVERS.net.	1d19h18m6s IN A  192.12.94.30

;; Total query time: 281 msec
;; FROM: drugs.dv.isc.org to SERVER: NS1.yahoo.com  66.218.71.63
;; WHEN: Wed Jul 17 09:40:23 2002
;; MSG SIZE  sent: 42  rcvd: 500

--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list