Problems after 8.3.3 upgrade
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Jul 16 23:59:21 UTC 2002
>
> Since upgrading to 8.3.3, we have been experiencing problems with our two
> corporate nameservers resolving certain hosts. The only hosts reported
> have been those in the yahoo.com domain which are cnames to akamai.
>
> For example, I saw the following while debugging the problem today. There
> was a host that returned the following error no matter how many times I
> tried to look it up.
>
> [nickh at lorien nickh]$ dig @ops click.shopping.yahoo.com
>
> ; <<>> DiG 9.2.0 <<>> @ops click.shopping.yahoo.com
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
> I dumped the database on backup and checked for shopping in the dump file:
>
> [nickh at ops named]$ sudo kill -INT `cat /var/run/named.pid `
> [nickh at ops named]$ grep shopping /var/named/named_dump.db
> [nickh at ops named]$
>
> Nothing there. Then I looked for the CNAME record specifically:
>
> [nickh at lorien nickh]$ dig @ops click.shopping.yahoo.com cname
>
> ; <<>> DiG 9.2.0 <<>> @ops click.shopping.yahoo.com cname
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38500
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
>
> ;; QUESTION SECTION:
> ;click.shopping.yahoo.com. IN CNAME
>
> ;; ANSWER SECTION:
> click.shopping.yahoo.com. 1800 IN CNAME click.shopping.yahoo.akad
> ns.net.
>
> ;; AUTHORITY SECTION:
> yahoo.com. 168024 IN NS ns1.yahoo.com.
> yahoo.com. 168024 IN NS ns2.yahoo.com.
> yahoo.com. 168024 IN NS ns3.yahoo.com.
> yahoo.com. 168024 IN NS ns4.yahoo.com.
> yahoo.com. 168024 IN NS ns5.yahoo.com.
>
> ;; ADDITIONAL SECTION:
> ns1.yahoo.com. 168144 IN A 66.218.71.63
> ns2.yahoo.com. 168024 IN A 209.132.1.28
> ns3.yahoo.com. 168024 IN A 217.12.4.104
> ns4.yahoo.com. 168024 IN A 63.250.206.138
> ns5.yahoo.com. 168024 IN A 64.58.77.85
>
> ;; Query time: 23 msec
> ;; SERVER: 10.0.0.2#53(ops)
> ;; WHEN: Tue Jul 16 15:44:51 2002
> ;; MSG SIZE rcvd: 281
>
> Tried the db dump again, this time the record was there:
>
> [nickh at ops named]$ grep shopping /var/named/named_dump.db
> $ORIGIN shopping.yahoo.com.
> click 1795 IN CNAME click.shopping.yahoo.akadns.net. ;Cr
> =auth [66.218.71.63]
>
> Also, queries immediately started working:
>
> [nickh at lorien nickh]$ dig @ops click.shopping.yahoo.com
>
> ; <<>> DiG 9.2.0 <<>> @ops click.shopping.yahoo.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46741
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 10, ADDITIONAL: 10
>
> ;; QUESTION SECTION:
> ;click.shopping.yahoo.com. IN A
>
> ;; ANSWER SECTION:
> click.shopping.yahoo.com. 1783 IN CNAME click.shopping.yahoo.akad
> ns.net.
> click.shopping.yahoo.akadns.net. 300 IN A 66.218.75.129
>
> ;; AUTHORITY SECTION:
> akadns.net. 168078 IN NS NS1-159.AKAM.net.
> akadns.net. 168078 IN NS NS1-93.AKAM.net.
> akadns.net. 168078 IN NS USE2.AKAM.net.
> akadns.net. 168078 IN NS ZA.akadns.net.
> akadns.net. 168078 IN NS ZC.akadns.net.
> akadns.net. 168078 IN NS ZD.akadns.net.
> akadns.net. 168078 IN NS ZE.akadns.net.
> akadns.net. 168078 IN NS ZF.akadns.net.
> akadns.net. 168078 IN NS ZG.akadns.net.
> akadns.net. 168078 IN NS ZH.akadns.net.
>
> ;; ADDITIONAL SECTION:
> NS1-159.AKAM.net. 55536 IN A 193.108.91.159
> NS1-93.AKAM.net. 55624 IN A 193.108.91.93
> USE2.AKAM.net. 55624 IN A 63.209.170.136
> ZA.akadns.net. 55624 IN A 216.32.65.105
> ZC.akadns.net. 55625 IN A 63.241.199.50
> ZD.akadns.net. 55625 IN A 206.132.160.36
> ZE.akadns.net. 55625 IN A 12.47.217.11
> ZF.akadns.net. 55625 IN A 63.215.198.79
> ZG.akadns.net. 55625 IN A 204.248.36.131
> ZH.akadns.net. 55625 IN A 63.208.48.42
>
> ;; Query time: 25 msec
> ;; SERVER: 10.0.0.2#53(ops)
> ;; WHEN: Tue Jul 16 15:45:08 2002
> ;; MSG SIZE rcvd: 473
>
> Has anyone had this problem with 8.3.3? My workaround for the moment,
> which is keeping all our Yahoo users happy, is to run a script that does
> repeated cname lookups on the problem host names.
>
> --
> For a successful technology, reality must take precedence over public
> relations, for nature cannot be fooled.
>
>
The problem is that "aa" is not set in flags and should
be. As a result the answer is being rejected.
Mark
; <<>> DiG 8.3 <<>> click.shopping.yahoo.com @NS1.yahoo.com +norec
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62871
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 12
;; QUERY SECTION:
;; click.shopping.yahoo.com, type = A, class = IN
;; ANSWER SECTION:
click.shopping.yahoo.com. 30M IN CNAME click.shopping.yahoo.akadns.net.
;; AUTHORITY SECTION:
net. 1d19h18m52s IN NS A.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS G.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS H.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS C.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS I.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS B.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS D.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS L.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS F.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS J.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS K.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS E.GTLD-SERVERS.net.
net. 1d19h18m52s IN NS M.GTLD-SERVERS.net.
;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net. 1d19h18m6s IN A 192.5.6.30
G.GTLD-SERVERS.net. 1d19h18m6s IN A 192.42.93.30
H.GTLD-SERVERS.net. 1d19h18m6s IN A 192.54.112.30
C.GTLD-SERVERS.net. 1d19h18m6s IN A 192.26.92.30
I.GTLD-SERVERS.net. 1d19h18m6s IN A 192.43.172.30
B.GTLD-SERVERS.net. 1d19h18m6s IN A 192.33.14.30
D.GTLD-SERVERS.net. 1d19h18m6s IN A 192.31.80.30
L.GTLD-SERVERS.net. 1d19h18m6s IN A 192.41.162.30
F.GTLD-SERVERS.net. 1d19h18m6s IN A 192.35.51.30
J.GTLD-SERVERS.net. 1d19h18m6s IN A 210.132.100.101
K.GTLD-SERVERS.net. 3d19h18m8s IN A 192.52.178.30
E.GTLD-SERVERS.net. 1d19h18m6s IN A 192.12.94.30
;; Total query time: 281 msec
;; FROM: drugs.dv.isc.org to SERVER: NS1.yahoo.com 66.218.71.63
;; WHEN: Wed Jul 17 09:40:23 2002
;; MSG SIZE sent: 42 rcvd: 500
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list