Bind 9.1.3 classless delegation problems?

Barry Margolin barmar at genuity.net
Wed Mar 20 22:01:13 UTC 2002 

In article <a7aths$lu6 at pub3.rc.vix.com>, Thomas Kiblin  <tom at kiblin.com> wrote:
>We're running bind 9.1.3, and have been delegated a few class C's, we broke 
>one of those C's up and re-delegate it down to one of our customers (half 
>class C).
>
>That customer is having problems while running his irc bots and servers, 
>with A records not being found.
>
>Talking to our upstream, they seem to think that a problem exist with bind 
>doing classless delegation.
>
>If they query our servers, everything is fine.  If they query outside 
>servers, errors about no A records being found is very high.

It looks good to me.

>One of the example IP's is 205.177.13.231, or .129-254.

Thank you SO MUCH for including a real IP without us having to beg for it.
I get the right answer when I query using our caching nameservers.  I tried
several other addresses in that range and they all seemed fine.

What might be happening is BIND's infamous query-restart problem.  In order
to answer one of these queries, the remote nameserver has to go through
several different servers.  First it goes to your server, which returns the
CNAME record, and when it tries looking up the record in the reverse
subdomain, it gets referred to the leenoox.org servers, which it has to
look up, and then go there.  If it doesn't have enough of this information
cached, it reaches a limit and aborts the query.

The fix is for you to configure your server as a slave for the subdomain.
That way, instead of just returning the CNAME record, you'll also return
the PTR record that it points to, and the remote server won't have to do
too many iterative queries.

% dig -x 205.177.13.231 ptr

; <<>> DiG 8.3 <<>> -x ptr 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;	231.13.177.205.in-addr.arpa, type = PTR, class = IN

;; ANSWER SECTION:
231.13.177.205.in-addr.arpa.  11m26s IN CNAME  231.128-25.13.177.205.in-addr.arpa.
231.128-25.13.177.205.in-addr.arpa.  11m56s IN PTR  VojVoDa.shellzone.org.

;; AUTHORITY SECTION:
128-25.13.177.205.in-addr.arpa.  11m56s IN NS  ns2.leenoox.org.
128-25.13.177.205.in-addr.arpa.  11m56s IN NS  ns1.leenoox.org.

;; ADDITIONAL SECTION:
ns2.leenoox.org.	1d21h32m10s IN A  205.177.13.129
ns1.leenoox.org.	1d23h56m6s IN A  205.177.13.128

;; Total query time: 21 msec
;; FROM: tools.genuity.com to SERVER: default -- 4.2.2.1
;; WHEN: Wed Mar 20 16:56:25 2002
;; MSG SIZE  sent: 45  rcvd: 181

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list