Problem with a host Delagation

Terry Rossi tpr at pics.com
Tue Dec 16 18:44:22 UTC 2003 

Hi,

I have implemented a F5 Networks Link Controller to do inbound load
balancing.  In order to make this device work you need to have the LC
respond to DNS requests for IP addresses you wish to inbound load
balance.  I did this with my webserver by adding NS records for the
webserver host.

ie:
;www    3600    IN      A       192.135.189.20
www     3600    IN      NS      bigip1.pics.com.        ;Cl=2
        3600    IN      NS      bigip2.pics.com.        ;Cl=2

Bind 8.2.3-REL on the parent (where the zone file resides) answers
fine 75% of the time, the other 25% of the time it reports a SERVFAIL
and i see no proof (with tcpdump) that bind is asking the F5 device
for the IP of www.pics.com.

Here is a dig debug (from the parent 192.135.189.20) but I have no
idea what this means or how to correct.

# dig www.pics.com +debug

; <<>> DiG 8.3 <<>> www.pics.com +debug
;; res_nmkquery(QUERY, www.pics.com, IN, A)
;; res options: init debug recurs defnam dnsrch
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18404
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      www.pics.com, type = A, class = IN

;; Querying server (# 1) address = 192.135.189.20
;; new DG socket
server rejected query:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18404
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      www.pics.com, type = A, class = IN

;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18404
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      www.pics.com, type = A, class = IN

;; Total query time: 4 msec
;; FROM: picspc01.pics.com to SERVER: default -- 192.135.189.20
;; WHEN: Tue Dec 16 12:58:11 2003
;; MSG SIZE  sent: 30  rcvd: 30



Here is an example after I restarted bind

$ named -v
named 8.2.3-REL Thu Feb 15 09:57:28 EST 2001
        root at picspc01.pics.com:/u3/obj/u3/src/src/usr.sbin/named
$ dig www.pics.com +debug

; <<>> DiG 8.3 <<>> www.pics.com +debug
;; res_nmkquery(QUERY, www.pics.com, IN, A)
;; res options: init debug recurs defnam dnsrch
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47326
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      www.pics.com, type = A, class = IN

;; Querying server (# 1) address = 192.135.189.20
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47326
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
0
;; QUERY SECTION:
;;      www.pics.com, type = A, class = IN

;; ANSWER SECTION:
www.pics.com.           5S IN A         207.8.189.152

;; Total query time: 4 msec
;; FROM: picspc01.pics.com to SERVER: default -- 192.135.189.20
;; WHEN: Tue Dec 16 13:42:55 2003
;; MSG SIZE  sent: 30  rcvd: 46

$


Thanks in advance for any advice you can provide.

Regards,


Terry

More information about the bind-users mailing list