strange resolution problem...

Ladislav Vobr lvobr at ies.etisalat.ae
Wed Feb 25 02:33:52 UTC 2004 

I had the same problem two, three days back and still I have it I do not 
understand it, but although I have entry in the cache and I support 
recursive-clients I am able to get the answer only with +norec flag. :-(

I post the problem here couple of days before

[dxbins1:/]#dig ns af.mil @127.0.0.1

; <<>> DiG 9.2.3 <<>> ns af.mil @127.0.0.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 11552
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;af.mil.                                IN      NS

;; Query time: 481 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 25 06:34:32 2004
;; MSG SIZE  rcvd: 24

[dxbins1:/]#dig ns af.mil @127.0.0.1 +norec

; <<>> DiG 9.2.3 <<>> ns af.mil @127.0.0.1 +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59554
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0

;; QUESTION SECTION:
;af.mil.                                IN      NS

;; AUTHORITY SECTION:
af.mil.                 3160    IN      NS      MARS.AFNOC.af.mil.
af.mil.                 3160    IN      NS      PAPA1.BARKSDALE.af.mil.
af.mil.                 3160    IN      NS      DELTA1.BARKSDALE.af.mil.
af.mil.                 3160    IN      NS      ARTEMIS.AFNOC.af.mil.
af.mil.                 3160    IN      NS      ns.usafe.af.mil.
af.mil.                 3160    IN      NS      NS.MAXWELL.af.mil.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 25 06:34:40 2004
;; MSG SIZE  rcvd: 170


Ladislav

Michael Hale wrote:
> Something strange is going on with some of my nameservers...
> 
> Basically, a dig +trace will work to resolve the domain, while a plain 
> dig times out.  This only seems to happen with a few certain domains 
> though...
> 
> for instance:
> 
> mhale at dfw-nsadmin:/home/mhale {254} ./dig americanief.org 
> @resolv1.dllstx09.us.to.verio.net
> 
> ; <<>> DiG 9.2.1 <<>> americanief.org @resolv1.dllstx09.us.to.verio.net
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
> 
> however:
> 
> mhale at dfw-nsadmin:/home/mhale {255} ./dig +trace americanief.org 
> @resolv1.dlltx09.us.to.verio.net
> 
> ; <<>> DiG 9.2.1 <<>> +trace americanief.org 
> @resolv1.dllstx09.us.to.verio.net
> ;; global options:  printcmd
> .                       129420  IN      NS      D.ROOT-SERVERS.NET.
> .                       129420  IN      NS      A.ROOT-SERVERS.NET.
> .                       129420  IN      NS      H.ROOT-SERVERS.NET.
> .                       129420  IN      NS      C.ROOT-SERVERS.NET.
> .                       129420  IN      NS      G.ROOT-SERVERS.NET.
> .                       129420  IN      NS      F.ROOT-SERVERS.NET.
> .                       129420  IN      NS      B.ROOT-SERVERS.NET.
> .                       129420  IN      NS      J.ROOT-SERVERS.NET.
> .                       129420  IN      NS      K.ROOT-SERVERS.NET.
> .                       129420  IN      NS      L.ROOT-SERVERS.NET.
> .                       129420  IN      NS      M.ROOT-SERVERS.NET.
> .                       129420  IN      NS      I.ROOT-SERVERS.NET.
> .                       129420  IN      NS      E.ROOT-SERVERS.NET.
> ;; Received 436 bytes from 
> 129.250.16.198#53(resolv1.dllstx09.us.to.verio.net) in 6 ms
> 
> org.                    172800  IN      NS      TLD1.ULTRADNS.NET.
> org.                    172800  IN      NS      TLD2.ULTRADNS.NET.
> ;; Received 115 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 48 ms
> 
> americanief.org.        86400   IN      NS      ns18.zoneedit.com.
> americanief.org.        86400   IN      NS      ns12.zoneedit.com.
> ;; Received 83 bytes from 204.74.112.1#53(TLD1.ULTRADNS.NET) in 49 ms
> 
> americanief.org.        7200    IN      A       209.189.63.111
> americanief.org.        7200    IN      NS      ns12.zoneedit.com.
> americanief.org.        7200    IN      NS      ns18.zoneedit.com.
> ;; Received 99 bytes from 65.125.227.35#53(ns18.zoneedit.com) in 294 ms
> 
> The domains in question are:
> 
> useeducationfair.com
> americanief.org
> aief-usa.org
> americaneducationfair.com
> 
> To make matters more strange, a dig +norecurs will work:
> 
> dig +norecurs americanief.org @resolv1.dllstx09.us.to.verio.net
> 
> ; <<>> DiG 8.2 <<>> +norecurs americanief.org 
> @resolv1.dllstx09.us.to.verio.net
> ; (1 server found)
> ;; res options: init defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16323
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;      americanief.org, type = A, class = IN
> 
> ;; AUTHORITY SECTION:
> americanief.org.        23h50m54s IN NS  ns18.zoneedit.com.
> americanief.org.        23h50m54s IN NS  ns12.zoneedit.com.
> 
> ;; ADDITIONAL SECTION:
> ns18.zoneedit.com.      1d11h9m51s IN A  65.125.227.35
> ns12.zoneedit.com.      1d23h47m8s IN A  64.246.26.64
> 
> ;; Total query time: 2 msec
> ;; FROM: dfw-nsadmin to SERVER: resolv1.dllstx09.us.to.verio.net  
> 129.250.16.198
> ;; WHEN: Tue Feb 24 11:38:47 2004
> ;; MSG SIZE  sent: 33  rcvd: 115
> 
> Any ideas?  I've never seen this behavior before
> 
> 
> --
> Michael Hale					<smiley at verio.net
> ISS Engineer - DNS			 	NTT/Verio
> 
>

More information about the bind-users mailing list