My ISP's nameserver confuses the resolver in glibc 2.3.2 and BIND 9.2.1

david houlder david.houlder at anu.edu.au
Thu Jan 1 12:05:04 UTC 2004 

I've been seeing some DNS lookup failures on my redhat 9 box.
They are accomapnied by this in /var/log/messages:

Jan  1 22:29:11 localhost mozilla-bin: gethostby*.getanswer: asked for
"www.google.com.au", got "www.google.akadns.net"

A little experimentation with dig reveals that all the info is being
returned, only the A record arrives first, followed by the CNAME:

[david at localhost david]$ dig www.google.com.au
 
; <<>> DiG 9.2.1 <<>> www.google.com.au
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60725
;; flags: rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;www.google.com.au.             IN      A
 
;; ANSWER SECTION:
www.google.akadns.net.  57      IN      A       216.239.53.99
www.google.com.au.      2278    IN      CNAME   www.google.akadns.net.
 
;; Query time: 336 msec
;; SERVER: 203.220.32.107#53(203.220.32.107)
;; WHEN: Thu Jan  1 22:42:25 2004
;; MSG SIZE  rcvd: 86


Running 'tcpdump -n -vvv -s 128' during the dig confirms this.

I thought I'd get around this by setting up a forward-only caching
nameserver, figuring that it might be able to put the records back
into the 'correct' order before handing them back to gethostbyname(),
but, no, BIND seems to be just as confused. The tcpdump of BIND on
localhost forwarding a query shows this...

[root at localhost david]# tcpdump -n -vvv -s 128
tcpdump: listening on ppp0
22:07:04.433985 203.220.41.33.32768 > 203.220.32.107.domain: [udp sum
ok]  55260
+ [1au] A? home.dodo.com.au. ar: . OPT UDPsize=2048 (45) (DF) (ttl 64,
id 0, len
 73)
22:07:04.607987 203.220.32.107.domain > 203.220.41.33.32768: [udp sum
ok]  55260
+ [2a] [1au] A? home.dodo.com.au. www.dodo.com.au. A 203.220.32.118,
home.dodo.c
om.au. CNAME www.dodo.com.au. ar: . OPT UDPsize=2048 (79) (DF) (ttl
60, id 0, le
n 107)
22:07:06.448558 203.220.41.33.32768 > 203.220.32.107.domain: [udp sum
ok]  46546
+ [1au] A? home.dodo.com.au. ar: . OPT UDPsize=2048 (45) (DF) (ttl 64,
id 0, len
 73)
22:07:06.597993 203.220.32.107.domain > 203.220.41.33.32768: [udp sum
ok]  46546
+ [2a] [1au] A? home.dodo.com.au. www.dodo.com.au. A 203.220.32.118,
home.dodo.c
om.au. CNAME www.dodo.com.au. ar: . OPT UDPsize=2048 (79) (DF) (ttl
60, id 0, le
n 107)


...and so on. i.e. it asks (in this case) for home.dodo.com.au, the
answer comes back with the A record for www.dodo.com.au, followed by
the CNAME for home.dodo.com.au. BIND rerties this a few times and
gives up.


So, my questions are:

What (if anything) is my ISP doing wrong? The response from their tech
support is that their nameserevr is OK.

Why is the resolver so picky? Seems as though both the CNAME and A
record are being returned, its just that the CNAME arrives first.

Oh, and I can't use some other namersever because they have blocked
UDP port 53 as far as I can tell. Note that many hosts resolve just
fine (even CNAAMEs), its just a particular few, such as
home.dodo.com.au and www.google.com.au that don't resolve.

Details:

[root at localhost david]# uname -a
Linux localhost.localdomain 2.4.20-20.9 #1 Mon Aug 18 11:27:43 EDT
2003 i686 athlon i386 GNU/Linux
[root at localhost david]# named -v
BIND 9.2.1
[root at localhost david]# rpm -q glibc
glibc-2.3.2-27.9.7

The nameserver in question is on 203.220.32.107 

Thanks
David Houlder

More information about the bind-users mailing list