My ISP's nameserver confuses the resolver in glibc 2.3.2 and BIND 9.2.1

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Jan 6 01:20:26 UTC 2004 

> I've been seeing some DNS lookup failures on my redhat 9 box.
> They are accomapnied by this in /var/log/messages:
> 
> Jan  1 22:29:11 localhost mozilla-bin: gethostby*.getanswer: asked for
> "www.google.com.au", got "www.google.akadns.net"
> 
> A little experimentation with dig reveals that all the info is being
> returned, only the A record arrives first, followed by the CNAME:
> 
> [david at localhost david]$ dig www.google.com.au
>  
> ; <<>> DiG 9.2.1 <<>> www.google.com.au
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60725
> ;; flags: rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>  
> ;; QUESTION SECTION:
> ;www.google.com.au.             IN      A
>  
> ;; ANSWER SECTION:
> www.google.akadns.net.  57      IN      A       216.239.53.99
> www.google.com.au.      2278    IN      CNAME   www.google.akadns.net.
>  
> ;; Query time: 336 msec
> ;; SERVER: 203.220.32.107#53(203.220.32.107)
> ;; WHEN: Thu Jan  1 22:42:25 2004
> ;; MSG SIZE  rcvd: 86
> 
> 
> Running 'tcpdump -n -vvv -s 128' during the dig confirms this.
> 
> I thought I'd get around this by setting up a forward-only caching
> nameserver, figuring that it might be able to put the records back
> into the 'correct' order before handing them back to gethostbyname(),
> but, no, BIND seems to be just as confused. The tcpdump of BIND on
> localhost forwarding a query shows this...
> 
> [root at localhost david]# tcpdump -n -vvv -s 128
> tcpdump: listening on ppp0
> 22:07:04.433985 203.220.41.33.32768 > 203.220.32.107.domain: [udp sum
> ok]  55260
> + [1au] A? home.dodo.com.au. ar: . OPT UDPsize=2048 (45) (DF) (ttl 64,
> id 0, len
>  73)
> 22:07:04.607987 203.220.32.107.domain > 203.220.41.33.32768: [udp sum
> ok]  55260
> + [2a] [1au] A? home.dodo.com.au. www.dodo.com.au. A 203.220.32.118,
> home.dodo.c
> om.au. CNAME www.dodo.com.au. ar: . OPT UDPsize=2048 (79) (DF) (ttl
> 60, id 0, le
> n 107)
> 22:07:06.448558 203.220.41.33.32768 > 203.220.32.107.domain: [udp sum
> ok]  46546
> + [1au] A? home.dodo.com.au. ar: . OPT UDPsize=2048 (45) (DF) (ttl 64,
> id 0, len
>  73)
> 22:07:06.597993 203.220.32.107.domain > 203.220.41.33.32768: [udp sum
> ok]  46546
> + [2a] [1au] A? home.dodo.com.au. www.dodo.com.au. A 203.220.32.118,
> home.dodo.c
> om.au. CNAME www.dodo.com.au. ar: . OPT UDPsize=2048 (79) (DF) (ttl
> 60, id 0, le
> n 107)
> 
> 
> ...and so on. i.e. it asks (in this case) for home.dodo.com.au, the
> answer comes back with the A record for www.dodo.com.au, followed by
> the CNAME for home.dodo.com.au. BIND rerties this a few times and
> gives up.
> 
> 
> So, my questions are:
> 
> What (if anything) is my ISP doing wrong? The response from their tech
> support is that their nameserevr is OK.

	The nameserver is not RFC 1034 compliant.
	See: Section 4.3.2. Algorithm
 
	See: 6.2.7. QNAME=USC-ISIC.ARPA, QTYPE=A
	Note the order of the records in the answer section

> Why is the resolver so picky? Seems as though both the CNAME and A
> record are being returned, its just that the CNAME arrives first.
> 
> Oh, and I can't use some other namersever because they have blocked
> UDP port 53 as far as I can tell. Note that many hosts resolve just
> fine (even CNAAMEs), its just a particular few, such as
> home.dodo.com.au and www.google.com.au that don't resolve.
> 
> Details:
> 
> [root at localhost david]# uname -a
> Linux localhost.localdomain 2.4.20-20.9 #1 Mon Aug 18 11:27:43 EDT
> 2003 i686 athlon i386 GNU/Linux
> [root at localhost david]# named -v
> BIND 9.2.1
> [root at localhost david]# rpm -q glibc
> glibc-2.3.2-27.9.7
> 
> The nameserver in question is on 203.220.32.107 
> 
> Thanks
> David Houlder
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list