Intermittent Issue Resolving External Domains

Joel M Nimety jnimety at cybergnostic.com
Thu May 27 12:47:21 UTC 2004 

Here is a tcpdump when an outage is occuring. In this case cnn.com is
not resolving. -- Joel

08:20:46.980813 arp who-has ns77.cybergnostic.com tell ns79.cybergnostic.com
08:20:46.980888 arp reply ns77.cybergnostic.com is-at 0:3:ba:13:a3:26
08:20:46.981003 ns79.cybergnostic.com.32817 >
ns77.cybergnostic.com.domain:  229 00+ A? cnn.com. (25) (DF)
08:20:51.984474 ns79.cybergnostic.com.32817 >
ns77.cybergnostic.com.domain:  229 00+ A? cnn.com. (25) (DF)
08:21:16.990741 ns77.cybergnostic.com.domain >
ns79.cybergnostic.com.32817:  229 00 ServFail 0/0/0 (25) (DF)
08:21:16.990965 ns79.cybergnostic.com > ns77.cybergnostic.com: icmp:
ns79.cyberg nostic.com udp port 32817 unreachable [tos 0xc0]
08:21:16.991986 ns77.cybergnostic.com.domain >
ns79.cybergnostic.com.32817:  229 00 ServFail 0/0/0 (25) (DF)
08:21:16.992094 ns79.cybergnostic.com > ns77.cybergnostic.com: icmp:
ns79.cyberg nostic.com udp port 32817 unreachable [tos 0xc0]
08:21:20.403315 ns79.cybergnostic.com.32817 >
ns77.cybergnostic.com.domain:  504 80+ A? cnn.com. (25) (DF)
08:21:21.989402 arp who-has ns79.cybergnostic.com tell ns77.cybergnostic.com
08:21:21.989509 arp reply ns79.cybergnostic.com is-at 0:3:ba:27:7e:36
08:21:25.412017 ns79.cybergnostic.com.32817 >
ns77.cybergnostic.com.domain:  504 80+ A? cnn.com. (25) (DF)
08:21:30.411415 arp who-has ns77.cybergnostic.com tell ns79.cybergnostic.com
08:21:30.411465 arp reply ns77.cybergnostic.com is-at 0:3:ba:13:a3:26
08:21:47.051148 ns77.cybergnostic.com.domain >
ns79.cybergnostic.com.32817:  504 80 ServFail 0/0/0 (25) (DF)
08:21:47.051269 ns79.cybergnostic.com > ns77.cybergnostic.com: icmp:
ns79.cyberg nostic.com udp port 32817 unreachable [tos 0xc0]
08:21:47.052423 ns77.cybergnostic.com.domain >
ns79.cybergnostic.com.32817:  504 80 ServFail 0/0/0 (25) (DF)
08:21:47.052528 ns79.cybergnostic.com > ns77.cybergnostic.com: icmp:
ns79.cyberg nostic.com udp port 32817 unreachable [tos 0xc0]


Joel M Nimety wrote:
 > Hello --
 > I'm running bind Version: 9.2.4rc2
 > Linux ns81 2.4.19 #1 Fri Oct 4 18:36:11 EDT 2002 sparc64 unknown
 >
 > Using Debian 3.0
 >
 > We're experiencing intermittent issues resolving domain names.  Often
 > these domains are microsoft.com, cnn.com, etc.  We are running 3
 > identical servers and sometime they can go a week or two without any
 > trouble (othertimes only hours), then without warning one server will be
 > unable to perform a recursive lookup for a few domains.
 >
 > rndc flush has no effect, restarting bind fixes any problems.
 >
 > I have a cache dump created during one of the outages, if that would be
 > helpful I can post it.
 >
 > I've also attached my named.conf
 >
 >
 > Any insight is very much appreciated.
 >
 > -- Joel

More information about the bind-users mailing list