BIND only resolves hostname on the second attempt

Fri Oct 29 00:37:49 UTC 2004

> A couple of days ago, my DNS server started behaving oddly: the first
> time I try to visit a web site, my browser tells me the server
> couldn't be found; if I then go to the same URL a second time, it
> works.
> 
> My server is Mac OS X 10.3.5 running BIND 9.2.2. My clients are all
> Macs, running the Safari web browser, but the problem comes up with
> almost anything that tries to resolve hostnames; the game Halo, for
> example, gives me a "host not found" error the first time I try to
> connect to a network game, but connects on the second attempt. Just
> about the only thing which works consistently on the first try is
> running 'host' from a command line (as in, 'host www.cnn.com' never
> complains it can't find the site).
> 
> I ran named at debugging level 2 and tried a query which failed, then
> I tried it at debugging level 3 and tried another failed query, and I
> posted the logs at 'http://www.enchanter.net/bind-log.txt' (I won't
> copy them here, because the stuff logged by -d 3 is long). A few times
> in the second example when it can't find 'www.microsoft.com', I see it
> append my domain '.enchanter.net' to the end and try that; I assume
> this is Safari seeing if the hostname exists locally.
> 
> Can anyone please help me figure out what's going wrong, and how to
> fix it? What have I misconfigured?

	Upgrade / configure your firewall to handle EDNS.  It is
	blocking the following reply from the root servers.  Note
	it is bigger than 512 byte of a standard DNS query.

	As a work around you can set "edns-udp-size 512;" in options.
	This is available in 9.3.0/8.4.0.

; <<>> DiG 9.3.1prerelease <<>> www.microsoft.com +norec +bufsize=4096 @a.root-servers.net
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18033
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 16

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.microsoft.com.		IN	A

;; AUTHORITY SECTION:
com.			172800	IN	NS	A.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.NET.	172800	IN	AAAA	2001:503:a83e::2:30
A.GTLD-SERVERS.NET.	172800	IN	A	192.5.6.30
G.GTLD-SERVERS.NET.	172800	IN	A	192.42.93.30
H.GTLD-SERVERS.NET.	172800	IN	A	192.54.112.30
C.GTLD-SERVERS.NET.	172800	IN	A	192.26.92.30
I.GTLD-SERVERS.NET.	172800	IN	A	192.43.172.30
B.GTLD-SERVERS.NET.	172800	IN	AAAA	2001:503:231d::2:30
B.GTLD-SERVERS.NET.	172800	IN	A	192.33.14.30
D.GTLD-SERVERS.NET.	172800	IN	A	192.31.80.30
L.GTLD-SERVERS.NET.	172800	IN	A	192.41.162.30
F.GTLD-SERVERS.NET.	172800	IN	A	192.35.51.30
J.GTLD-SERVERS.NET.	172800	IN	A	192.48.79.30
K.GTLD-SERVERS.NET.	172800	IN	A	192.52.178.30
E.GTLD-SERVERS.NET.	172800	IN	A	192.12.94.30
M.GTLD-SERVERS.NET.	172800	IN	A	192.55.83.30

;; Query time: 249 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Fri Oct 29 10:31:39 2004
;; MSG SIZE  rcvd: 534

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org