short hostname resolution

Mark Andrews Mark_Andrews at isc.org
Tue Apr 26 02:33:09 UTC 2005 

> I am setting up a nameserver running on a Redhat 9 box that resides
> on a private network that will NOT utilize NAT.  named starts fine 
> and resolves FQDNs instantly for all clients.  For short hostnames,
> however, name resolution for certain clients such as 'rsh' and 
> 'host' is instant while for other clients such as 'ssh' and 'dig', 
> resolution either involves timeouts before eventually getting an 
> IP address (ssh) or delays followed by eventual failure (dig).
> 
> The domain name for the private network follows the format: 
> <organization>.pvt and all hosts on the private network have a 
> simple /etc/resolv.conf:
> 
> search <organization>.pvt  <my public domain>
> options timeout:5
> nameserver 192.168.9.2
> nameserver 192.168.9.3
> 
> 
> Detailed logging reveals the following frequent pattern but web
> searches on such messages seem to implicate firewalls and NAT.  I'm 
> not using NAT and even hosts on the same subnet as the nameserver 
> suffer. 
> 
> Apr 24 17:39:47.025 fctx 0x80f2f20: too many timeouts, disabling EDNS0
> Apr 24 17:39:47.025 resquery 0x81019c8 (fctx 0x80f2f20): sent
> Apr 24 17:39:47.025 resquery 0x81046c8 (fctx 0x80e5cc8): senddone
> Apr 24 17:39:47.025 resquery 0x81019c8 (fctx 0x80f2f20): senddone
> 
> Stranger still, the detailed logs reveal some dialog with root
> servers even though the nameserver resides on an un-NAT'd private 
> network.
> 
> I have tried BIND 9.3.1, 8.4.6, and the 9.2.1 that ships with 
> Redhat 9 - all result in the same behavior.  I found some stuff on 
> a SCO website claiming named itself can generate packets in 
> response to queries on short hostnames that exceed its own size 
> limits - resulting in reattempts and delays but nothing on ISC's 
> website corroborating these claims.  I use a similar configuration 
> for BIND 9.2.1 on my public class C network with none of this 
> difficulty.  Any and all thoughts appreciated.
> 
> Paul
> 
> 
> -- 
> 
> Paul Daniel
> Owens Valley Radio Observatory
> 
> email:	paul at ovro.caltech.edu
> voice:	760.938.2075 x 130
> street:	OVRO 
>         100 Leighton LN 	
>         Big Pine, CA 93513

	You need to setup your own root zone.

	What is happening is that the resolver continues searching on
	a NODATA response.

	This query sequence is like this:

		short.<organization>.pvt/AAAA	(NODATA continue)
		short/AAAA 			(NXDOMAIN continue)
		short.<organization>.pvt/A	(answer stop)
		short/A

	There is definitly a arguement for making the query sequence
	with skips of the other type on NXDOMAIN.

		short.<organization>.pvt/AAAA	(NODATA continue)
		short.<organization>.pvt/A	(answer stop)
		short/AAAA
		short/A

	There is also a arguement for stopping a single type search
	on NODATA rather then proceeding to try other search list
	elements.  This would make "ssh foo", "ssh -4 foo" and
	"ssh -6 foo" always behave as if you are trying to connect
	to the first foo on the search list.  Currently you may get
	the second depending upon query type / search order.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list