Problem resolving a domain on my cache server. (part II)

Mark Andrews Mark_Andrews at isc.org
Tue Mar 22 21:08:29 UTC 2005 

> 
> Hi list,
> 
> Some months ago I asked here about a domain I can=B4t resolve on my =
> cache server because of a firewall on the dns that hosts this domain =
> (they were blocking everyone doing queries using source udp port bellow =
> 53). Today I will ask again about one domain I can=B4t resolve on my =
> cache server.=20
> 
> To make sure the problem is not firewall issue again I tested it using =
> DIG and setting the source ip/port exactly to what named process is =
> using to make queries. I receive answer without problems.
> 
> Actually I have problem to resolve just one hostname -> =
> www.redecard.com.br. When I startup my cache server process and make one =
> query to it I receive the answer from my server. But after some time =
> running (and memory cache getting bigger) only this domain stops =
> working. I=B4m not owner of domain redecard.com.br but the problem is =
> some of my cache clients are complaining that they could not resolve =
> this domain using my cache server. I couldn't understand why and how =
> this is happening. I tried some things trying to fix it. Doing rndc =
> flusname for some times I can resolve this domain but some times rndc =
> flushname makes no difference.
> 
> Do someone have a clue on how to trace this kind of problem? Is the =
> problem my cache or the problem is on a mistake at redecard.com.br dns =
> servers?
> 
> Bellow I will paste my named configure line, version and named.conf. I =
> would appreciate any help on this.=20
> 
> Thanks
> 
> Fabiano

	Well they don't have a robust nameserver setup.  There
	are plenty of opportunities for single point failures to
	make both nameservers unreachable when using consecutive
	addresses.

	Any routing problems will affect both servers simultaneously
	(same AS path).

	Highly likely that there are common power failure points that
	will make both servers unreachable.

	Mark

; <<>> DiG 8.3 <<>> redecard.com.br ns 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29000
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUERY SECTION:
;;	redecard.com.br, type = NS, class = IN

;; ANSWER SECTION:
redecard.com.br.	59m49s IN NS	canopus1.credicard.com.br.
redecard.com.br.	59m49s IN NS	regulus1.credicard.com.br.

;; ADDITIONAL SECTION:
canopus1.credicard.com.br.  52m28s IN A  200.211.224.111
regulus1.credicard.com.br.  52m29s IN A  200.211.224.110

;; Total query time: 0 msec
;; FROM: drugs.dv.isc.org to SERVER: 127.0.0.1
;; WHEN: Wed Mar 23 08:02:52 2005
;; MSG SIZE  sent: 33  rcvd: 121


--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list