Bind - strange lookup failure
Mark Andrews
Mark_Andrews at isc.org
Thu Oct 19 03:19:41 UTC 2006
> Hello From France,
>
> Due to hardware issues, I had to reinstall my BIND which works fine before.
> I had reinstalled in first a bind 9-2-4, and following the problem which
> I will describe, I had upgraded in bind 9.3.2P1, the problem is always
> present
>
> Now I have got a critical issue with Bind now :
>
> The first request is always very long or (sometimes fails), the others
are ok. ( and lookup failure don't concern all domains, for example the
> host smtp.wanadoo.fr causes one)
> The first query time for a host or a domain is never under 1200 to 1500
> ms, which causes failures clients lookup (and "hosts not found" with"
> mailer-daemon" with my mail system )
>
>
> --> I have checked my Bind config with www.dnsreports.com and all seems
> to be good, idem for zonecheck.fr
>
> In attachement, you cand find :
> - a dig.smtp.wanadoo.fr example
> - my named.conf
> - named.conf.options
> - named.conf.local
>
> Thanks to help me for solving this problem.
>
> Thank for your help, From France!
I would be looking for a firewall dropping UDP responses > 512
octets. Notice that the response is 517 octets. Also make
sure your firewall passes ip fragments.
; <<>> DiG 9.3.2-P1 <<>> smtp.wanadoo.fr +norec @ns.wanadoo.fr +dnssec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30620
;; flags: qr aa; QUERY: 1, ANSWER: 21, AUTHORITY: 4, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;smtp.wanadoo.fr. IN A
;; ANSWER SECTION:
smtp.wanadoo.fr. 600 IN A 193.252.22.56
smtp.wanadoo.fr. 600 IN A 193.252.22.65
smtp.wanadoo.fr. 600 IN A 193.252.22.78
smtp.wanadoo.fr. 600 IN A 193.252.22.79
smtp.wanadoo.fr. 600 IN A 193.252.22.80
smtp.wanadoo.fr. 600 IN A 193.252.22.81
smtp.wanadoo.fr. 600 IN A 193.252.22.82
smtp.wanadoo.fr. 600 IN A 193.252.22.83
smtp.wanadoo.fr. 600 IN A 193.252.22.89
smtp.wanadoo.fr. 600 IN A 193.252.22.92
smtp.wanadoo.fr. 600 IN A 193.252.22.107
smtp.wanadoo.fr. 600 IN A 193.252.22.116
smtp.wanadoo.fr. 600 IN A 193.252.22.123
smtp.wanadoo.fr. 600 IN A 193.252.23.67
smtp.wanadoo.fr. 600 IN A 193.252.23.107
smtp.wanadoo.fr. 600 IN A 193.252.23.110
smtp.wanadoo.fr. 600 IN A 80.12.242.3
smtp.wanadoo.fr. 600 IN A 80.12.242.6
smtp.wanadoo.fr. 600 IN A 80.12.242.9
smtp.wanadoo.fr. 600 IN A 80.12.242.12
smtp.wanadoo.fr. 600 IN A 80.12.242.15
;; AUTHORITY SECTION:
wanadoo.fr. 600 IN NS ns10.wanadoo.fr.
wanadoo.fr. 600 IN NS ns11.wanadoo.fr.
wanadoo.fr. 600 IN NS ns.wanadoo.fr.
wanadoo.fr. 600 IN NS ns2.wanadoo.fr.
;; ADDITIONAL SECTION:
ns.wanadoo.fr. 3600 IN A 80.12.255.24
ns2.wanadoo.fr. 3600 IN A 80.12.255.159
ns10.wanadoo.fr. 3600 IN A 80.12.255.23
ns11.wanadoo.fr. 3600 IN A 80.12.255.152
;; Query time: 324 msec
;; SERVER: 80.12.255.24#53(80.12.255.24)
;; WHEN: Thu Oct 19 13:15:34 2006
;; MSG SIZE rcvd: 517
> Christophe Dumonet.
>
> #######################################################################
> pcdmz01:/home/dumonet# dig smtp.wanadoo.fr
>
> ; <<>> DiG 9.2.4 <<>> smtp.wanadoo.fr
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8589
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 21, AUTHORITY: 4, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;smtp.wanadoo.fr. IN A
>
> ;; ANSWER SECTION:
> smtp.wanadoo.fr. 243 IN A 193.252.22.89
> smtp.wanadoo.fr. 243 IN A 193.252.22.92
> smtp.wanadoo.fr. 243 IN A 193.252.22.107
> smtp.wanadoo.fr. 243 IN A 193.252.22.116
> smtp.wanadoo.fr. 243 IN A 193.252.22.123
> smtp.wanadoo.fr. 243 IN A 193.252.23.67
> smtp.wanadoo.fr. 243 IN A 193.252.23.107
> smtp.wanadoo.fr. 243 IN A 193.252.23.110
> smtp.wanadoo.fr. 243 IN A 80.12.242.3
> smtp.wanadoo.fr. 243 IN A 80.12.242.6
> smtp.wanadoo.fr. 243 IN A 80.12.242.9
> smtp.wanadoo.fr. 243 IN A 80.12.242.12
> smtp.wanadoo.fr. 243 IN A 80.12.242.15
> smtp.wanadoo.fr. 243 IN A 193.252.22.56
> smtp.wanadoo.fr. 243 IN A 193.252.22.65
> smtp.wanadoo.fr. 243 IN A 193.252.22.78
> smtp.wanadoo.fr. 243 IN A 193.252.22.79
> smtp.wanadoo.fr. 243 IN A 193.252.22.80
> smtp.wanadoo.fr. 243 IN A 193.252.22.81
> smtp.wanadoo.fr. 243 IN A 193.252.22.82
> smtp.wanadoo.fr. 243 IN A 193.252.22.83
>
> ;; AUTHORITY SECTION:
> wanadoo.fr. 243 IN NS ns2.wanadoo.fr.
> wanadoo.fr. 243 IN NS ns10.wanadoo.fr.
> wanadoo.fr. 243 IN NS ns11.wanadoo.fr.
> wanadoo.fr. 243 IN NS ns.wanadoo.fr.
>
> ;; Query time: 1249 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Oct 16 10:12:39 2006
> ;; MSG SIZE rcvd: 442
> ##############################################################
>
>
>
> named.conf
> ################################################################
> include "/etc/bind/named.conf.options";
>
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/named.ca";
> };
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
> // zone "com" { type delegation-only; };
> // zone "net" { type delegation-only; };
>
> include "/etc/bind/named.conf.local";
>
> ############fin de named.conf########################################
>
> named.conf.options
> ##################################################################
> options {
> directory "/etc/bind";
>
> //recursion no;
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you might need to uncomment the query-source
> // directive below. Previous versions of BIND always asked
> // questions using port 53, but BIND 8.1 and later use an
> unprivileged
> // port by default.
>
> query-source address * port 53;
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the addresses replacing
> // the all-0's placeholder.
>
> // forwarders {
> // 0.0.0.0;
> // };
>
> allow-recursion {
> my-internal-and external-network
> };
>
> auth-nxdomain no; # conform to RFC1035
> //listen-on-v6 { any; };
>
> tcp-clients 500;
> recursive-clients 5000;
>
> };
> #####################################################################
>
> named.conf.local
> ######################################################################
> zone "ifma.fr" {
> type master;
> file "/etc/bind/ifma.fr";
> };
>
> zone "231.54.193.in-addr.arpa" {
> type master;
> file "/etc/bind/231.54.193";
> };
> ######################################################################
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list