BIND 9.3.2-P1 failing completely on some domains

Paul A. Hoadley paulh at logicsquad.net
Thu Sep 14 23:23:15 UTC 2006 

Hello,

I am running BIND 9.3.2-P1 as an authority for hosts on my LAN, but
not visible at all to the outside world.  I set up the config and zone
files literally a couple of years ago, and have barely touched them
since.  I was running 9.3.0 until I upgraded to FreeBSD 5.5-STABLE
last week, at which point BIND was upgraded.

It may be a coincidence in timing, but since the upgrade I seem to be
unable to resolve a couple of related hostnames: eve-files.com and
podbase.com:

> dig www.eve-files.com

; <<>> DiG 9.3.2-P1 <<>> www.eve-files.com
;; global options:  printcmd
;; connection timed out; no servers could be reached

> dig www.eve-files.com +trace

; <<>> DiG 9.3.2-P1 <<>> www.eve-files.com +trace
;; global options:  printcmd
.                       517752  IN      NS      G.ROOT-SERVERS.NET.
.                       517752  IN      NS      H.ROOT-SERVERS.NET.
.                       517752  IN      NS      I.ROOT-SERVERS.NET.
.                       517752  IN      NS      J.ROOT-SERVERS.NET.
.                       517752  IN      NS      K.ROOT-SERVERS.NET.
.                       517752  IN      NS      L.ROOT-SERVERS.NET.
.                       517752  IN      NS      M.ROOT-SERVERS.NET.
.                       517752  IN      NS      A.ROOT-SERVERS.NET.
.                       517752  IN      NS      B.ROOT-SERVERS.NET.
.                       517752  IN      NS      C.ROOT-SERVERS.NET.
.                       517752  IN      NS      D.ROOT-SERVERS.NET.
.                       517752  IN      NS      E.ROOT-SERVERS.NET.
.                       517752  IN      NS      F.ROOT-SERVERS.NET.
;; Received 436 bytes from 192.168.0.1#53(192.168.0.1) in 0 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 495 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 276 ms

eve-files.com.          172800  IN      NS      a.podbase.com.
eve-files.com.          172800  IN      NS      b.podbase.com.
eve-files.com.          172800  IN      NS      c.podbase.com.
eve-files.com.          172800  IN      NS      d.podbase.com.
;; Received 171 bytes from 192.42.93.30#53(g.gtld-servers.net) in 207 ms

eve-files.com.          172151  IN      NS      c.podbase.com.
eve-files.com.          172151  IN      NS      d.podbase.com.
eve-files.com.          172151  IN      NS      a.podbase.com.
eve-files.com.          172151  IN      NS      b.podbase.com.
;; Received 107 bytes from 192.168.0.1#53(a.podbase.com) in 30040 ms

The last five lines are then repeated, seemingly forever, with only
the order of the nameservers changing.  Yet I can resolve this with my
ISP's nameserver:

> dig @ns1.on.net www.eve-files.com

; <<>> DiG 9.3.2-P1 <<>> @ns1.on.net www.eve-files.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17805
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;www.eve-files.com.             IN      A

;; ANSWER SECTION:
www.eve-files.com.      1800    IN      CNAME   eve-files.com.
eve-files.com.          1800    IN      A       213.115.157.54

;; AUTHORITY SECTION:
eve-files.com.          137798  IN      NS      a.podbase.com.
eve-files.com.          137798  IN      NS      b.podbase.com.
eve-files.com.          137798  IN      NS      c.podbase.com.
eve-files.com.          137798  IN      NS      d.podbase.com.

;; ADDITIONAL SECTION:
a.podbase.com.          137798  IN      A       85.228.72.199
b.podbase.com.          137798  IN      A       213.115.157.54
c.podbase.com.          137798  IN      A       213.115.157.52
d.podbase.com.          137798  IN      A       85.228.72.206

;; Query time: 382 msec
;; SERVER: 216.200.145.64#53(216.200.145.64)
;; WHEN: Fri Sep 15 08:41:07 2006
;; MSG SIZE  rcvd: 218

My named.conf is pretty basic, and hasn't changed in a couple of
years:

options {
        directory "/etc/namedb";
        query-source address * port 53;
};

controls {
        inet * allow { any; } keys { "rndc-key"; };
};

include "/etc/namedb/rndc-key";

logging {
        channel var_log {
                file "/var/log/named.log" versions 2 size 5m;
                severity dynamic;
                print-time yes;
                print-severity yes;
                print-category yes;
        };

        category default        { default_syslog; var_log; };
        category queries        { var_log; };
        category xfer-out       { var_log; };
};

zone "logicsquad.net" {
        type master;
        file "db.logicsquad.net";
        allow-update { 192.168.0.1; };
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "db.127.0.0";
        allow-update { 192.168.0.1; };
};

zone "0.168.192.in-addr.arpa" {
        type master;
        file "db.192.168.0";
        allow-update { 192.168.0.1; };
};

zone "." {
        type hint;
        file "db.cache";
};

Is this my problem, or someone else's?


-- 
Paul.

Logic Squad -- Technical Publishing with XML -- http://logicsquad.net/

More information about the bind-users mailing list