bind-9.3.2-33.fc5
Mark Andrews
Mark_Andrews at isc.org
Mon Sep 25 22:33:34 UTC 2006
>
> Bill Larson wrote:
> > Look, Mark gave ***A*** possibility for an answer to your problem,
> > but you provided very little useful information about the problem
> > itself.
> Yes, I believe this is true, but that was becuase of the way this
> discussion went, no further information were asked.
> > Can you provide us with a specific example of a domain that you are
> > having problems with? Providing this information will allow someone
> > to confirm or deny that there is a DNS problem with the specific
> > example(s) that you give. If
> Ok, here are some examples of domains that were failing to resolve
> www.3ouon.com.ps
No address records in zone for the nameservers ns1.3ouon.com
and ns2.3ouon.com. Whan named asks for the address records
(A/AAAAA) from the zone it gets back NXDOMAIN which it then
caches. Subsequent lookups will then fail.
From COM servers:
ns1.3ouon.com. 172800 IN A 209.59.172.162
ns2.3ouon.com. 172800 IN A 209.59.172.163
; <<>> DiG 9.3.2-P1 <<>> ns1.3ouon.com +norec @209.59.172.162
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45063
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.3ouon.com. IN A
;; AUTHORITY SECTION:
3ouon.com. 86400 IN SOA ns1.3ouon.com. www.3ouon.com.ps. 2006071100 86400 7200 3600000 86400
;; Query time: 227 msec
;; SERVER: 209.59.172.162#53(209.59.172.162)
;; WHEN: Tue Sep 26 08:15:38 2006
;; MSG SIZE rcvd: 83
> www.twseyatscript.com
Another "glue-only" delegation.
twseyatscript.com. 172800 IN NS ns1.naftha.com.
twseyatscript.com. 172800 IN NS ns2.naftha.com.
; <<>> DiG 9.3.2-P1 <<>> ns naftha.com @a.gtld-servers.net
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17394
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;naftha.com. IN NS
;; ANSWER SECTION:
naftha.com. 172800 IN NS ns1.naftha.com.
naftha.com. 172800 IN NS ns2.naftha.com.
;; ADDITIONAL SECTION:
ns1.naftha.com. 172800 IN A 74.52.29.218
ns2.naftha.com. 172800 IN A 74.52.29.219
;; Query time: 366 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Tue Sep 26 08:18:27 2006
;; MSG SIZE rcvd: 96
; <<>> DiG 9.3.2-P1 <<>> ns1.naftha.com @74.52.29.218
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28959
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.naftha.com. IN A
;; AUTHORITY SECTION:
naftha.com. 86400 IN SOA ns1.naftha.com. linuxray.hotmail.com. 2006082301 86400 7200 3600000 86400
;; Query time: 204 msec
;; SERVER: 74.52.29.218#53(74.52.29.218)
;; WHEN: Tue Sep 26 08:17:47 2006
;; MSG SIZE rcvd: 85
> www.moashrat.com
Nothing obvious at first glance.
> www.stooop.com
Another "glue-only" delegation.
; <<>> DiG 9.3.2-P1 <<>> stooop.com @a.gtld-servers.net
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4872
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;stooop.com. IN A
;; AUTHORITY SECTION:
stooop.com. 172800 IN NS ns1.stooop.net.
stooop.com. 172800 IN NS ns2.stooop.net.
;; ADDITIONAL SECTION:
ns1.stooop.net. 172800 IN A 72.21.44.170
ns2.stooop.net. 172800 IN A 72.21.44.171
;; Query time: 364 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Tue Sep 26 08:24:23 2006
;; MSG SIZE rcvd: 106
; <<>> DiG 9.3.2-P1 <<>> ns1.stooop.net @72.21.44.170
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13611
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.stooop.net. IN A
;; AUTHORITY SECTION:
stooop.net. 86400 IN SOA ns3.sotmasr.com. info.sotmasr.com. 2006082801 86400 7200 3600000 86400
;; Query time: 191 msec
;; SERVER: 72.21.44.170#53(72.21.44.170)
;; WHEN: Tue Sep 26 08:24:33 2006
;; MSG SIZE rcvd: 88
> These domains were failing frequently and to get them to resolve i had
> to restart the named daemon whenever they fail.
>
>
> > Since the issue is only with resolving information, this test setup
> > doesn't even have to be authoritative for any zones - simply
> > configure a caching DNS server.
>
> I already did so, and I have a Cobalt machine with bind-8.2.3-C1
> configured outside my firewall as caching only server.
> after forwarding our public servers to the new caching server
> everything was fine .
> then the problem happened with some new domains not as frequently as it
> was before but it is still happens, so then I enabled the query logging
> on the caching server and I can see the following messages as an
> example.
> Sep 25 21:38:51 bns named[3722]: ns_resp: query(mail.yahoo.bz) All
> possible A RR's lame
The zone is delegated to a set of servers that is not
configured to serve it.
; <<>> DiG 9.3.2-P1 <<>> mail.yahoo.bz +norec @DNS1.NAME-SERVICES.COM.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16741
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;mail.yahoo.bz. IN A
;; AUTHORITY SECTION:
yahoo.bz. 3600 IN NS dns1.name-services.com.
yahoo.bz. 3600 IN NS dns2.name-services.com.
yahoo.bz. 3600 IN NS dns3.name-services.com.
yahoo.bz. 3600 IN NS dns4.name-services.com.
yahoo.bz. 3600 IN NS dns5.name-services.com.
;; ADDITIONAL SECTION:
dns1.name-services.com. 3600 IN A 69.25.142.1
dns2.name-services.com. 3600 IN A 216.52.184.230
dns3.name-services.com. 3600 IN A 63.251.92.193
dns4.name-services.com. 3600 IN A 64.74.96.242
dns5.name-services.com. 3600 IN A 70.42.37.1
;; Query time: 255 msec
;; SERVER: 69.25.142.1#53(69.25.142.1)
;; WHEN: Tue Sep 26 08:04:38 2006
;; MSG SIZE rcvd: 251
> Sep 25 21:38:51 bns named[3722]: bad referral (. !<
> freevirtualstrippers.com) from [64.255.172.57].53
This is a idiot who is trying to be lazy by only having a
"." zone and as a result is sending back answers which would
poison the cache if accepted.
freevirtualstrippers.com. 172800 IN NS redir-01.premiumtraffic.com.
freevirtualstrippers.com. 172800 IN NS redir-02.premiumtraffic.com.
;; Received 135 bytes from 192.31.80.30#53(D.GTLD-SERVERS.NET) in 489 ms
freevirtualstrippers.com. 300 IN A 64.255.172.50
. 300 IN NS redir-02.premiumtraffic.com.
. 300 IN NS redir-01.premiumtraffic.com.
;; Received 149 bytes from 64.255.172.58#53(redir-02.premiumtraffic.com) in 169 ms
> Sep 25 21:38:51 bns named[3722]: bad referral (. !<
> freevirtualstrippers.com) from [64.255.172.57].53
> Sep 25 21:38:51 bns named[3722]: bad referral (. !< alsafidanone.com)
> from [64.20.49.218].53
> Sep 25 21:38:52 bns named[3722]: bad referral (181.24.in-addr.arpa !<
> 115.181.24.in-addr.arpa) from [66.168.240.37].53
> Sep 25 21:38:52 bns last message repeated 2 times
> Sep 25 21:38:56 bns named[3722]: bad referral (. !< www-mailserver.com)
> from [64.20.39.26].53
> Sep 25 21:39:04 bns named[3722]: bad referral (231.61.in-addr.arpa !<
> 44.231.61.in-addr.arpa) from [168.95.1.14].53
> Sep 25 21:39:04 bns named[3722]: bad referral (231.61.in-addr.arpa !<
> 44.231.61.in-addr.arpa) from [168.95.1.14].53
> Sep 25 21:39:07 bns named[3722]: bad referral (. !< nokiacastle.NET)
> from [64.20.41.162].53
>
> one of the domains that failed on the caching server was www.6rb1.net
> and again it started working fine after restarting the named daemon.
Yet another hoster that has a "glue-only" delgation.
6rb1.net. 172800 IN NS ns1.whostw.com.
6rb1.net. 172800 IN NS ns2.whostw.com.
; <<>> DiG 9.3.2-P1 <<>> ns1.whostw.com @72.232.224.75
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30114
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.whostw.com. IN A
;; AUTHORITY SECTION:
whostw.com. 86400 IN SOA ns1.filmahost.com. support.filmahosting.com. 2006092302 86400 7200 3600000 86400
;; Query time: 196 msec
;; SERVER: 72.232.224.75#53(72.232.224.75)
;; WHEN: Tue Sep 26 08:29:53 2006
;; MSG SIZE rcvd: 103
> > BIND-9.3 is IPv6 aware, again as Mark identified. If there is a
> > problem with how your setup, either servers or network, deal with
> > IPv6 then there could obviously be a problem. If the problem lies
> > with your handling of IPv6, have you considered using the "-4" option
> > to "named" to force IPv4 only handling of DNS?
> I currently don't have IPv6 implemented, but how can I use the "-4"
> option?
"named -4 <rest of the usual arguements to named>"
>
> Thank you
>
>
--
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP. Email training at isc.org.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list