Can't resolve www.servergraph.org
Chris Buxton
cbuxton at menandmice.com
Thu Sep 13 21:09:17 UTC 2007
The glue records for the name servers (at the parent zone) do not
have matching A records in the authoritative data (in the
rocketsoftware.com zone). The CNAME record answer for those names
means that the BIND cache is left with:
servergraph.org. has NS RRSet pointing to:
dns02.rocketsoftware.com.
dns01.rocketsoftware.com.
dns01.rocketsoftware.com. has 0 A records (has CNAME record instead)
dns02.rocketsoftware.com. has 0 A records (has CNAME record instead)
Some versions of BIND 9 can't cope with this situation (BIND 8 did
not have a problem with it). There might be some obscure
configuration option you can change to fix it, but otherwise, if it's
a big problem, you could set up a stub zone pointing to their correct
IP addresses. You might also want to try contacting these people to
tell them to change their CNAME records to A records.
When we upgraded a certain government in the Persian Gulf to BIND 9,
they had similar problems because none of the local ISP's thought it
necessary to create authoritative A records to match the glue records
in the ccTLD zone. (No CNAME records in that case, either.) They were
unable to resolve names ending in .qt except for government names
(which we helped them fix) until they were able to reeducate their
local ISP's.
To test this behavior, I executed the commands below (server is BIND
9.4.1-P1). Notice that, after one successful query to the zone, the
server names have both A records and CNAME records in cache. And the
server is unable to query that zone again.
$ rndc flush
$ rndc dumpdb
$ cat named_dump.db
;
; Start view _default
;
;
; Cache dump of view '_default'
;
$DATE 20070913204242
;
; Address database dump
;
;
; Unassociated entries
;
;
; Start view _bind
;
;
; Cache dump of view '_bind'
;
$DATE 20070913204242
;
; Address database dump
;
;
; Unassociated entries
;
; Dump complete
$ dig @127.0.0.1 www.servergraph.org
; <<>> DiG 9.4.1-P1 <<>> @127.0.0.1 www.servergraph.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50987
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;www.servergraph.org. IN A
;; ANSWER SECTION:
www.servergraph.org. 300 IN A 137.134.216.11
;; AUTHORITY SECTION:
servergraph.org. 300 IN NS
rsdns01.rocketsoftware.com.
servergraph.org. 300 IN NS
rsdns02.rocketsoftware.com.
;; Query time: 375 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 13 13:43:00 2007
;; MSG SIZE rcvd: 115
$ rndc dumpdb
$ cat named_dump.db
;
; Start view _default
;
;
; Cache dump of view '_default'
;
$DATE 20070913204312
; authanswer
. 518388 IN NS A.ROOT-SERVERS.NET.
518388 IN NS B.ROOT-SERVERS.NET.
518388 IN NS C.ROOT-SERVERS.NET.
518388 IN NS D.ROOT-SERVERS.NET.
518388 IN NS E.ROOT-SERVERS.NET.
518388 IN NS F.ROOT-SERVERS.NET.
518388 IN NS G.ROOT-SERVERS.NET.
518388 IN NS H.ROOT-SERVERS.NET.
518388 IN NS I.ROOT-SERVERS.NET.
518388 IN NS J.ROOT-SERVERS.NET.
518388 IN NS K.ROOT-SERVERS.NET.
518388 IN NS L.ROOT-SERVERS.NET.
518388 IN NS M.ROOT-SERVERS.NET.
; glue
com. 172788 NS E.GTLD-SERVERS.NET.
172788 NS D.GTLD-SERVERS.NET.
172788 NS F.GTLD-SERVERS.NET.
172788 NS K.GTLD-SERVERS.NET.
172788 NS G.GTLD-SERVERS.NET.
172788 NS M.GTLD-SERVERS.NET.
172788 NS B.GTLD-SERVERS.NET.
172788 NS H.GTLD-SERVERS.NET.
172788 NS J.GTLD-SERVERS.NET.
172788 NS L.GTLD-SERVERS.NET.
172788 NS C.GTLD-SERVERS.NET.
172788 NS I.GTLD-SERVERS.NET.
172788 NS A.GTLD-SERVERS.NET.
; glue
rocketsoftware.com. 172788 NS dns01.rocketsoftware.com.
172788 NS dns02.rocketsoftware.com.
; answer
dns01.rocketsoftware.com. 172788 A 137.134.224.10
; authanswer
86388 CNAME rsdns01.rocketsoftware.com.
; answer
dns02.rocketsoftware.com. 172788 A 137.134.240.10
; authanswer
86388 CNAME rsdns02.rocketsoftware.com.
; glue
TLD5.ULTRADNS.INFO. 172788 A 192.100.59.11
; glue
A.GTLD-SERVERS.NET. 172788 A 192.5.6.30
; glue
172788 AAAA 2001:503:a83e::2:30
; glue
B.GTLD-SERVERS.NET. 172788 A 192.33.14.30
; glue
172788 AAAA 2001:503:231d::2:30
; glue
C.GTLD-SERVERS.NET. 172788 A 192.26.92.30
; glue
D.GTLD-SERVERS.NET. 172788 A 192.31.80.30
; glue
E.GTLD-SERVERS.NET. 172788 A 192.12.94.30
; glue
F.GTLD-SERVERS.NET. 172788 A 192.35.51.30
; glue
G.GTLD-SERVERS.NET. 172788 A 192.42.93.30
; glue
H.GTLD-SERVERS.NET. 172788 A 192.54.112.30
; glue
I.GTLD-SERVERS.NET. 172788 A 192.43.172.30
; glue
J.GTLD-SERVERS.NET. 172788 A 192.48.79.30
; glue
K.GTLD-SERVERS.NET. 172788 A 192.52.178.30
; glue
L.GTLD-SERVERS.NET. 172788 A 192.41.162.30
; glue
M.GTLD-SERVERS.NET. 172788 A 192.55.83.30
; additional
A.ROOT-SERVERS.NET. 604788 A 198.41.0.4
; additional
B.ROOT-SERVERS.NET. 604788 A 192.228.79.201
; additional
C.ROOT-SERVERS.NET. 604788 A 192.33.4.12
; additional
D.ROOT-SERVERS.NET. 604788 A 128.8.10.90
; additional
E.ROOT-SERVERS.NET. 604788 A 192.203.230.10
; additional
F.ROOT-SERVERS.NET. 604788 A 192.5.5.241
; additional
G.ROOT-SERVERS.NET. 604788 A 192.112.36.4
; additional
H.ROOT-SERVERS.NET. 604788 A 128.63.2.53
; additional
I.ROOT-SERVERS.NET. 604788 A 192.36.148.17
; additional
J.ROOT-SERVERS.NET. 604788 A 192.58.128.30
; additional
K.ROOT-SERVERS.NET. 604788 A 193.0.14.129
; additional
L.ROOT-SERVERS.NET. 604788 A 198.32.64.12
; additional
M.ROOT-SERVERS.NET. 604788 A 202.12.27.33
; glue
TLD1.ULTRADNS.NET. 172788 A 204.74.112.1
; glue
172788 AAAA 2001:502:d399::1
; glue
TLD2.ULTRADNS.NET. 172788 A 204.74.113.1
; glue
org. 172788 NS TLD6.ULTRADNS.CO.UK.
172788 NS TLD1.ULTRADNS.NET.
172788 NS TLD2.ULTRADNS.NET.
172788 NS TLD3.ULTRADNS.org.
172788 NS TLD4.ULTRADNS.org.
172788 NS TLD5.ULTRADNS.INFO.
; authauthority
servergraph.org. 288 NS rsdns01.rocketsoftware.com.
288 NS rsdns02.rocketsoftware.com.
; authanswer
www.servergraph.org. 288 A 137.134.216.11
; glue
TLD3.ULTRADNS.org. 172788 A 199.7.66.1
; glue
TLD4.ULTRADNS.org. 172788 A 199.7.67.1
; glue
172788 AAAA 2001:502:100e::1
; glue
TLD6.ULTRADNS.CO.UK. 172788 A 198.133.199.11
;
; Address database dump
;
; dns02.rocketsoftware.com alias rsdns02.rocketsoftware.com [target
TTL 86388] [v4 unexpected] [v6 unexpected]
; J.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 192.58.128.30 [srtt 13] [flags 00000000] [ttl 1788]
; D.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 128.8.10.90 [srtt 0] [flags 00000000] [ttl 1788]
; dns01.rocketsoftware.com [v4 TTL 86388] [v4 success] [v6 unexpected]
; 137.134.224.10 [srtt 65773] [flags 00000000] [ttl 1788]
; dns01.rocketsoftware.com alias rsdns01.rocketsoftware.com [v4 TTL
86388] [target TTL 86388] [v4 success] [v6 unexpected]
; 137.134.224.10 [srtt 65773] [flags 00000000] [ttl 1788]
; I.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 192.36.148.17 [srtt 12] [flags 00000000] [ttl 1788]
; C.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 192.33.4.12 [srtt 24] [flags 00000000] [ttl 1788]
; H.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 128.63.2.53 [srtt 14] [flags 00000000] [ttl 1788]
; B.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 128.9.0.107 [srtt 21] [flags 00000000] [ttl 1788]
; M.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 202.12.27.33 [srtt 22] [flags 00000000] [ttl 1788]
; G.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 192.112.36.4 [srtt 17] [flags 00000000] [ttl 1788]
; A.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 198.41.0.4 [srtt 6] [flags 00000000] [ttl 1788]
; L.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 198.32.64.12 [srtt 24] [flags 00000000] [ttl 1788]
; F.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 192.5.5.241 [srtt 56634] [flags 00000000] [ttl 1788]
; K.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 193.0.14.129 [srtt 8] [flags 00000000] [ttl 1788]
; E.ROOT-SERVERS.NET [v4 TTL 86388] [v4 success] [v6 unexpected]
; 192.203.230.10 [srtt 87672] [flags 00000000] [ttl 1788]
;
; Unassociated entries
;
; 192.54.112.30 [srtt 27] [flags 00000000] [ttl 1788]
; 192.55.83.30 [srtt 0] [flags 00000000] [ttl 1788]
; 192.42.93.30 [srtt 19] [flags 00000000] [ttl 1788]
; 2001:502:100e::1 [srtt 20] [flags 00000000] [ttl 1788]
; 2001:503:a83e::2:30 [srtt 9] [flags 00000000] [ttl 1788]
; 192.43.172.30 [srtt 7] [flags 00000000] [ttl 1788]
; 192.52.178.30 [srtt 23] [flags 00000000] [ttl 1788]
; 192.5.6.30 [srtt 24] [flags 00000000] [ttl 1788]
; 192.48.79.30 [srtt 1] [flags 00000000] [ttl 1788]
; 137.134.240.10 [srtt 29] [flags 00000000] [ttl 1788]
; 198.133.199.11 [srtt 31] [flags 00000000] [ttl 1788]
; 204.74.112.1 [srtt 23] [flags 00000000] [ttl 1788]
; 192.33.14.30 [srtt 2] [flags 00000000] [ttl 1788]
; 2001:503:231d::2:30 [srtt 7] [flags 00000000] [ttl 1788]
; 192.31.80.30 [srtt 10] [flags 00000000] [ttl 1788]
; 199.7.66.1 [srtt 19] [flags 00000000] [ttl 1788]
; 192.100.59.11 [srtt 5011] [flags 00000000] [ttl 1788]
; 2001:502:d399::1 [srtt 200000] [flags 00000000] [ttl 1788]
; 204.74.113.1 [srtt 26] [flags 00000000] [ttl 1788]
; 192.26.92.30 [srtt 27] [flags 00000000] [ttl 1788]
; 192.12.94.30 [srtt 27] [flags 00000000] [ttl 1788]
; 199.7.67.1 [srtt 21] [flags 00000000] [ttl 1788]
; 192.41.162.30 [srtt 17] [flags 00000000] [ttl 1788]
; 192.35.51.30 [srtt 24185] [flags 00000000] [ttl 1788]
;
; Start view _bind
;
;
; Cache dump of view '_bind'
;
$DATE 20070913204312
;
; Address database dump
;
;
; Unassociated entries
;
; Dump complete
$ dig @127.0.0.1 mx servergraph.org
; <<>> DiG 9.4.1-P1 <<>> @127.0.0.1 mx servergraph.org
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
$ dig @127.0.0.1 mx servergraph.org
; <<>> DiG 9.4.1-P1 <<>> @127.0.0.1 mx servergraph.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48717
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;servergraph.org. IN MX
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 13 13:50:04 2007
;; MSG SIZE rcvd: 33
Chris Buxton
Men & Mice
On Sep 13, 2007, at 1:25 PM, John Wobus wrote:
> Hello,
>
> Our caching DNS (bind9) servers, e.g. bigred.cit.cornell.edu, will not
> resolve www.servergraph.org. Some other open dns servers (which I
> shall not name) do not have this problem. You will have my thanks if
> you can explain what is preventing our bind9 from caching the name.
> I've appended some dig commands, below.
>
> John Wobus
> Cornell U
>
> ==========Our nameserver:
>> ./named -v
> BIND 9.3.3rc2
>
>
>
>
>
> ==========Querying the nameserver:
>
>
> $ dig www.servergraph.org
>
> ; <<>> DiG 9.3.4 <<>> www.servergraph.org
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16816
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.servergraph.org. IN A
>
> ;; Query time: 10 msec
> ;; SERVER: 128.253.180.2#53(128.253.180.2)
> ;; WHEN: Thu Sep 13 16:12:52 2007
> ;; MSG SIZE rcvd: 37
>
>
>
> ==========Misc dig commands to inspect the delegation:
>
>
> $ dig +trace www.servergraph.org
>
> ; <<>> DiG 9.3.4 <<>> +trace www.servergraph.org
> ;; global options: printcmd
> . 332266 IN NS D.ROOT-SERVERS.NET.
> . 332266 IN NS E.ROOT-SERVERS.NET.
> . 332266 IN NS F.ROOT-SERVERS.NET.
> . 332266 IN NS G.ROOT-SERVERS.NET.
> . 332266 IN NS H.ROOT-SERVERS.NET.
> . 332266 IN NS I.ROOT-SERVERS.NET.
> . 332266 IN NS J.ROOT-SERVERS.NET.
> . 332266 IN NS K.ROOT-SERVERS.NET.
> . 332266 IN NS L.ROOT-SERVERS.NET.
> . 332266 IN NS M.ROOT-SERVERS.NET.
> . 332266 IN NS A.ROOT-SERVERS.NET.
> . 332266 IN NS B.ROOT-SERVERS.NET.
> . 332266 IN NS C.ROOT-SERVERS.NET.
> ;; Received 436 bytes from 128.253.180.2#53(128.253.180.2) in 19 ms
>
> org. 172800 IN NS TLD4.ULTRADNS.org.
> org. 172800 IN NS TLD5.ULTRADNS.INFO.
> org. 172800 IN NS TLD6.ULTRADNS.CO.UK.
> org. 172800 IN NS TLD1.ULTRADNS.NET.
> org. 172800 IN NS TLD2.ULTRADNS.NET.
> org. 172800 IN NS TLD3.ULTRADNS.org.
> ;; Received 351 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 23 ms
>
> servergraph.org. 86400 IN NS
> dns02.rocketsoftware.com.
> servergraph.org. 86400 IN NS
> dns01.rocketsoftware.com.
> ;; Received 95 bytes from 192.100.59.11#53(TLD5.ULTRADNS.INFO) in
> 17 ms
>
> dig: couldn't get address for 'dns02.rocketsoftware.com': not found
>
>
>
>
> $ dig dns02.rocketsoftware.com
>
> ; <<>> DiG 9.3.4 <<>> dns02.rocketsoftware.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32499
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;dns02.rocketsoftware.com. IN A
>
> ;; Query time: 10 msec
> ;; SERVER: 128.253.180.2#53(128.253.180.2)
> ;; WHEN: Thu Sep 13 16:13:29 2007
> ;; MSG SIZE rcvd: 42
>
>
>
>
>
> $ dig +trace dns02.rocketsoftware.com
>
> ; <<>> DiG 9.3.4 <<>> +trace dns02.rocketsoftware.com
> ;; global options: printcmd
> . 332232 IN NS H.ROOT-SERVERS.NET.
> . 332232 IN NS I.ROOT-SERVERS.NET.
> . 332232 IN NS J.ROOT-SERVERS.NET.
> . 332232 IN NS K.ROOT-SERVERS.NET.
> . 332232 IN NS L.ROOT-SERVERS.NET.
> . 332232 IN NS M.ROOT-SERVERS.NET.
> . 332232 IN NS A.ROOT-SERVERS.NET.
> . 332232 IN NS B.ROOT-SERVERS.NET.
> . 332232 IN NS C.ROOT-SERVERS.NET.
> . 332232 IN NS D.ROOT-SERVERS.NET.
> . 332232 IN NS E.ROOT-SERVERS.NET.
> . 332232 IN NS F.ROOT-SERVERS.NET.
> . 332232 IN NS G.ROOT-SERVERS.NET.
> ;; Received 436 bytes from 128.253.180.2#53(128.253.180.2) in 17 ms
>
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS b.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS j.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> ;; Received 502 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 75 ms
>
> dns02.rocketsoftware.com. 172800 IN A 137.134.240.10
> rocketsoftware.com. 172800 IN NS
> dns01.rocketsoftware.com.
> rocketsoftware.com. 172800 IN NS
> dns02.rocketsoftware.com.
> ;; Received 124 bytes from 192.26.92.30#53(c.gtld-servers.net) in
> 22 ms
>
>
>
>
>
> $ dig dns02.rocketsoftware.com @137.134.240.10
>
> ; <<>> DiG 9.3.4 <<>> dns02.rocketsoftware.com @137.134.240.10
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48735
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2,
> ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;dns02.rocketsoftware.com. IN A
>
> ;; ANSWER SECTION:
> dns02.rocketsoftware.com. 86400 IN CNAME
> rsdns02.rocketsoftware.com.
> rsdns02.rocketsoftware.com. 86400 IN A 137.134.240.10
>
> ;; AUTHORITY SECTION:
> rocketsoftware.com. 86400 IN NS
> rsdns01.rocketsoftware.com.
> rocketsoftware.com. 86400 IN NS
> rsdns02.rocketsoftware.com.
>
> ;; ADDITIONAL SECTION:
> rsdns01.rocketsoftware.com. 86400 IN A 137.134.224.10
> rsdns02.rocketsoftware.com. 86400 IN A 137.134.240.10
>
> ;; Query time: 38 msec
> ;; SERVER: 137.134.240.10#53(137.134.240.10)
> ;; WHEN: Thu Sep 13 16:14:30 2007
> ;; MSG SIZE rcvd: 148
>
>
>
> ==========dig command to see if the authoritative data is there for
> the
> original name:
>
> $ dig +norecurse www.servergraph.org @137.134.240.10
>
> ; <<>> DiG 9.3.4 <<>> +norecurse www.servergraph.org @137.134.240.10
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40697
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;www.servergraph.org. IN A
>
> ;; ANSWER SECTION:
> www.servergraph.org. 300 IN A 137.134.216.11
>
> ;; AUTHORITY SECTION:
> servergraph.org. 300 IN NS
> rsdns01.rocketsoftware.com.
> servergraph.org. 300 IN NS
> rsdns02.rocketsoftware.com.
>
> ;; ADDITIONAL SECTION:
> rsdns01.rocketsoftware.com. 86400 IN A 137.134.224.10
> rsdns02.rocketsoftware.com. 86400 IN A 137.134.240.10
>
> ;; Query time: 38 msec
> ;; SERVER: 137.134.240.10#53(137.134.240.10)
> ;; WHEN: Thu Sep 13 16:19:58 2007
> ;; MSG SIZE rcvd: 147
>
>
More information about the bind-users
mailing list