Strange failure with recursive zen.spamhaus.org NS query
Simeon Miteff
simeon.miteff at uct.ac.za
Fri Feb 15 13:18:25 UTC 2008
Hi All
Some of our users are reporting that our bind9 caching nameservers are
failing to resolve certain DNS records (especially NS records for
zen.spamhaus.org).
I found a similar problem reported on this list from August last year:
http://marc.info/?l=bind-users&m=118714610726126&w=4
When I followed Mark's advice and did some packet dumps, I discovered
that bind is receiving a response from one of the spamhaus.org name
servers, but not sending that to the client.
I reproduced the behavior on my Debian workstation with bind 9.4.2, from
where I am able to resolve the NS records for zen.spamhaus.org using
dig, directly.
A debug log is available at:
http://filterline.its.uct.ac.za/~smiteff/bind_issues/debug_log.txt
Bind seems to receive the response at "15-Feb-2008 12:54:51.552", but
I'm unable to figure out exactly where it decides to discard it (perhaps
the 12th line from the end of the log?). I've copied the bind config
files into the same directory above.
Does anyone know what is causing this or what else I should explore?
Regards,
Simeon Miteff.
More information about the bind-users
mailing list