DNS "chicken-and-egg" Problem

bsfinkel at anl.gov bsfinkel at anl.gov
Mon Nov 3 16:38:46 UTC 2008 

(Note that I am not including my original posting; it is available in
the list archves.)

JINMEI Tatuya replied, to my posting, in part:

>As I said in my previous response, I believe the right question is why
>some of the servers (sometimes?) return SERVFAIL.  Cache entries can
>be purged for various reasons especially in a busy server, so it's not
>always easy to identify the reason, and it may not necessarily be
>useful to solve the actual problem.
>
>To debug the SERVFAIL problem, I suggest raising logging level of the
>'resolver' category to 'debug 3' while you are seeing the SERVFAILs.
>This will produce detailed trace logs of recursive resolution, and
>will help identify how the query fails.  The log output will be noisy
>on a busy server, so you may not want to keep it on after the
>debugging session.
>
>We also have an informal (unreleased) patch to provide detailed logs
>to identify SERVFAIL causes.  If you're willing to test the informal
>patch, I'll send it to you.

I do not want to install the informal patch, so I will wait until the
code is changed in a future release.  As I replied to someone privately
last Friday, my problem with igpp.ucla.edu arises because of three
things that are happening at the same time:

     1) The subdomain has only one NS (non RFC-compliant);
     2) That NS is named the same as the subdomain;
     3) The parent domain does not slave the subdomain.

As the IGPP folks do not want their zone slaved on the parent UCLA
DNS servers, I will not work more on this problem.  If they want only
one DNS server, and some versions of BIND cannot find the "A" record
for the domain, then it is an IGPP problem that mail from/to them may
be undeliverable.


Chris Thompson <cet1 at cam.ac.uk> replied:

> No, you are *not* getting an "answer". You are getting a referral.

My error.  I should have written, "I am getting a response".


"D. Stussy" <spam at bde-arc.ampr.org> replied, in part:

>It works for me (using a different version of BIND not 9.5.0):
>
>; <<>> DiG 9.5.1b1 <<>> igpp.ucla.edu a +trace
>
>Therefore, change your version (upgrade).

I am not sure if the change is in

      9.5.0-P2 --> 9.5.1

or if it is in

      9.5.0-P2 --> 9.5.1b1

(I need to check the CHANGES file).  I do not want to update to a
beta release, and I might not want to update to 9.5.1 just to fix this
one igpp.ucla.edu problem, which is really an IGPP problem, as I wrote
above.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list