Bind 9.4.2 not resolving one domain

Chris Buxton cbuxton at menandmice.com
Thu Sep 4 14:37:06 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There are other known examples. One that springs to mind is:

www.microsoft.com.	3063	IN	CNAME	toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 58	IN	CNAME	g.www.ms.akadns.net.
g.www.ms.akadns.net.	58	IN	CNAME	lb1.www.ms.akadns.net.
lb1.www.ms.akadns.net.	58	IN	A	65.55.11.222
lb1.www.ms.akadns.net.	58	IN	A	207.46.19.190
lb1.www.ms.akadns.net.	58	IN	A	207.46.19.254
lb1.www.ms.akadns.net.	58	IN	A	207.46.193.254
lb1.www.ms.akadns.net.	58	IN	A	65.55.21.250
lb1.www.ms.akadns.net.	58	IN	A	207.46.192.254

However, this is still only two main lookup chains, instead of three  
like www.yahoo.com.ar. I count around 8 lookups (minimum) to get this  
answer when starting with an empty cache.

I would be more inclined to suspect network connectivity problems with  
the lookup you're having problems with. With that many lookups, each  
one needs to complete in a reasonable amount of time - 50 ms on  
average, or thereabouts, to complete the whole thing in 5 seconds. How  
is your connection to the various servers involved? These are the  
servers authoritative for:

.
ar.
com.ar.
yahoo.com.ar.
com.
yahoo.com.
g1.b.yahoo.com.
a1.b.yahoo.com.

Note that yahoo.com.ar and yahoo.com are served by the same servers.  
Also, the last item is hosted on a subset of the same servers as the  
next-to-last item.

Chris Buxton
Professional Services
Men & Mice

On Sep 4, 2008, at 4:54 AM, caio wrote:

> Chris Buxton escribió:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> That still sounds like a performance problem, as Kevin hinted.
>>
>> In this case, the qname is an alias of an alias (bad, but not  
>> uncommon),
>> and all three names are in different zones.
>>
>> www.yahoo.com.ar.    1800    IN    CNAME    hp2.latam.g1.b.yahoo.com.
>> hp2.latam.g1.b.yahoo.com. 300    IN    CNAME
>> us.hp2.latam.a1.b.yahoo.com.
>> us.hp2.latam.a1.b.yahoo.com. 300 IN    A    98.136.43.19
>>
>> That's at least 9 queries if the cache is empty at the beginning,  
>> more
>> if the resolver is verifying glue records.
>>
>> What happens if you try the query again a few seconds later?
>>
>
> that's the point Chris.
> ramdomly the query is resolved OK, and doing nothing, after a while
> again the query start to fails...
> I could only discover the fail with that qname.
> just to test, do you know about another similar qname? which has  
> many cname?
>
> --
> caio
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAki/8pIACgkQ0p/8Jp6Boi2NBgCfXD7sgbydnBbAb/vk6oaa0S+N
6DcAn25rbZ1dVtWVhe4jkhS3EHIvcQEt
=sn6l
-----END PGP SIGNATURE-----

More information about the bind-users mailing list