Bind not returning A record
Paul Ooi Cong Jen
paulooi at takizo.com
Thu Dec 23 01:14:58 UTC 2010
On 23-Dec-2010, at 4:39 AM, Mark Andrews wrote:
>
> In message <4E9B037F-4C66-460E-B70F-5CE9619FFD5D at takizo.com>, Paul Ooi Cong Jen
> writes:
>> Hi All,
>>
>> I am having problem with Bind query, but not sure is it client error or server
>> error.
>> Below is the server details.
>>
>> Server running FreeBSD 8.1
>> Bind 9.7.0-P3
>
> Upgrade. You really don't want to be running Bind 9.7.0-P3 any more.
>
>> options {
>> query-source address * port *;
>> use-v4-udp-ports { range 2048 65535; };
>> recursive-clients 20000;
>> recursion yes;
>>
>> allow-recursion {
>> any;
>> };
>>
>> allow-query {
>> any;
>> };
>>
>> allow-transfer {
>> trusted;
>> };
>> }
>>
>> When I try to dig the domain name, received SERVFAIL status but when +trace in
>> itiate, it seem fine
>>
>> --------------
>>
>> dig @localhost www.kwsp.gov.my
>>
>> ; <<>> DiG 9.7.0-P3 <<>> @localhost www.kwsp.gov.my
>> ; (2 servers found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32501
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.kwsp.gov.my. IN A
>>
>> ;; Query time: 384 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Wed Dec 22 15:02:41 2010
>> ;; MSG SIZE rcvd: 33
>>
>> -------------------------
>>
>> -------------------------
>> dig @localhost www.kwsp.gov.my +trace
>>
>> ; <<>> DiG 9.7.0-P3 <<>> @localhost www.kwsp.gov.my +trace
>> ; (2 servers found)
>> ;; global options: +cmd
>> . 518400 IN NS k.root-servers.net.
>> . 518400 IN NS e.root-servers.net.
>> . 518400 IN NS h.root-servers.net.
>> . 518400 IN NS c.root-servers.net.
>> . 518400 IN NS m.root-servers.net.
>> . 518400 IN NS i.root-servers.net.
>> . 518400 IN NS d.root-servers.net.
>> . 518400 IN NS a.root-servers.net.
>> . 518400 IN NS l.root-servers.net.
>> . 518400 IN NS b.root-servers.net.
>> . 518400 IN NS f.root-servers.net.
>> . 518400 IN NS j.root-servers.net.
>> . 518400 IN NS g.root-servers.net.
>> ;; Received 504 bytes from 127.0.0.1#53(127.0.0.1) in 2 ms
>>
>> my. 172800 IN NS dns.mynic.net.my.
>> my. 172800 IN NS ns20.iij.ad.jp.
>> my. 172800 IN NS ns2.cuhk.edu.hk.
>> my. 172800 IN NS ns5.jaring.my.
>> my. 172800 IN NS ns6.jaring.my.
>> my. 172800 IN NS ns-my.nic.fr.
>> my. 172800 IN NS dns2.mynic.net.my.
>> ;; Received 486 bytes from 192.5.5.241#53(f.root-servers.net) in 5 ms
>>
>> gov.my. 86400 IN NS ns5.jaring.my.
>> gov.my. 86400 IN NS ns20.iij.ad.jp.
>> gov.my. 86400 IN NS ns2.cuhk.edu.hk.
>> gov.my. 86400 IN NS dns1.mynic.net.my.
>> gov.my. 86400 IN NS ns6.jaring.my.
>> ;; Received 266 bytes from 192.134.0.49#53(ns-my.nic.fr) in 351 ms
>>
>> kwsp.gov.my. 86400 IN NS harimau.skali.com.my.
>> kwsp.gov.my. 86400 IN NS rusa.skali.com.my.
>> kwsp.gov.my. 86400 IN NS ns3.pttcdc.com.my.
>> ;; Received 109 bytes from 137.189.6.21#53(ns2.cuhk.edu.hk) in 52 ms
>>
>> www.kwsp.gov.my. 43200 IN CNAME www.yu.kwsp.gov.my.
>> ;; Received 54 bytes from 202.184.117.10#53(ns3.pttcdc.com.my) in 21 ms
>> -----------------------------------------------
>>
>> If I tried to rndc flush, dig again the record return the result
>>
>> ------------------------------
>>
>> dig @localhost www.kwsp.gov.my
>>
>> ; <<>> DiG 9.7.0-P3 <<>> @localhost www.kwsp.gov.my
>> ; (2 servers found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20092
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.kwsp.gov.my. IN A
>>
>> ;; ANSWER SECTION:
>> www.kwsp.gov.my. 43186 IN CNAME www.yu.kwsp.gov.my.
>> www.yu.kwsp.gov.my. 30 IN A 202.162.21.166
>>
>> ;; AUTHORITY SECTION:
>> yu.kwsp.gov.my. 43200 IN NS ns2.yu.kwsp.gov.my.
>> yu.kwsp.gov.my. 43200 IN NS ns1.yu.kwsp.gov.my.
>>
>> ;; Query time: 829 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Wed Dec 22 15:04:55 2010
>> ;; MSG SIZE rcvd: 106
>>
>> ------------------------
>>
>>
>>> From the debug logs, we see the error message as below
>>
>> gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:38:52.845 query-errors: client 211.24.220.233#54055: query fail
>> ed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:38:52.845 query-errors: client 211.24.220.233#54023: query fail
>> ed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:40:27.940 query-errors: client 203.121.30.35#52679: query faile
>> d (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:40:27.940 query-errors: client 211.24.220.233#54143: query fail
>> ed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:43:48.202 query-errors: client 211.24.177.146#62297: query fail
>> ed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:43:48.202 query-errors: client 211.24.220.233#54459: query fail
>> ed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:43:48.202 query-errors: client 211.24.220.233#54473: query fail
>> ed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:43:48.202 query-errors: client 211.24.177.146#62297: query fail
>> ed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:44:48.290 query-errors: client 211.24.220.233#54530: query fail
>> ed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:44:48.290 query-errors: client 127.0.0.1#19009: query failed (S
>> ERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>> 22-Dec-2010 14:44:48.290 query-errors: client 211.24.220.233#54547: query fail
>> ed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
>>
>> On the other hand, we notice that the NS record seem like no DNS service runni
>> ng, could it be client side or server side problem?
>>
>> --
>> Paul Ooi
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
> The problem is that the yu.kwsp.gov.my is not set up correctly.
> After named looks up www.kwsp.gov.my and finds the CNAME pointing
> to www.yu.kwsp.gov.my it then has to lookup www.yu.kwsp.gov.my which
> is delegated to ns1.yu.kwsp.gov.my and ns2.yu.kwsp.gov.my. These
> nameservers tell the world that ns1.yu.kwsp.gov.my and ns2.yu.kwsp.gov.my
> don't exist (below) and once named learns these answers the lookups of
> www.kwsp.gov.my fail.
>
> The rndc flush helps because it clears out the negative cache entries
> saying that the name does not exist and the new lookup is still
> using the glue addresses records.
>
> The fix is for hostmaster at rjgtm.kwsp.gov.my to add the address
> records for ns1.yu.kwsp.gov.my and ns2.yu.kwsp.gov.my to the
> yu.kwsp.gov.my zone.
Thanks Mark, I shall inform the DNS admin for that domain.
Thanks everyone for the great responses.
>
> Mark
>
> ; <<>> DiG 9.6.0-APPLE-P2 <<>> ns2.yu.kwsp.gov.my @202.162.21.163
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27979
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;ns2.yu.kwsp.gov.my. IN A
>
> ;; AUTHORITY SECTION:
> yu.kwsp.gov.my. 60 IN SOA rjgtm.kwsp.gov.my. hostmaster.rjgtm.kwsp.gov.my. 12 10800 3600 604800 60
>
> ;; Query time: 359 msec
> ;; SERVER: 202.162.21.163#53(202.162.21.163)
> ;; WHEN: Thu Dec 23 07:26:56 2010
> ;; MSG SIZE rcvd: 89
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list