Strange CNAME issue
seren
seren at mellmo.com
Wed Jan 20 04:49:38 UTC 2010
Hi, I've run into some strange issues with BIND and CNAMES. We're using BIND9 (on Ubuntu) internally and have our external DNS hosted by NetworkSolutions. Occasionally I'll be able to create a CNAME in NetworkSolutions that BIND is unable to resolve.
Using dig I notice it's doing a query for an A record, and in most cases this works even if the entry is a CNAME. In the cases where it fails, I see either a timeout error or a SERVFAIL. If I then do a dig query specifying a CNAME, I get a quick successful result and subsequent queries to BIND succeed, until the record expires from the cache.
The records that fail don't seem to have anything in common besides them all being CNAMES and longer names seeming to fail more. Both BIND9 and two windows-based DNS servers fail with the exact same records, however Google (8.8.8.8) and several other public DNS services resolve them fine.
I've been trying to figure out if this is a NetworkSolutions issue, an Amazon/UltraDNS issue, a BIND issue, or just something about DNS that I'm completely missing. If anyone has seen this or knows what is going on, I'd love to hear about it. Thanks.
Here are the test records I've created along with the whether they fail or not. The results are consistent at different times:
----------------------------------------
works a.mellmo.com 3600 IN CNAME www.networksoltions.com.
works abcd.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
works abcde.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
works abcdef.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
works abcdefg.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
works abcdefgh.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
works abcdefghi.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
works abcdefghij.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
works abcdefghijk.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
fails abcdefghijkl.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
fails abcdefghijklm.mellmo.com 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
works abcdefghijklmn.mellmo.com 3600 IN CNAME a.mellmo.com.
fails abcdefghijklmno.mellmo.com 3600 IN CNAME a.mellmo.com.
fails abcdefghijklmnop.mellmo.com 3600 IN CNAME a.mellmo.com.
fails abcdefghijklmnopq.mellmo.com 3600 IN CNAME a.mellmo.com.
fails abcdefghijklmnopqr.mellmo.com 3600 IN CNAME a.mellmo.com.
works abcdefghijklmnopqrs.mellmo.com 3600 IN CNAME www.networksolutions.com.
works abcdefghijklmnopqrst.mellmo.com 3600 IN CNAME www.networksolutions.com.
works abcdefghijklmnopqrstu.mellmo.com 3600 IN CNAME www.networksolutions.com.
----------------------------------------
Here are my results of digging one of the names, first unsuccessfully and then with the CNAME type specified:
----------------------------------------
root at monitor:~# dig @localhost abcdefghijkl.mellmo.com
; <<>> DiG 9.6.1-P2 <<>> @localhost abcdefghijkl.mellmo.com
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached
----------------------------------------
root at monitor:~# dig @localhost abcdefghijkl.mellmo.com
; <<>> DiG 9.6.1-P2 <<>> @localhost abcdefghijkl.mellmo.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55390
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;abcdefghijkl.mellmo.com. IN A
;; Query time: 889 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Jan 19 21:51:16 2010
;; MSG SIZE rcvd: 41
----------------------------------------
root at monitor:~# dig @localhost abcdefghijkl.mellmo.com CNAME
; <<>> DiG 9.6.1-P2 <<>> @localhost abcdefghijkl.mellmo.com CNAME
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6951
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;abcdefghijkl.mellmo.com. IN CNAME
;; ANSWER SECTION:
abcdefghijkl.mellmo.com. 3600 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
;; AUTHORITY SECTION:
mellmo.com. 161149 IN NS ns80.worldnic.com.
mellmo.com. 161149 IN NS ns79.worldnic.com.
;; Query time: 72 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Jan 19 21:54:17 2010
;; MSG SIZE rcvd: 141
----------------------------------------
root at monitor:~# dig @localhost abcdefghijkl.mellmo.com
; <<>> DiG 9.6.1-P2 <<>> @localhost abcdefghijkl.mellmo.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43910
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 8
;; QUESTION SECTION:
;abcdefghijkl.mellmo.com. IN A
;; ANSWER SECTION:
abcdefghijkl.mellmo.com. 3597 IN CNAME ec2-174-129-223-19.compute-1.amazonaws.com.
ec2-174-129-223-19.compute-1.amazonaws.com. 6939 IN A 174.129.223.19
;; AUTHORITY SECTION:
amazonaws.com. 78053 IN NS pdns2.ultradns.net.
amazonaws.com. 78053 IN NS pdns6.ultradns.co.uk.
amazonaws.com. 78053 IN NS pdns1.ultradns.net.
amazonaws.com. 78053 IN NS pdns4.ultradns.org.
amazonaws.com. 78053 IN NS pdns5.ultradns.info.
amazonaws.com. 78053 IN NS pdns3.ultradns.org.
;; ADDITIONAL SECTION:
pdns1.ultradns.net. 78055 IN A 204.74.108.1
pdns1.ultradns.net. 78057 IN AAAA 2001:502:f3ff::1
pdns2.ultradns.net. 164455 IN A 204.74.109.1
pdns3.ultradns.org. 78053 IN A 199.7.68.1
pdns4.ultradns.org. 78053 IN A 199.7.69.1
pdns4.ultradns.org. 78053 IN AAAA 2001:502:4612::1
pdns5.ultradns.info. 78053 IN A 204.74.114.1
pdns6.ultradns.co.uk. 78053 IN A 204.74.115.1
;; Query time: 1 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Jan 19 21:54:20 2010
;; MSG SIZE rcvd: 433
----------------------------------------
Thanks again for any insight.
-Seren
More information about the bind-users
mailing list