No such Name, and 5second dns delay.

Mon Mar 1 00:16:48 UTC 2010

In article <mailman.669.1267394240.21153.bind-users at lists.isc.org>,
 Tory M Blue <tmblue at gmail.com> wrote:

> On Sun, Feb 28, 2010 at 8:36 AM, Barry Margolin <barmar at alum.mit.edu> wrote:
> > In article <mailman.666.1267335206.21153.bind-users at lists.isc.org>,
> > ÝTory M Blue <tmblue at gmail.com> wrote:
> >
> >> I've running into some issues and trying to diagnose, so maybe folks
> >> on here can help me with steps to troubleshoot.
> >>
> >> Bind 9.6.1-P1
> >> Fedora Core
> >>
> >> What I am experiencing and led to my investigation is a random 5
> >> second delay in name resolution. Now I know that nslookup/dig resolver
> >> has a default 5 second retry, if it doesn't get an answer it will try
> >> the second server listed in the resolv.conf.. So I sort of could
> >> explain the 5 second delay, didn't understand why it was happening,
> >> but felt I was getting closer.
> >>
> >> So then I started running some network traces (which takes some time,
> >> as the 5 second delay is very random}, however being patient and
> >> running enough "time dig host +trace" revealed a few 5 second delays,
> >> for the most part they are all low ms (as I expect), but a couple were
> >> 5 second.
> >>
> >> The delay occurs in the upper part of dig. (although interesting
> >> enough not one section shows more than say 175ms, ever).
> >>
> >> [tblue at w05 ~]$ time dig apps.domain.com +trace +stats
> >>
> >> ; <<>> DiG 9.3.2 <<>> apps.domain.com +trace +stats
> >> ;; global options: Ýprintcmd
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝC.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝJ.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝB.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝL.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝD.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝI.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝF.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝG.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝM.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝK.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝA.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝH.ROOT-SERVERS.NET.
> >> . Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý 317993 ÝIN Ý Ý ÝNS Ý Ý ÝE.ROOT-SERVERS.NET.
> >>
> >> <<<<PAUSES HERE>>>>>
> >
> > I think it's trying to do a reverse lookup of 216.249.24.15 to display
> > the server name in the message below. ÝThis isn't part of the actual
> > resolution of apps.domain.com, just part of +stats. ÝSo it may not be
> > related to your original problem.
> >
> >> ;; Query time: 1 msec
> >> ;; SERVER: 0.0.0.15#53(216.249.24.15)
> >> ;; WHEN: Sat Feb 27 21:25:21 2010
> >> ;; MSG SIZE Ýrcvd: 500
> >>
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝH.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝM.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝI.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝF.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝK.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝL.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝE.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝJ.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝD.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝG.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝB.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝA.GTLD-SERVERS.net.
> >> net. Ý Ý Ý Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý ÝC.GTLD-SERVERS.net.
> >> ;; Query time: 14 msec
> >> ;; SERVER: 192.33.4.12#53(C.ROOT-SERVERS.NET)
> >> ;; WHEN: Sat Feb 27 21:25:21 2010
> >> ;; MSG SIZE Ýrcvd: 505
> >>
> >> domain.com. Ý Ý Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý Ýns1.domain.com.
> >> domain.com. Ý Ý Ý Ý Ý172800 ÝIN Ý Ý ÝNS Ý Ý Ýns2.domain.com.
> >> ;; Query time: 54 msec
> >> ;; SERVER: 192.55.83.30#53(M.GTLD-SERVERS.net)
> >> ;; WHEN: Sat Feb 27 21:25:26 2010
> >> ;; MSG SIZE Ýrcvd: 104
> >>
> >> apps.domain.com. Ý Ý 300 Ý Ý IN Ý Ý ÝA Ý Ý Ý 216.249.24.50
> >> domain.com. Ý Ý Ý Ý Ý86400 Ý IN Ý Ý ÝNS Ý Ý Ýns2.domain.com.
> >> domain.com. Ý Ý Ý Ý Ý86400 Ý IN Ý Ý ÝNS Ý Ý Ýns1.domain.com.
> >> ;; Query time: 0 msec
> >> ;; SERVER: 0.0.0.15#53(ns1.domain.com)
> >> ;; WHEN: Sat Feb 27 21:25:26 2010
> >> ;; MSG SIZE Ýrcvd: 120
> >>
> >>
> >> real Ý Ý0m5.090s
> >> user Ý Ý0m0.004s
> >> sys Ý Ý 0m0.004s
> >>
> >> So since I finally caught one of these in the wild, I could look at
> >> the network trace. I was caught off guard when I saw "No such Name"
> >> "Flags: 0x8483 (Standard query response, No such name)"
> >
> > It would help if you told us WHICH query elicited this response.
> 
> Thanks for the info.
> 
> the query was a standard A record, it came with the same command ;
> time dig apps.domain.com +trace.

There are probably at least a half dozen queries that occur in 
performing that command.  Which of these resulted in the "No such name" 
response?

What was in the Question section of that response, i.e. specifically 
which name did it say doesn't exist?

> 
> the 5 second delay is just really odd and trying to run it down. Is
> there more debug type logs I could turn on that would yield more
> information?

The packet capture should provide the detailed information.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***