Akadns and Bind

Kalman Feher kalman.feher at melbourneit.com.au
Fri Feb 4 11:25:48 UTC 2011 



On 4/02/11 3:07 AM, "Tory M Blue" <tmblue at gmail.com> wrote:

> On Thu, Feb 3, 2011 at 5:23 PM, Barry Margolin <barmar at alum.mit.edu> wrote:
>> In article <mailman.1636.1296781581.555.bind-
>> SNIPPED<
>> www.yahoo.com.    300   IN CNAME fp.wg1.b.yahoo.com.
>> 
>> And even when they did, it didn't get involved until you followed the
>> CNAME returned for www.yahoo.com.  Your log message above indicates an
>> issue just with the yahoo.com domain, not resolution of the CNAME target.
>> 
>> --
> Thanks Barry so maybe I need some further education
> 
> 
> [tblue at mx3 ~]$ dig @problemserver.net  www.yahoo.com
> 
> ; <<>> DiG 9.6.2-P2-RedHat-9.6.2-5.P2.fc12 <<>> @problemserver.net
> www.yahoo.com
> ; (1 server found)
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> 
What does the log entry say for the above query? Do you reach the
problemserver from your client?
> So let's add the trace option (Same servers)
> 
> [tblue at mx3 ~]$ dig @problemserver.net  www.yahoo.com  +trace
IIRC +trace will ignore @<nameserver target> and look queries up directly to
the root on down. So you may have been mislead with the test below.
> 
> ; <<>> DiG 9.6.2-P2-RedHat-9.6.2-5.P2.fc12 <<>> @problemserver.net
> www.yahoo.com +trace
> ; (1 server found)
> ;; global options: +cmd
> .   514246 IN NS f.root-servers.net.
> .   514246 IN NS b.root-servers.net.
> .   514246 IN NS e.root-servers.net.
> .   514246 IN NS a.root-servers.net.
> .   514246 IN NS l.root-servers.net.
> .   514246 IN NS k.root-servers.net.
> .   514246 IN NS i.root-servers.net.
> .   514246 IN NS d.root-servers.net.
> .   514246 IN NS c.root-servers.net.
> .   514246 IN NS m.root-servers.net.
> .   514246 IN NS j.root-servers.net.
> .   514246 IN NS h.root-servers.net.
> .   514246 IN NS g.root-servers.net.
> ;; Received 336 bytes from 10.13.255.101#53(10.13.255.101) in 1 ms
> 
> com.   172800 IN NS a.gtld-servers.net.
> com.   172800 IN NS b.gtld-servers.net.
> com.   172800 IN NS c.gtld-servers.net.
> com.   172800 IN NS d.gtld-servers.net.
> com.   172800 IN NS e.gtld-servers.net.
> com.   172800 IN NS f.gtld-servers.net.
> com.   172800 IN NS g.gtld-servers.net.
> com.   172800 IN NS h.gtld-servers.net.
> com.   172800 IN NS i.gtld-servers.net.
> com.   172800 IN NS j.gtld-servers.net.
> com.   172800 IN NS k.gtld-servers.net.
> com.   172800 IN NS l.gtld-servers.net.
> com.   172800 IN NS m.gtld-servers.net.
> ;; Received 494 bytes from 199.7.83.42#53(l.root-servers.net) in 11 ms
> 
> yahoo.com.  172800 IN NS ns1.yahoo.com.
> yahoo.com.  172800 IN NS ns5.yahoo.com.
> yahoo.com.  172800 IN NS ns2.yahoo.com.
> yahoo.com.  172800 IN NS ns3.yahoo.com.
> yahoo.com.  172800 IN NS ns4.yahoo.com.
> ;; Received 201 bytes from 192.31.80.30#53(d.gtld-servers.net) in 55 ms
> 
> www.yahoo.com.  300 IN CNAME fp.wg1.b.yahoo.com.
> wg1.b.yahoo.com. 300 IN NS yf2.yahoo.com.
> wg1.b.yahoo.com. 300 IN NS yf4.yahoo.com.
> wg1.b.yahoo.com. 300 IN NS yf8.yahoo.com.
> wg1.b.yahoo.com. 300 IN NS yf3.yahoo.com.
> wg1.b.yahoo.com. 300 IN NS yf6.yahoo.com.
> wg1.b.yahoo.com. 300 IN NS yf5.yahoo.com.
> wg1.b.yahoo.com. 300 IN NS yf1.yahoo.com.
> wg1.b.yahoo.com. 300 IN NS yf7.yahoo.com.
> ;; Received 326 bytes from 68.180.131.16#53(ns1.yahoo.com) in 2 ms
> 
> 
> So what am I missing? No servers available and the trace shows that
> it's finding the CNAME record, but doesn't appear to be going far
> enough,
> 
> 
> Here is the second server who can resolve this. Identical
> configuration as the problem server, same network segment, behind same
> SNAT, the same..
> 
> [tblue at mx3 ~]$ dig @functioningserver.net  www.yahoo.com
> 
> ; <<>> DiG 9.6.2-P2-RedHat-9.6.2-5.P2.fc12 <<>> @functioningserver.net
> www.yahoo.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30158
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;www.yahoo.com.   IN A
> 
> ;; ANSWER SECTION:
> www.yahoo.com.  300 IN CNAME fp.wg1.b.yahoo.com.
> fp.wg1.b.yahoo.com. 3238 IN CNAME any-fp.wa1.b.yahoo.com.
> any-fp.wa1.b.yahoo.com. 60 IN A 98.137.149.56
> any-fp.wa1.b.yahoo.com. 60 IN A 72.30.2.43
> 
> ;; AUTHORITY SECTION:
> wa1.b.yahoo.com. 300 IN NS yf2.yahoo.com.
> wa1.b.yahoo.com. 300 IN NS yf1.yahoo.com.
> 
> ;; Query time: 1759 msec
> ;; SERVER: 10.13.255.102#53(10.13.255.102)
> ;; WHEN: Thu Feb  3 18:03:55 2011
> ;; MSG SIZE  rcvd: 147
That's a small message size so the EDNS entry in your earlier email may be a
red herring, but just to be sure why not try the following on the server
that fails the lookup?
dig +tcp www.yahoo.com @yf2.yahoo.com.

I'd also recommend a sanity check on your loadbalancing set up. Are both
active in the pool? Have you set up NAT out bound as well as in bound on the
VIP? Remembering that UDP can be handled differently through load balancers
than TCP.
> 
> I'm missing something I'm sure, but it's under my skin now!
> 
> Thanks again
> Tory
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Kal Feher

More information about the bind-users mailing list