Recursive DNS problem
Torinthiel
torinthiel at data.pl
Thu Jan 27 10:08:07 UTC 2011
Dnia 2011-01-27 17:38 bangla desh napisał(a):
>
>Hello all,
>
>I am running Bind 9.7.1-p2 as recursive dns. I encountered this problem
with
>the domain hsbc.com.bd. When I dig hsbc.com.bd, it gives me a connection
>timed out response.
>
[cut]
>
>I digged further about the problem as to what causes it. I found out that
if
>I clear the cache and then dig first the ns record(s) of com.bd, before I
>dig hsbc.com.bd, I will be able to replicate the problem.
can't reproduce it here, works for me when I try stright hsbc.com.bd, or dig
ns com.bd beforehand, or dig both ns bd and com.bd.
>
>What bothered me is what is in com.bd that blocks the response from
>hsbc.com.bd? Please I need your inputs.
One thing for sure. It has only one nameserver. This is plainly wrong, each
domain should have at least 2 (and SLD like this one even more).
does it work when you type
dig ns hsbc.com.bd @ns.com.bd
because that's what fails for me.
And there's more:
$ dig ns com.bd @dns.bd
; <<>> DiG 9.7.1 <<>> ns com.bd @dns.bd
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57519
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;com.bd. IN NS
;; ANSWER SECTION:
com.bd. 86400 IN NS ns.com.bd.
;; ADDITIONAL SECTION:
ns.com.bd. 86400 IN A 203.112.194.18
;; Query time: 368 msec
;; SERVER: 209.58.24.3#53(209.58.24.3)
;; WHEN: Thu Jan 27 11:00:46 2011
;; MSG SIZE rcvd: 57
$ dig ns hsbc.com.bd @dns.bd
; <<>> DiG 9.7.1 <<>> ns hsbc.com.bd @dns.bd
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2379
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;hsbc.com.bd. IN NS
;; AUTHORITY SECTION:
hsbc.com.bd. 86400 IN NS ns11.hsbc.com.hk.
hsbc.com.bd. 86400 IN NS ns13.hsbc.com.hk.
hsbc.com.bd. 86400 IN NS ns1.hsbc.com.sg.
;; Query time: 368 msec
;; SERVER: 209.58.24.3#53(209.58.24.3)
;; WHEN: Thu Jan 27 11:01:07 2011
;; MSG SIZE rcvd: 107
Which means that DNS server for .bd domain (at leas one of them) returns
answer for ns for .com.bd (ok, it is a delegation probably), but also a
(non-authorative) answer for hsbc.com.bd. This is a bit strange, it doesn't
provide recursive queries, it has delegation for com.bd, but it's still
willing to return deeper answers.
Now, what happens when you have clear cache is that it asks dns.bd for
reference and gets hsbc records. But if you have NS com.bd in your cache,
bind probably assumes (and quite correclty) that it shoud ask com.bd
nameservers, not the bd. ones. But com.bd ones don't provide an answer, so
you have timeout.
Looks like the com.bd zone is broken somewhat. either the delegation should
be removed from bd, or the server needs fixing and adding another servers is
necessary.
Torinthiel
More information about the bind-users
mailing list