AAAA type query invalidates A records in name server cache

Tim Maestas t.maestas at comcast.net
Tue Jul 19 17:03:44 UTC 2011 

This is because Dell has incorrectly configured their F5 GTM load
balancers to return NXDOMAIN on a AAAA query instead of NOERROR (this
is configurable on a per-wideip basis in the GTM configuration - at
least in present versions.  In earlier versions you had to ensure that
you had a record of some type matching the wideip name in the BIND
configuration so that when the GTM passed the query back to BIND it
would return NOERROR).

-Tim


On Tue, Jul 19, 2011 at 7:58 AM, mailsecurity
<mailsecurity at rothschildbank.com> wrote:
> All,
>
> anyone experiencing the same behavior?
>
> Seen on
>
> BIND 9.5.2-P2 and BIND 9.8.0-P4
>
>
>
> ns11:~ # nslookup -querytype=A xserv.ins.dell.com.
>
> …..
>
> Non-authoritative answer:
>
> Name:   xserv.ins.dell.com
>
> Address: 143.166.148.118
>
>
>
> All ok.
>
>
>
> ns11:~ # nslookup -querytype=AAAA xserv.ins.dell.com.
>
> …..
>
> ** server can't find xserv.ins.dell.com.: NXDOMAIN
>
>
>
> Now even the A queries fail.
>
> ns11:~ # nslookup -querytype=A xserv.ins.dell.com.
>
> …..
>
> ** server can't find xserv.ins.dell.com.: NXDOMAIN
>
>
>
> Keeps failing until TTL timeout or rndc flushname xserv.ins.dell.com.
>
>
>
> ns11:~ # nslookup -querytype=A xserv.ins.dell.com.
>
> …..
>
> Non-authoritative answer:
>
> Name:   xserv.ins.dell.com
>
> Address: 143.166.148.118
>
>
>
> Thanks,
>
> Patrick
>
> --
> This e-mail message and any attachments are of a confidential nature. The
> information is intended for the named addressee exclusively. If you are not
> the addressee, you may not electronically disseminate, otherwise distribute
> or copy this e-mail message, and you may also not use it for any purpose.
> Please notify the sender immediately if you have received this e-mail
> message by mistake, and delete this e-mail message and its attachments.
> E-mail transmissions could be lost, intercepted, corrupted or destroyed.
> They could arrive late or incomplete, or could even contain viruses.
> Confidentiality and reliability of the information so transmitted cannot be
> guaranteed. Rothschild Bank therefore does not accept any liability or
> responsibility for errors or omissions regarding the information transmitted
> through e-mail.
> If verification of the information transmitted through e-mail is required,
> please ask for postal delivery by contacting Rothschild Bank.
> This e-mail message is provided for information purposes only. It should not
> be construed as an offer or solicitation to buy or sell any financial
> instruments or services. It is not to be made available to US persons and is
> not to be circulated within the USA.
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list