named resolution problem

Roberto Bosticardo rbosticardo at skylogic.it
Wed Oct 5 10:58:37 UTC 2011 

Hi all,

I have a problem with named (both bind9.3 and bind9.7) and resolution of 
"www.myspace.fr";
the problem is not present in dnscache (of djbdns suite) or asking 
resolution to google public dns (they run a Google implementation of dns 
protocol).

If you ask a resolver/cache server running named the resolution of name 
"www.myspace.fr" it returns (SERVFAIL), if you ask the same to a 
dnscache server it correctly resolves to the ip address.

The problem seems related to two CNAME resolution with tools of bind 
suite (the problem is present also with dig, I think it uses the same 
routine of named).

the answer section from a working resolver is something like:

> www.myspace.fr.         86395   IN      CNAME   wwwi.myspace.com.
> wwwi.myspace.com.       3595    IN      CNAME
> www-lb.myspaceweb.akadns.net.
> www-lb.myspaceweb.akadns.net. 30 IN     A       216.178.39.11

asking to a named resolver it seems it cannot resolve the last cname

> www.myspace.fr.         86395   IN      CNAME   wwwi.myspace.com.
> wwwi.myspace.com.       3595    IN      CNAME
> www-lb.myspaceweb.akadns.net.

Simulating the recursion, going top down from root nameservers, and 
asking as the last step the resolution of "www-lb.myspaceweb.akadns.net" 
to "ze.akadns.net" or one of the other autoritarive akadns server it 
give the correct ip address.

The path seems this:
. -> .fr. -> .myspace.fr.
autoritative for myspace.fr. are ns1.myspace.com and ns2.myspace.com
asking A records for www.myspace.fr to ns1.myspace.com it gives you the 
two CNAME
Named seems unable to resolve this CNAME.

I tried to deep debug the problem without success.

We have customers affected by this problem and we solved with the 
definition of a zone for myspace.fr that forwards to a djbdns dnscache 
server that correctly resolves; This is intended as workaround till we 
will fix the problem on named/bind.

I also suspected it was something related do EDNS0 but i quite sure this 
is not the problem because google public dns resolver implement EDNS and 
they don't have the problem.

Are your named servers affected by the same problem ?
Can you try this name resolution on your servers ?
Have you any idea on how to solve the problem ?
Have you further tests to suggest us ?

Thanx for you patience and forgive me for my bad english
Hope someone can help

Bye

More information about the bind-users mailing list