bind-9.8.1-P1: Recursive failed on fresh config

Drunkard Zhang gongfan193 at gmail.com
Thu Feb 2 06:48:19 UTC 2012 

www.21photo.cn resolution failed on my dns, bind returned SERVFAIL,
this is my trace using "named -u named -d 2 -g". It seems like that
bind  use IPv6 first, while there's no IPv6 configed, bind just
returns SERVFAIL, instead of resolve using IPv4 address. How can I fix
this?

02-Feb-2012 14:00:57.913 createfetch: www.21photo.cn A
02-Feb-2012 14:00:57.914 createfetch: . NS
02-Feb-2012 14:00:57.915 error (network unreachable) resolving
'./NS/IN': 2001:7fd::1#53
02-Feb-2012 14:00:57.915 error (network unreachable) resolving
'./NS/IN': 2001:503:ba3e::2:30#53
02-Feb-2012 14:00:58.652 createfetch: ns3.mrdns.net A
02-Feb-2012 14:00:58.652 createfetch: ns3.mrdns.net AAAA
02-Feb-2012 14:00:58.652 createfetch: . NS
02-Feb-2012 14:00:58.652 createfetch: ns4.mrdns.net A
02-Feb-2012 14:00:58.652 createfetch: ns4.mrdns.net AAAA
02-Feb-2012 14:00:58.848 error (network unreachable) resolving
'ns4.mrdns.net/AAAA/IN': 2001:503:a83e::2:30#53
02-Feb-2012 14:00:58.848 error (network unreachable) resolving
'ns4.mrdns.net/AAAA/IN': 2001:503:231d::2:30#53
02-Feb-2012 14:00:59.102 createfetch: ns1.1stchina.cn A
02-Feb-2012 14:00:59.102 createfetch: ns1.1stchina.cn AAAA
02-Feb-2012 14:00:59.102 createfetch: ns2.1stchina.cn A
02-Feb-2012 14:00:59.102 createfetch: ns2.1stchina.cn AAAA
02-Feb-2012 14:00:59.102 error (network unreachable) resolving
'ns1.1stchina.cn/A/IN': 2001:dc7::1#53
02-Feb-2012 14:00:59.435 client 211.161.192.157#37137: query failed
(SERVFAIL) for www.21photo.cn/IN/A at query.c:4650
02-Feb-2012 14:00:59.435 fetch completed at resolver.c:3086 for
www.21photo.cn/A in 1.521528: failure/success
[domain:21photo.cn,referral:2,restart:4,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:5,findfail:0,valfail:0]


While trace by hand works fine:
# dig www.21photo.cn +trace

; <<>> DiG 9.6-ESV-R5 <<>> www.21photo.cn +trace
;; global options: +cmd
.			3742	IN	NS	a.root-servers.net.
.			3742	IN	NS	b.root-servers.net.
.			3742	IN	NS	c.root-servers.net.
.			3742	IN	NS	d.root-servers.net.
.			3742	IN	NS	e.root-servers.net.
.			3742	IN	NS	f.root-servers.net.
.			3742	IN	NS	g.root-servers.net.
.			3742	IN	NS	h.root-servers.net.
.			3742	IN	NS	i.root-servers.net.
.			3742	IN	NS	j.root-servers.net.
.			3742	IN	NS	k.root-servers.net.
.			3742	IN	NS	l.root-servers.net.
.			3742	IN	NS	m.root-servers.net.
;; Received 492 bytes from 211.161.192.1#53(211.161.192.1) in 635 ms

cn.			172800	IN	NS	a.dns.cn.
cn.			172800	IN	NS	b.dns.cn.
cn.			172800	IN	NS	c.dns.cn.
cn.			172800	IN	NS	d.dns.cn.
cn.			172800	IN	NS	e.dns.cn.
cn.			172800	IN	NS	ns.cernet.net.
;; Received 295 bytes from 199.7.83.42#53(199.7.83.42) in 266 ms

21photo.cn.		21600	IN	NS	ns4.mrdns.net.
21photo.cn.		21600	IN	NS	ns3.mrdns.net.
;; Received 77 bytes from 203.119.29.1#53(203.119.29.1) in 396 ms

www.21photo.cn.		43200	IN	A	222.73.254.150
21photo.cn.		43200	IN	NS	ns2.1stchina.cn.
21photo.cn.		43200	IN	NS	ns1.1stchina.cn.
;; Received 125 bytes from 60.29.231.62#53(60.29.231.62) in 91 ms


And here's some trace by hand, all works fine, so I think it as bind's problem.

14:42:40 ~ $ dig +nocmd +multiline +noall +answer www.21photo.cn
14:42:42 ~ $ dig +nocmd +multiline +noall +answer a.dns.cn.
a.dns.cn.		4818 IN	A 203.119.25.1
14:42:56 ~ $ dig +nocmd +multiline +noall +answer ns3.mrdns.net. @203.119.25.1
14:43:16 ~ $ dig +nocmd +multiline +noall +answer ns3.mrdns.net.
ns3.mrdns.net.		43200 IN CNAME ns1.1stchina.cn.
ns1.1stchina.cn.	4773 IN	A 60.29.231.62
14:43:28 ~ $ dig +nocmd +multiline +noall +answer ns1.1stchina.cn.
ns1.1stchina.cn.	4740 IN	A 60.29.231.62
14:44:01 ~ $ dig +nocmd +multiline +noall +answer www.21photo.cn @60.29.231.62
www.21photo.cn.		43200 IN A 222.73.254.150
14:44:15 ~ $

Again, is there any option I can use to work around? Thanls a lot.

-- 
张绍文
gongfan193 at gmail.com
zhangsw at gwbnsh.net.cn
18601633785

More information about the bind-users mailing list