BIND does not answer

Barry Margolin barmar at alum.mit.edu
Wed Oct 24 15:44:42 UTC 2012 

In article <mailman.499.1351038242.11945.bind-users at lists.isc.org>,
 Christian Tardif <christian.tardif at servinfo.ca> wrote:

> SiteA is a recursive name server. I've been able to prove that it does 
> not behave correctly under certain circumstances by hitting it with a 
> simple request: asking it to give me NS records for a certain subdomain 
> for which it's primary for the base domain (dig @SiteA NS 
> sub.domain.tld, SiteA being authoritative for domain.tld). It just times 
> out. There are glue records on SiteA for the sub.domain.tld master 
> BIND). In order to try to figure out what was going on, I try, directly 
> from SiterA, to send a request, as a client, directly to the master of 
> sub.domain.tld. Times out again. At this moment, I can't tell which 
> server is faulty. But I ge the same behaviour trying to get an answer 
> from a completely different server (SiteB). In that case as well, no 
> answer. But still starting from SiteA.

How is that a "completely different server"? Did you mean SiteC?

> I then tried to get a response for the request I made from SiteA to 
> SiteB (as I control both), but this time, starting for my third 
> environment. Then, SiteB answers to my request. So SiteB looks like it's 
> working. But how come it does not answer my request from SiteA?  From 
> BIND logs on siteB, there's no trace of SiteA-to-SiteB' request. In 
> order to prove that my UDP packets actually reaches their destination, 
> and are not modified during transit, I opened a tcpdump session on SiteA 
> and on SiteB. Packets come through in good shape, but didn't find their 
> way to BIND application, as it seems. In my opinion, SiteB is not part 
> of the problem, as it answers normally to every other it receives from 
> anywhere else than SiteA. If I try again SiteA-to-SiteB request, I can 
> see with TCPDUMP that packets gets out of SiteA, and enters SiteB. But 
> BIND doesn't react. Even if I try to enable debugging on SiteB, I don't 
> see anything.

If tcpdump says the packets are arriving, but BIND doesn't see it, my 
guess would be a packet filter on B.  I assume tcpdump gets to see 
packets before they go through the filter.

-- 
Barry Margolin
Arlington, MA

More information about the bind-users mailing list