Name resolution fails if not forwarding
Kevin Darcy
kcd at chrysler.com
Tue Jan 8 17:44:03 UTC 2013
On 1/8/2013 9:35 AM, Daniele wrote:
> If I use BIND9 forwarding all the queries not belonging to my local
> zones, it works.
>
> But if I don't forward those queries, `dig` sometimes (and this is
> weird) fails (with "connection timed out; no servers could be
> reached") and the logs are full of "lame server", "FORMERR".
>
> Why?
My guess is that your nameserver is having so much trouble resolving
Internet names that it's thrashing and this is causing intermittent
slowdowns/failures resolving even names from local zones.
You might be able to confirm or deny this speculation by looking at how
many concurrent recursive clients you have (e.g. through rndc).
If confirmed, this leads to the bigger question of why you're having
trouble resolving Internet names. "Lame server" is almost certainly a
problem with the remote nameserver and/or the delegation to that
nameserver, rather than your nameserver or anything in between. FORMERR,
on the other hand, might be caused if some intermediate device is
mangling your packets. Personally, I'd do a packet capture at various
points in the path and analyze the results. Improper handling of EDNS0
frequently leads to these types of symptoms.
- Kevin
More information about the bind-users
mailing list