NOAA.GOV domain not working
Levesque, Ricky (SNB)
ricky.levesque at snb.ca
Mon Sep 18 12:03:38 UTC 2017
Good day,
I've been having an interesting issue with BIND and wondering if anyone has had this before or knows how to fix it.
The issue is,
I have 2 recursive/caching DNS servers running BIND 9.9.4-RedHat-9.9.4-51.el7, which are slow to query for this particular domain.
Noaa.gov (as well as its sub domains. Specifically - www.nhc.noaa.gov<http://www.nhc.noaa.gov> )
By slow I mean, it takes approximately 3500ms to query while most other domains take less than 100ms to query.
What's worst, the domains (noaa.gov) becomes unqueriable after a few hours or a day and I need to clear the DNS servers cache to allow it to work again.
The domains have very very low TTL's (30s) and use DNSsec
Error:
##dig www.nhc.noaa.gov
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52364
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 3, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.nhc.noaa.gov. IN A
Fixes I have attempted so far:
Reboot servers (2 centos servers running on vmware)
Update system
Try a default config file
Updated vmware tools
Clear DNS cache (temporary fix)
Checked firewall for abnormal data
Updated root hints
Config:
acl internal {
*removed*;
localhost;
};
options {
listen-on port 53 { *removed*;
127.0.0.1;
;
};
listen-on-v6 port 53 { none;
#::1;
};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
// Conform to RFC1035
auth-nxdomain no;
// Allowed Port Ranges
use-v4-udp-ports { range 32768 65535; };
use-v6-udp-ports { range 32768 65535; };
recursive-clients 15000;
server-id none;
version none;
interface-interval 0;
allow-query { internal;
};
allow-recursion { internal;
};
max-ncache-ttl 3600;
allow-query-cache { internal;
};
};
logging {
channel default_debug {
syslog local4;
severity debug;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170918/12c8d3ae/attachment.html>
More information about the bind-users
mailing list