Bind 8.x intermittent resolution issues
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Oct 29 01:03:27 UTC 2002
> I am intermittently experienceing resolution issues with Bind 8.2.3 and
> 8.3.3 for particular names. With five minutes of failing for a
> non-authoritive lookup the server will be able to resolve the name again,
> with no corrective action taken. Two such domains are mail.yahoo.com and
> securityresponse.symantec.com.
These responses won't make it past a PIX firewall. When we have
traced this in the past the sites with problems have been behind
PIX firewalls. Note both answers are bigger than 512 octets as is
allowed for with EDNS0.
Mark
; <<>> DiG 9.2.2rc1 <<>> +bufsize=1024 securityresponse.symantec.com @ns1.symantec.com.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47015
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 14
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;securityresponse.symantec.com. IN A
;; ANSWER SECTION:
securityresponse.symantec.com. 21600 IN CNAME www.symantec.com.
www.symantec.com. 21600 IN CNAME www.symantec.d4p.net.
;; AUTHORITY SECTION:
. 493221 IN NS M.ROOT-SERVERS.net.
. 493221 IN NS I.ROOT-SERVERS.net.
. 493221 IN NS E.ROOT-SERVERS.net.
. 493221 IN NS D.ROOT-SERVERS.net.
. 493221 IN NS A.ROOT-SERVERS.net.
. 493221 IN NS H.ROOT-SERVERS.net.
. 493221 IN NS C.ROOT-SERVERS.net.
. 493221 IN NS G.ROOT-SERVERS.net.
. 493221 IN NS F.ROOT-SERVERS.net.
. 493221 IN NS B.ROOT-SERVERS.net.
. 493221 IN NS J.ROOT-SERVERS.net.
. 493221 IN NS K.ROOT-SERVERS.net.
. 493221 IN NS L.ROOT-SERVERS.net.
;; ADDITIONAL SECTION:
M.ROOT-SERVERS.net. 579621 IN A 202.12.27.33
I.ROOT-SERVERS.net. 579621 IN A 192.36.148.17
E.ROOT-SERVERS.net. 579621 IN A 192.203.230.10
D.ROOT-SERVERS.net. 579621 IN A 128.8.10.90
A.ROOT-SERVERS.net. 579621 IN A 198.41.0.4
H.ROOT-SERVERS.net. 579621 IN A 128.63.2.53
C.ROOT-SERVERS.net. 579621 IN A 192.33.4.12
G.ROOT-SERVERS.net. 579621 IN A 192.112.36.4
F.ROOT-SERVERS.net. 579621 IN A 192.5.5.241
B.ROOT-SERVERS.net. 579621 IN A 128.9.0.107
J.ROOT-SERVERS.net. 579621 IN A 198.41.0.10
K.ROOT-SERVERS.net. 579621 IN A 193.0.14.129
L.ROOT-SERVERS.net. 579621 IN A 198.32.64.12
;; Query time: 285 msec
;; SERVER: 198.6.49.5#53(ns1.symantec.com.)
;; WHEN: Tue Oct 29 11:53:21 2002
;; MSG SIZE rcvd: 526
; <<>> DiG 9.2.2rc1 <<>> +bufsize=1024 mail.yahoo.com @ns1.yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47896
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 14
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.yahoo.com. IN A
;; ANSWER SECTION:
mail.yahoo.com. 1800 IN CNAME login.yahoo.com.
login.yahoo.com. 1800 IN CNAME login.yahoo.akadns.net.
;; AUTHORITY SECTION:
net. 91990 IN NS A.GTLD-SERVERS.net.
net. 91990 IN NS G.GTLD-SERVERS.net.
net. 91990 IN NS H.GTLD-SERVERS.net.
net. 91990 IN NS C.GTLD-SERVERS.net.
net. 91990 IN NS I.GTLD-SERVERS.net.
net. 91990 IN NS B.GTLD-SERVERS.net.
net. 91990 IN NS D.GTLD-SERVERS.net.
net. 91990 IN NS L.GTLD-SERVERS.net.
net. 91990 IN NS F.GTLD-SERVERS.net.
net. 91990 IN NS J.GTLD-SERVERS.net.
net. 91990 IN NS K.GTLD-SERVERS.net.
net. 91990 IN NS E.GTLD-SERVERS.net.
net. 91990 IN NS M.GTLD-SERVERS.net.
;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net. 91946 IN A 192.5.6.30
G.GTLD-SERVERS.net. 91946 IN A 192.42.93.30
H.GTLD-SERVERS.net. 91946 IN A 192.54.112.30
C.GTLD-SERVERS.net. 91946 IN A 192.26.92.30
I.GTLD-SERVERS.net. 91946 IN A 192.43.172.30
B.GTLD-SERVERS.net. 91946 IN A 192.33.14.30
D.GTLD-SERVERS.net. 91946 IN A 192.31.80.30
L.GTLD-SERVERS.net. 91946 IN A 192.41.162.30
F.GTLD-SERVERS.net. 91946 IN A 192.35.51.30
J.GTLD-SERVERS.net. 91946 IN A 192.48.79.30
K.GTLD-SERVERS.net. 91946 IN A 192.52.178.30
E.GTLD-SERVERS.net. 91946 IN A 192.12.94.30
M.GTLD-SERVERS.net. 91946 IN A 192.55.83.30
;; Query time: 300 msec
;; SERVER: 66.218.71.63#53(ns1.yahoo.com)
;; WHEN: Tue Oct 29 11:56:43 2002
;; MSG SIZE rcvd: 528
>
> I have multiple servers geographically seperated on seperate ISPs. One will
> have the problem, but another will work fine for the lookup during the same
> period.
>
> To further complicate things, I have several bind 8.3.1 servers running in a
> similar environment with no issues. They always seem to look up these names
> correctly.
>
> Any ideas? I have seen postings on groups.google.com about similar problems
> with no resolution or followups.
>
> Thanks,
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list