9.2.3 EDNS0 incompatibility
Chris Sharp
csharp at mac.com
Fri Sep 10 21:40:44 UTC 2004
Hello,
Since upgrading from 9.2.1 we are seeing some strange behavior on our
9.2.3 server. When I issue:
csharp6:~/bin csharpl$ dig -t soa computer.csharp.members.mac.com.
; <<>> DiG 9.2.2 <<>> -t soa computer.csharp.members.mac.com.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23436
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;computer.csharp.members.mac.com. IN SOA
;; Query time: 33 msec
;; SERVER: 17.128.100.12#53(17.128.100.12)
;; WHEN: Fri Sep 10 13:58:12 2004
;; MSG SIZE rcvd: 49
the 9.2.3 server responds this way. This causes nsupdate to fail
"response to SOA query didn't contain an SOA". Note, the 17.128.100.12
address is internal and forwards to 17.254.0.35 (9.2.3 server).
We turned logging all the way up to 99 on the 9.2.3 server and did not
see anything out of the ordinary - or at least to my eyes.
A network trace comparing the new server with the old shows that the
new server is issuing the SOA lookup with an OPT resource record:
SOA? computer.csharp.members.mac.com. ar: . OPT UDPsize=2048 (60)
where the old server:
SOA? computer.csharp.members.mac.com. (49)
The custom dynamic DNS server responding (17.250.248.161) to the first
query responds with a FormErr. The 9.2.3 server then re-issues the
query without the OPT RR and gets an NXDOMAIN with the SOA record in
the authority section.
Is it possible that the first Formerr response is being cached and
causing the empty SOA response to the client?
Regards,
Chris Sharp
-- Binary/unsupported file stripped by Ecartis --
-- Type: application/pkcs7-signature
-- File: smime.p7s
More information about the bind-users
mailing list