BIND 9.3.2-P1 failing completely on some domains
Mark Andrews
Mark_Andrews at isc.org
Fri Sep 15 00:22:26 UTC 2006
> Hello,
>
> I am running BIND 9.3.2-P1 as an authority for hosts on my LAN, but
> not visible at all to the outside world. I set up the config and zone
> files literally a couple of years ago, and have barely touched them
> since. I was running 9.3.0 until I upgraded to FreeBSD 5.5-STABLE
> last week, at which point BIND was upgraded.
>
> It may be a coincidence in timing, but since the upgrade I seem to be
> unable to resolve a couple of related hostnames: eve-files.com and
> podbase.com:
>
> > dig www.eve-files.com
>
> ; <<>> DiG 9.3.2-P1 <<>> www.eve-files.com
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
> > dig www.eve-files.com +trace
>
> ; <<>> DiG 9.3.2-P1 <<>> www.eve-files.com +trace
> ;; global options: printcmd
> . 517752 IN NS G.ROOT-SERVERS.NET.
> . 517752 IN NS H.ROOT-SERVERS.NET.
> . 517752 IN NS I.ROOT-SERVERS.NET.
> . 517752 IN NS J.ROOT-SERVERS.NET.
> . 517752 IN NS K.ROOT-SERVERS.NET.
> . 517752 IN NS L.ROOT-SERVERS.NET.
> . 517752 IN NS M.ROOT-SERVERS.NET.
> . 517752 IN NS A.ROOT-SERVERS.NET.
> . 517752 IN NS B.ROOT-SERVERS.NET.
> . 517752 IN NS C.ROOT-SERVERS.NET.
> . 517752 IN NS D.ROOT-SERVERS.NET.
> . 517752 IN NS E.ROOT-SERVERS.NET.
> . 517752 IN NS F.ROOT-SERVERS.NET.
> ;; Received 436 bytes from 192.168.0.1#53(192.168.0.1) in 0 ms
>
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS b.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS j.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> ;; Received 495 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 276 ms
>
> eve-files.com. 172800 IN NS a.podbase.com.
> eve-files.com. 172800 IN NS b.podbase.com.
> eve-files.com. 172800 IN NS c.podbase.com.
> eve-files.com. 172800 IN NS d.podbase.com.
> ;; Received 171 bytes from 192.42.93.30#53(g.gtld-servers.net) in 207 ms
>
> eve-files.com. 172151 IN NS c.podbase.com.
> eve-files.com. 172151 IN NS d.podbase.com.
> eve-files.com. 172151 IN NS a.podbase.com.
> eve-files.com. 172151 IN NS b.podbase.com.
> ;; Received 107 bytes from 192.168.0.1#53(a.podbase.com) in 30040 ms
>
> The last five lines are then repeated, seemingly forever, with only
> the order of the nameservers changing. Yet I can resolve this with my
> ISP's nameserver:
Has your ISP added a "transparent" DNS cache?
Do "dig +norec www.eve-files.com @a.podbase.com" then
do "dig www.eve-files.com @a.podbase.com" then
do "dig +norec www.eve-files.com @a.podbase.com" and
report the results.
> > dig @ns1.on.net www.eve-files.com
>
> ; <<>> DiG 9.3.2-P1 <<>> @ns1.on.net www.eve-files.com
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17805
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;www.eve-files.com. IN A
>
> ;; ANSWER SECTION:
> www.eve-files.com. 1800 IN CNAME eve-files.com.
> eve-files.com. 1800 IN A 213.115.157.54
>
> ;; AUTHORITY SECTION:
> eve-files.com. 137798 IN NS a.podbase.com.
> eve-files.com. 137798 IN NS b.podbase.com.
> eve-files.com. 137798 IN NS c.podbase.com.
> eve-files.com. 137798 IN NS d.podbase.com.
>
> ;; ADDITIONAL SECTION:
> a.podbase.com. 137798 IN A 85.228.72.199
> b.podbase.com. 137798 IN A 213.115.157.54
> c.podbase.com. 137798 IN A 213.115.157.52
> d.podbase.com. 137798 IN A 85.228.72.206
>
> ;; Query time: 382 msec
> ;; SERVER: 216.200.145.64#53(216.200.145.64)
> ;; WHEN: Fri Sep 15 08:41:07 2006
> ;; MSG SIZE rcvd: 218
>
> My named.conf is pretty basic, and hasn't changed in a couple of
> years:
>
> options {
> directory "/etc/namedb";
> query-source address * port 53;
> };
>
> controls {
> inet * allow { any; } keys { "rndc-key"; };
> };
>
> include "/etc/namedb/rndc-key";
>
> logging {
> channel var_log {
> file "/var/log/named.log" versions 2 size 5m;
> severity dynamic;
> print-time yes;
> print-severity yes;
> print-category yes;
> };
>
> category default { default_syslog; var_log; };
> category queries { var_log; };
> category xfer-out { var_log; };
> };
>
> zone "logicsquad.net" {
> type master;
> file "db.logicsquad.net";
> allow-update { 192.168.0.1; };
> };
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "db.127.0.0";
> allow-update { 192.168.0.1; };
> };
>
> zone "0.168.192.in-addr.arpa" {
> type master;
> file "db.192.168.0";
> allow-update { 192.168.0.1; };
> };
>
> zone "." {
> type hint;
> file "db.cache";
> };
>
> Is this my problem, or someone else's?
>
>
> --
> Paul.
>
> Logic Squad -- Technical Publishing with XML -- http://logicsquad.net/
>
>
--
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP. Email training at isc.org.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list