The outgoing "[1au]" queries aren't getting a response. In tcpdump's
display format, I believe "[1au]" means 1 record in the Additional
Section. This would undoubtedly be an OPT record for EDNS0 negotiation.
I'm having no problems querying those same nameservers with EDNS0 by the
way.
What you show would, I think, be the expected results of a
recently-restarted nameserver on a network infrastructure that was
dropping EDNS0 packets. Once named "learns" that particular nameservers
don't support EDNS0, however, I believe it would stop trying to use
EDNS0 with them, at least for a while (in case it was just a temporary
problem), so I don't think this would be a persistent issue.
This is not to say you shouldn't get to the root cause, but I doubt it
actually causes real outages. EDNS0 support was added to BIND with full
knowledge that not all network infrastructures were going to support it
right away...
I believe +dnssec also turns on EDNS0 unconditionally, so your failures
with +dnssec queries are consistent with my hypothesis.
- Kevin
On 6/18/2010 10:20 PM, Rok Potočnik wrote:
I'm using bind 9.7.0-p2 as an authoritive/caching server on a couple
of servers and lately I'm noticing that we're having problems
resolving domains under *.domaincontrol.com servers. The query itself
is sent out (as the tcpdump output down below shows) but only a couple
of replies get back. In case I do a manual lookup using dig, the
replies get back every time. Any ideas on where to look the problem?
---
# tcpdump -nvs0 -ieth1 'host 208.109.255.17 or host 216.69.185.17'
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
65535 bytes
04:06:00.189351 IP (tos 0x0, ttl 64, id 5848, offset 0, flags [none],
length: 83) 11.22.33.44.5520 > 216.69.185.17.53: [bad udp cksum 8d70!]
2246 A? ns2.treasurecoasthandymanservices.com. (55)
04:06:00.230958 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF],
length: 151) 216.69.185.17.53 > 11.22.33.44.5520: [udp sum ok] 2246*-
1/2/0 ns2.treasurecoasthandymanservices.com. A 184.73.42.183 (123)
04:06:00.305217 IP (tos 0x0, ttl 64, id 58705, offset 0, flags
[none], length: 80) 11.22.33.44.20025 > 208.109.255.17.53: [bad udp
cksum d552!] 34314% [1au] MX? replacementservices.com. (52)
04:06:00.360333 IP (tos 0x0, ttl 64, id 5849, offset 0, flags [none],
length: 94) 11.22.33.44.29996 > 216.69.185.17.53: [bad udp cksum
8096!] 62171% [1au] A? ns1.treasurecoasthandymanservices.com. (66)
04:06:00.360389 IP (tos 0x0, ttl 64, id 5850, offset 0, flags [none],
length: 94) 11.22.33.44.41105 > 216.69.185.17.53: [bad udp cksum
622a!] 13204% [1au] A? ns2.treasurecoasthandymanservices.com. (66)
04:06:00.360420 IP (tos 0x0, ttl 64, id 5851, offset 0, flags [none],
length: 94) 11.22.33.44.44750 > 216.69.185.17.53: [bad udp cksum
3cf3!] 16765% [1au] AAAA? ns1.treasurecoasthandymanservices.com. (66)
04:06:00.360483 IP (tos 0x0, ttl 64, id 5852, offset 0, flags [none],
length: 94) 11.22.33.44.60483 > 216.69.185.17.53: [bad udp cksum
8d37!] 49078% [1au] AAAA? ns2.treasurecoasthandymanservices.com. (66)
04:06:00.539000 IP (tos 0x0, ttl 64, id 5853, offset 0, flags [none],
length: 83) 11.22.33.44.40187 > 216.69.185.17.53: [bad udp cksum
9261!] 36950 A? ns1.treasurecoasthandymanservices.com. (55)
04:06:00.572696 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF],
length: 151) 216.69.185.17.53 > 11.22.33.44.40187: [udp sum ok]
36950*- 1/2/0 ns1.treasurecoasthandymanservices.com. A 184.73.99.89 (123)
04:06:02.619261 IP (tos 0x0, ttl 64, id 58706, offset 0, flags
[none], length: 80) 11.22.33.44.31171 > 208.109.255.17.53: [bad udp
cksum 8e06!] 46279% [1au] MX? replacementservices.com. (52)
04:06:04.389211 IP (tos 0x0, ttl 64, id 58707, offset 0, flags
[none], length: 94) 11.22.33.44.17162 > 208.109.255.17.53: [bad udp
cksum 3baf!] 29937% [1au] AAAA?
ns2.treasurecoasthandymanservices.com. (66)
04:06:04.414944 IP (tos 0x0, ttl 64, id 58708, offset 0, flags
[none], length: 94) 11.22.33.44.17486 > 208.109.255.17.53: [bad udp
cksum 650e!] 12165% [1au] A? ns1.treasurecoasthandymanservices.com. (66)
04:06:04.512114 IP (tos 0x0, ttl 64, id 58709, offset 0, flags
[none], length: 94) 11.22.33.44.11845 > 208.109.255.17.53: [bad udp
cksum 2460!] 62413% [1au] A? ns2.treasurecoasthandymanservices.com. (66)
04:06:04.551371 IP (tos 0x0, ttl 64, id 58710, offset 0, flags
[none], length: 94) 11.22.33.44.62132 > 208.109.255.17.53: [bad udp
cksum 8e91!] 58100% [1au] AAAA?
ns1.treasurecoasthandymanservices.com. (66)
04:06:06.594682 IP (tos 0x0, ttl 64, id 5854, offset 0, flags [none],
length: 80) 11.22.33.44.29685 > 216.69.185.17.53: [bad udp cksum
6135!] 2067% [1au] MX? replacementservices.com. (52)
04:06:08.631924 IP (tos 0x0, ttl 64, id 5855, offset 0, flags [none],
length: 69) 11.22.33.44.59535 > 216.69.185.17.53: [bad udp cksum
4a0a!] 16619 MX? replacementservices.com. (41)
04:06:08.665270 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF],
length: 180) 216.69.185.17.53 > 11.22.33.44.59535: [udp sum ok]
16619*- 2/2/0 replacementservices.com. MX server24.appriver.com. 10,
replacementservices.com. MX server25.appriver.com. 20 (152)
04:06:10.664542 IP (tos 0x0, ttl 64, id 5856, offset 0, flags [none],
length: 94) 11.22.33.44.27072 > 216.69.185.17.53: [bad udp cksum
ddc6!] 49385% [1au] AAAA? ns2.treasurecoasthandymanservices.com. (66)
04:06:10.703845 IP (tos 0x0, ttl 64, id 5857, offset 0, flags [none],
length: 94) 11.22.33.44.14627 > 216.69.185.17.53: [bad udp cksum
b1c6!] 3252% [1au] A? ns1.treasurecoasthandymanservices.com. (66)
04:06:10.804055 IP (tos 0x0, ttl 64, id 5858, offset 0, flags [none],
length: 94) 11.22.33.44.1134 > 216.69.185.17.53: [bad udp cksum fbb6!]
20766% [1au] A? ns2.treasurecoasthandymanservices.com. (66)
04:06:10.841086 IP (tos 0x0, ttl 64, id 5859, offset 0, flags [none],
length: 94) 11.22.33.44.12098 > 216.69.185.17.53: [bad udp cksum
35bf!] 785% [1au] AAAA? ns1.treasurecoasthandymanservices.com. (66)
04:06:11.251709 IP (tos 0x0, ttl 64, id 58711, offset 0, flags
[none], length: 80) 11.22.33.44.40730 > 208.109.255.17.53: [bad udp
cksum 5eae!] 59295% [1au] MX? replacementservices.com. (52)
---
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
