On Feb 4, 2011, at 1:11 PM, Chris Buxton wrote: > +trace does not do what you think it does. It does not query the target name > server for each successive query. Rather, it causes the 'dig' command to > perform recursion on its own, only using the indicated server (@server) to > seed its root server list.
Ok, so this is at least the 6th time (that I can remember) that the behavior of +trace and @server has caused confusion on the list --- perhaps it is worth opening a feature request to make dig present an informational message if these 2 options are chosen? W > +trace also stops at the CNAME, and does not restart the recursion process as > needed to track down the final A record(s). > > Perform the trace manually, using either +dnssec or at least +bufsize=4096. > For example, one step in the process will look like this: > > dig +bufsize=4096 +norec www.yahoo.com @ns1.yahoo.com > > You will find that the Yahoo load balancers do not understand EDNS0. This > might be part of the problem, although named should be able to work around > this automatically. Check the log file (or configure logging as needed and > re-run the query against your problem server) to see if it will tell you > exactly what the problem is. > > Chris Buxton > BlueCat Networks > > On Feb 3, 2011, at 6:07 PM, Tory M Blue wrote: > >> On Thu, Feb 3, 2011 at 5:23 PM, Barry Margolin <bar...@alum.mit.edu> wrote: >>> In article <mailman.1636.1296781581.555.bind- >>> SNIPPED< >>> www.yahoo.com. 300 IN CNAME fp.wg1.b.yahoo.com. >>> >>> And even when they did, it didn't get involved until you followed the >>> CNAME returned for www.yahoo.com. Your log message above indicates an >>> issue just with the yahoo.com domain, not resolution of the CNAME target. >>> >>> -- >> Thanks Barry so maybe I need some further education >> >> >> [tblue@mx3 ~]$ dig @problemserver.net www.yahoo.com >> >> ; <<>> DiG 9.6.2-P2-RedHat-9.6.2-5.P2.fc12 <<>> @problemserver.net >> www.yahoo.com >> ; (1 server found) >> ;; global options: +cmd >> ;; connection timed out; no servers could be reached >> >> So let's add the trace option (Same servers) >> >> [tblue@mx3 ~]$ dig @problemserver.net www.yahoo.com +trace >> >> ; <<>> DiG 9.6.2-P2-RedHat-9.6.2-5.P2.fc12 <<>> @problemserver.net >> www.yahoo.com +trace >> ; (1 server found) >> ;; global options: +cmd >> . 514246 IN NS f.root-servers.net. >> . 514246 IN NS b.root-servers.net. >> . 514246 IN NS e.root-servers.net. >> . 514246 IN NS a.root-servers.net. >> . 514246 IN NS l.root-servers.net. >> . 514246 IN NS k.root-servers.net. >> . 514246 IN NS i.root-servers.net. >> . 514246 IN NS d.root-servers.net. >> . 514246 IN NS c.root-servers.net. >> . 514246 IN NS m.root-servers.net. >> . 514246 IN NS j.root-servers.net. >> . 514246 IN NS h.root-servers.net. >> . 514246 IN NS g.root-servers.net. >> ;; Received 336 bytes from 10.13.255.101#53(10.13.255.101) in 1 ms >> >> com. 172800 IN NS a.gtld-servers.net. >> com. 172800 IN NS b.gtld-servers.net. >> com. 172800 IN NS c.gtld-servers.net. >> com. 172800 IN NS d.gtld-servers.net. >> com. 172800 IN NS e.gtld-servers.net. >> com. 172800 IN NS f.gtld-servers.net. >> com. 172800 IN NS g.gtld-servers.net. >> com. 172800 IN NS h.gtld-servers.net. >> com. 172800 IN NS i.gtld-servers.net. >> com. 172800 IN NS j.gtld-servers.net. >> com. 172800 IN NS k.gtld-servers.net. >> com. 172800 IN NS l.gtld-servers.net. >> com. 172800 IN NS m.gtld-servers.net. >> ;; Received 494 bytes from 199.7.83.42#53(l.root-servers.net) in 11 ms >> >> yahoo.com. 172800 IN NS ns1.yahoo.com. >> yahoo.com. 172800 IN NS ns5.yahoo.com. >> yahoo.com. 172800 IN NS ns2.yahoo.com. >> yahoo.com. 172800 IN NS ns3.yahoo.com. >> yahoo.com. 172800 IN NS ns4.yahoo.com. >> ;; Received 201 bytes from 192.31.80.30#53(d.gtld-servers.net) in 55 ms >> >> www.yahoo.com. 300 IN CNAME fp.wg1.b.yahoo.com. >> wg1.b.yahoo.com. 300 IN NS yf2.yahoo.com. >> wg1.b.yahoo.com. 300 IN NS yf4.yahoo.com. >> wg1.b.yahoo.com. 300 IN NS yf8.yahoo.com. >> wg1.b.yahoo.com. 300 IN NS yf3.yahoo.com. >> wg1.b.yahoo.com. 300 IN NS yf6.yahoo.com. >> wg1.b.yahoo.com. 300 IN NS yf5.yahoo.com. >> wg1.b.yahoo.com. 300 IN NS yf1.yahoo.com. >> wg1.b.yahoo.com. 300 IN NS yf7.yahoo.com. >> ;; Received 326 bytes from 68.180.131.16#53(ns1.yahoo.com) in 2 ms >> >> >> So what am I missing? No servers available and the trace shows that >> it's finding the CNAME record, but doesn't appear to be going far >> enough, >> >> >> Here is the second server who can resolve this. Identical >> configuration as the problem server, same network segment, behind same >> SNAT, the same.. >> >> [tblue@mx3 ~]$ dig @functioningserver.net www.yahoo.com >> >> ; <<>> DiG 9.6.2-P2-RedHat-9.6.2-5.P2.fc12 <<>> @functioningserver.net >> www.yahoo.com >> ; (1 server found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30158 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;www.yahoo.com. IN A >> >> ;; ANSWER SECTION: >> www.yahoo.com. 300 IN CNAME fp.wg1.b.yahoo.com. >> fp.wg1.b.yahoo.com. 3238 IN CNAME any-fp.wa1.b.yahoo.com. >> any-fp.wa1.b.yahoo.com. 60 IN A 98.137.149.56 >> any-fp.wa1.b.yahoo.com. 60 IN A 72.30.2.43 >> >> ;; AUTHORITY SECTION: >> wa1.b.yahoo.com. 300 IN NS yf2.yahoo.com. >> wa1.b.yahoo.com. 300 IN NS yf1.yahoo.com. >> >> ;; Query time: 1759 msec >> ;; SERVER: 10.13.255.102#53(10.13.255.102) >> ;; WHEN: Thu Feb 3 18:03:55 2011 >> ;; MSG SIZE rcvd: 147 >> >> I'm missing something I'm sure, but it's under my skin now! >> >> Thanks again >> Tory >> _______________________________________________ >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
