On 1/8/2013 9:35 AM, Daniele wrote:
If I use BIND9 forwarding all the queries not belonging to my local
zones, it works.
But if I don't forward those queries, `dig` sometimes (and this is
weird) fails (with "connection timed out; no servers could be
reached") and the logs are full of "lame server", "FORMERR".
Why?
My guess is that your nameserver is having so much trouble resolving
Internet names that it's thrashing and this is causing intermittent
slowdowns/failures resolving even names from local zones.
You might be able to confirm or deny this speculation by looking at how
many concurrent recursive clients you have (e.g. through rndc).
If confirmed, this leads to the bigger question of why you're having
trouble resolving Internet names. "Lame server" is almost certainly a
problem with the remote nameserver and/or the delegation to that
nameserver, rather than your nameserver or anything in between. FORMERR,
on the other hand, might be caused if some intermediate device is
mangling your packets. Personally, I'd do a packet capture at various
points in the path and analyze the results. Improper handling of EDNS0
frequently leads to these types of symptoms.
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
