On 10/24/2012 11:56 AM, Chris Buxton wrote:
On Oct 23, 2012, at 5:17 PM, Christian Tardif wrote:
Hi,
I have a strange BIND behaviour I don't know how to handle. As I don't exactly
know how to describe it, I'll rather explain what I did and what happens. But
not quite easy to follow.
In my tests, I have two servers with BIND installed on them: SiteA (BIND
9.8.2rc1 on CentOS 6.3), and SiteB (BIND 9.5.0-P2, on Mandriva 2008.1). A third
environment helps me for diagnostics.
SiteA is a recursive name server. I've been able to prove that it does not
behave correctly under certain circumstances by hitting it with a simple
request: asking it to give me NS records for a certain subdomain for which it's
primary for the base domain (dig @SiteA NS sub.domain.tld, SiteA being
authoritative for domain.tld). It just times out. There are glue records on
SiteA for the sub.domain.tld master BIND). In order to try to figure out what
was going on, I try, directly from SiterA, to send a request, as a client,
directly to the master of sub.domain.tld. Times out again. At this moment, I
can't tell which server is faulty. But I ge the same behaviour trying to get an
answer from a completely different server (SiteB). In that case as well, no
answer. But still starting from SiteA.
I then tried to get a response for the request I made from SiteA to SiteB (as I
control both), but this time, starting for my third environment. Then, SiteB
answers to my request. So SiteB looks like it's working. But how come it does
not answer my request from SiteA? From BIND logs on siteB, there's no trace of
SiteA-to-SiteB' request. In order to prove that my UDP packets actually reaches
their destination, and are not modified during transit, I opened a tcpdump
session on SiteA and on SiteB. Packets come through in good shape, but didn't
find their way to BIND application, as it seems. In my opinion, SiteB is not
part of the problem, as it answers normally to every other it receives from
anywhere else than SiteA. If I try again SiteA-to-SiteB request, I can see with
TCPDUMP that packets gets out of SiteA, and enters SiteB. But BIND doesn't
react. Even if I try to enable debugging on SiteB, I don't see anything.
What could be wrong, and how do I solve it? What tools are available to help
out? If I try to ask for recursive request (let's say www.google.com) from
anywhere, pointing at SiteA, I get a proper answer.
What happens if you use 'dig +norec' in your tests? That is, use iterative
queries. Does that change the behavior you see?
Chris Buxton
BlueCat Networks
Hi Chris,
Back to a DNS problem, I came back to this thread. If I do a "dig
+norec", I still don't get the final answer but then, I get a whole
bunch of information (the NS records for the requested zone, and the A
records relativey to these NS records)
Christian Tardif
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
