ISP caching server setup

Wed, 06 Aug 2014 13:04:07 -0700 

I manage a small group of cache only servers for an ISP.  We run Bind 9.7 and 
have noticed that several domains our customers would like to access are 
unavailable from our cache servers.  These same domains work on other provider 
networks such as Verizon or Google.  

What I have found is that these domains all have misconfigured glue records.  
This could be cause by a recent change of registrar or a misconfigured zone 
file pointing to NS records that no longer exist as glue records.  Because of 
this any query of a host from these domains receive a non-authoratative 
response and are dropped by our cache servers.

How do I configure the cache server to accept the non-authoritative response to 
provide our customers access to these domains with out forwarding to Google’s 
caching servers?

An example domain is losscontrol360.com.  
What our customers receive:
; <<>> DiG 9.8.3-P1 <<>> losscontrol360.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31462
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;losscontrol360.com.            IN      A

;; Query time: 1380 msec
;; SERVER: 10.100.2.11#53(10.100.2.11)
;; WHEN: Wed Aug  6 16:00:55 2014
;; MSG SIZE  rcvd: 36

What our cache server receives:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  38342
;; flags: qr ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280
;; QUESTION SECTION:
;losscontrol360.com.            IN      A

;; ANSWER SECTION:
losscontrol360.com.     173     IN      A       74.208.98.80

What Google provides:
; <<>> DiG 9.8.3-P1 <<>> losscontrol360.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17193
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;losscontrol360.com.            IN      A

;; ANSWER SECTION:
losscontrol360.com.     586     IN      A       74.208.98.80

;; Query time: 174 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Aug  6 16:01:07 2014
;; MSG SIZE  rcvd: 52

Jared Empson
Systems Administrator
Zito Media





_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to