In message <3a1ebfdb-a033-4e07-be61-9f6ba6916...@zitomedia.com>, Jared Empson w rites: > > I manage a small group of cache only servers for an ISP. We run Bind 9.7
You run BIND 9.7.0 and haven't applied any of the maintainence releases to BIND 9.7. > and have noticed that several domains our customers would like to access > are unavailable from our cache servers. These same domains work on other > provider networks such as Verizon or Google. In BIND 9.7.0 we restored the code to skip to non authorative answers from supposedly authorative servers having fixed a bug in named. Unfortunately there are some zones for which all the servers are broken and don't return authorative (aa=1) answers. BIND 9.7.1 reversed the change to skip non authorative answers despite it being technically correct. > What I have found is that these domains all have misconfigured glue > records. This could be cause by a recent change of registrar or a > misconfigured zone file pointing to NS records that no longer exist as > glue records. Because of this any query of a host from these domains > receive a non-authoratative response and are dropped by our cache servers. > > How do I configure the cache server to accept the non-authoritative > response to provide our customers access to these domains with out > forwarding to Google's caching servers? > An example domain is losscontrol360.com. > What our customers receive: > ; <<>> DiG 9.8.3-P1 <<>> losscontrol360.com > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31462 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;losscontrol360.com. IN A > > ;; Query time: 1380 msec > ;; SERVER: 10.100.2.11#53(10.100.2.11) > ;; WHEN: Wed Aug 6 16:00:55 2014 > ;; MSG SIZE rcvd: 36 > > What our cache server receives: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38342 > ;; flags: qr ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 1280 > ;; QUESTION SECTION: > ;losscontrol360.com. IN A > > ;; ANSWER SECTION: > losscontrol360.com. 173 IN A 74.208.98.80 > > What Google provides: > ; <<>> DiG 9.8.3-P1 <<>> losscontrol360.com @8.8.8.8 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17193 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;losscontrol360.com. IN A > > ;; ANSWER SECTION: > losscontrol360.com. 586 IN A 74.208.98.80 > > ;; Query time: 174 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Wed Aug 6 16:01:07 2014 > ;; MSG SIZE rcvd: 52 > > Jared Empson > Systems Administrator > Zito Media -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
