>From time to time there are certain domains that don't properly resolve on our corporate Windows DNS servers, but flushing the Windows DNS server cache resolves that. But yesterday I ran into an issue with resolving the AAAA for www.revk.uk on just some our ISP DNS servers and I have time to dig into it.
They're mostly running BIND 9.7.3 (Debian-patched) or 9.8.4 (Debian patched), some of them behind a load-balancer. In each case if the DNS server can't resolve the AAAA for www.revk.uk it's also because it can't resolve the AAAA for ghs.l.google.com, which is the last CNAME in the chain for www.revk.uk. How do I go about tracking this down? (Sorry, most of the servers have ACLs that prevent the public from resolving them, so you won't be able to test remotely.) Regards, Frank I have a script that checks against the IPv4 and IPv6 of each DNS server (identical), both the IPs that are behind the load-balancer and in front. root@nagios:/tmp# dig-all AAAA www.revk.uk ============================================ DNS server: 10.20.0.10 (server1 behind load-balancer) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @10.20.0.10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46710 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 21000 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 469 IN SOA ns4.google.com. dns-admin.google.com. 1577052 900 900 1800 60 ;; Query time: 108 msec ;; SERVER: 10.20.0.10#53(10.20.0.10) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 2607:fe28:0:4000::10 (server1 behind load-balancer) ; <<>> DiG 9.7.3 <<>> -6 AAAA www.revk.uk @2607:fe28:0:4000::10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43711 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 21000 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 469 IN SOA ns4.google.com. dns-admin.google.com. 1577052 900 900 1800 60 ;; Query time: 0 msec ;; SERVER: 2607:fe28:0:4000::10#53(2607:fe28:0:4000::10) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 10.20.0.20 (server2 behind load-balancer) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @10.20.0.20 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37596 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 21042 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 437 IN SOA ns3.google.com. dns-admin.google.com. 1577052 900 900 1800 60 ;; Query time: 109 msec ;; SERVER: 10.20.0.20#53(10.20.0.20) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 2607:fe28:0:4000::20 (server2 behind load-balancer) ; <<>> DiG 9.7.3 <<>> -6 AAAA www.revk.uk @2607:fe28:0:4000::20 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20244 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 21042 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 437 IN SOA ns3.google.com. dns-admin.google.com. 1577052 900 900 1800 60 ;; Query time: 0 msec ;; SERVER: 2607:fe28:0:4000::20#53(2607:fe28:0:4000::20) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 10.20.0.100 (server3 behind load-balancer) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @10.20.0.100 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60172 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 196602 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 469 IN SOA ns4.google.com. dns-admin.google.com. 1577052 900 900 1800 60 ;; Query time: 126 msec ;; SERVER: 10.20.0.100#53(10.20.0.100) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 2607:fe28:0:4000::100 (server3 behind load-balancer) ; <<>> DiG 9.7.3 <<>> -6 AAAA www.revk.uk @2607:fe28:0:4000::100 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37149 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 196602 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 469 IN SOA ns4.google.com. dns-admin.google.com. 1577052 900 900 1800 60 ;; Query time: 0 msec ;; SERVER: 2607:fe28:0:4000::100#53(2607:fe28:0:4000::100) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 10.20.0.200 (server4 behind load-balancer) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @10.20.0.200 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31066 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 196608 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 328 IN SOA ns4.google.com. dns-admin.google.com. 1577051 900 900 1800 60 ;; Query time: 115 msec ;; SERVER: 10.20.0.200#53(10.20.0.200) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 2607:fe28:0:4000::200 (server4 behind load-balancer) ; <<>> DiG 9.7.3 <<>> -6 AAAA www.revk.uk @2607:fe28:0:4000::200 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7874 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 196608 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 328 IN SOA ns4.google.com. dns-admin.google.com. 1577051 900 900 1800 60 ;; Query time: 0 msec ;; SERVER: 2607:fe28:0:4000::200#53(2607:fe28:0:4000::200) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 96.31.0.32 (load-balancer) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @96.31.0.32 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39076 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 21042 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 437 IN SOA ns3.google.com. dns-admin.google.com. 1577052 900 900 1800 60 ;; Query time: 0 msec ;; SERVER: 96.31.0.32#53(96.31.0.32) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 2607:fe28:0:1000::32 (load-balancer) ; <<>> DiG 9.7.3 <<>> -6 AAAA www.revk.uk @2607:fe28:0:1000::32 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45784 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 196602 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 469 IN SOA ns4.google.com. dns-admin.google.com. 1577052 900 900 1800 60 ;; Query time: 0 msec ;; SERVER: 2607:fe28:0:1000::32#53(2607:fe28:0:1000::32) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 127 ============================================ DNS server: 10.20.0.5 (private IP of server5) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @10.20.0.5 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13916 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 35425 IN CNAME ghs.l.google.com. ghs.l.google.com. 300 IN AAAA 2607:f8b0:4001:c01::79 ;; AUTHORITY SECTION: google.com. 108307 IN NS ns1.google.com. google.com. 108307 IN NS ns2.google.com. google.com. 108307 IN NS ns4.google.com. google.com. 108307 IN NS ns3.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 293243 IN A 216.239.32.10 ns2.google.com. 293243 IN A 216.239.34.10 ns3.google.com. 293243 IN A 216.239.36.10 ns4.google.com. 293243 IN A 216.239.38.10 ;; Query time: 313 msec ;; SERVER: 10.20.0.5#53(10.20.0.5) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 241 ============================================ DNS server: 96.31.0.5 (public IP of server5) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @96.31.0.5 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56265 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 35425 IN CNAME ghs.l.google.com. ghs.l.google.com. 300 IN AAAA 2607:f8b0:4001:c01::79 ;; AUTHORITY SECTION: google.com. 108307 IN NS ns2.google.com. google.com. 108307 IN NS ns1.google.com. google.com. 108307 IN NS ns3.google.com. google.com. 108307 IN NS ns4.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 293243 IN A 216.239.32.10 ns2.google.com. 293243 IN A 216.239.34.10 ns3.google.com. 293243 IN A 216.239.36.10 ns4.google.com. 293243 IN A 216.239.38.10 ;; Query time: 0 msec ;; SERVER: 96.31.0.5#53(96.31.0.5) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 241 ============================================ DNS server: 2607:fe28:0:1000::5 (private IP of server5) ; <<>> DiG 9.7.3 <<>> -6 AAAA www.revk.uk @2607:fe28:0:1000::5 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51958 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 35425 IN CNAME ghs.l.google.com. ghs.l.google.com. 300 IN AAAA 2607:f8b0:4001:c01::79 ;; AUTHORITY SECTION: google.com. 108307 IN NS ns3.google.com. google.com. 108307 IN NS ns2.google.com. google.com. 108307 IN NS ns4.google.com. google.com. 108307 IN NS ns1.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 293243 IN A 216.239.32.10 ns2.google.com. 293243 IN A 216.239.34.10 ns3.google.com. 293243 IN A 216.239.36.10 ns4.google.com. 293243 IN A 216.239.38.10 ;; Query time: 0 msec ;; SERVER: 2607:fe28:0:1000::5#53(2607:fe28:0:1000::5) ;; WHEN: Tue Dec 23 09:04:25 2014 ;; MSG SIZE rcvd: 241 ============================================ DNS server: 10.20.0.8 (private IP of server8) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @10.20.0.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12865 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 539906 IN CNAME ghs.l.google.com. ghs.l.google.com. 300 IN AAAA 2607:f8b0:4001:c05::79 ;; AUTHORITY SECTION: google.com. 107906 IN NS ns3.google.com. google.com. 107906 IN NS ns1.google.com. google.com. 107906 IN NS ns2.google.com. google.com. 107906 IN NS ns4.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 107906 IN A 216.239.32.10 ns2.google.com. 107906 IN A 216.239.34.10 ns3.google.com. 107906 IN A 216.239.36.10 ns4.google.com. 107906 IN A 216.239.38.10 ;; Query time: 161 msec ;; SERVER: 10.20.0.8#53(10.20.0.8) ;; WHEN: Tue Dec 23 09:04:26 2014 ;; MSG SIZE rcvd: 241 ============================================ DNS server: 96.31.0.8 (public IP of server8) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @96.31.0.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52910 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 539906 IN CNAME ghs.l.google.com. ghs.l.google.com. 300 IN AAAA 2607:f8b0:4001:c05::79 ;; AUTHORITY SECTION: google.com. 107906 IN NS ns2.google.com. google.com. 107906 IN NS ns4.google.com. google.com. 107906 IN NS ns1.google.com. google.com. 107906 IN NS ns3.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 107906 IN A 216.239.32.10 ns2.google.com. 107906 IN A 216.239.34.10 ns3.google.com. 107906 IN A 216.239.36.10 ns4.google.com. 107906 IN A 216.239.38.10 ;; Query time: 0 msec ;; SERVER: 96.31.0.8#53(96.31.0.8) ;; WHEN: Tue Dec 23 09:04:26 2014 ;; MSG SIZE rcvd: 241 ============================================ DNS server: 2607:fe28:0:1000::8 (public IP of server8) ; <<>> DiG 9.7.3 <<>> -6 AAAA www.revk.uk @2607:fe28:0:1000::8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21855 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 539906 IN CNAME ghs.l.google.com. ghs.l.google.com. 300 IN AAAA 2607:f8b0:4001:c05::79 ;; AUTHORITY SECTION: google.com. 107906 IN NS ns3.google.com. google.com. 107906 IN NS ns2.google.com. google.com. 107906 IN NS ns1.google.com. google.com. 107906 IN NS ns4.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 107906 IN A 216.239.32.10 ns2.google.com. 107906 IN A 216.239.34.10 ns3.google.com. 107906 IN A 216.239.36.10 ns4.google.com. 107906 IN A 216.239.38.10 ;; Query time: 0 msec ;; SERVER: 2607:fe28:0:1000::8#53(2607:fe28:0:1000::8) ;; WHEN: Tue Dec 23 09:04:26 2014 ;; MSG SIZE rcvd: 241 ============================================ DNS server: 199.120.69.24 (public IP of other server) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @199.120.69.24 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56923 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 31030 IN CNAME ghs.l.google.com. ghs.l.google.com. 291 IN AAAA 2607:f8b0:4001:c05::79 ;; AUTHORITY SECTION: google.com. 108305 IN NS ns3.google.com. google.com. 108305 IN NS ns1.google.com. google.com. 108305 IN NS ns4.google.com. google.com. 108305 IN NS ns2.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 44035 IN A 216.239.32.10 ns2.google.com. 252620 IN A 216.239.34.10 ns3.google.com. 259249 IN A 216.239.36.10 ns4.google.com. 252643 IN A 216.239.38.10 ;; Query time: 116 msec ;; SERVER: 199.120.69.24#53(199.120.69.24) ;; WHEN: Tue Dec 23 09:04:26 2014 ;; MSG SIZE rcvd: 241 ============================================ DNS server: 167.142.225.5 (server1 of upstream provider) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @167.142.225.5 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34333 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 584796 IN CNAME ghs.l.google.com. ghs.l.google.com. 138 IN AAAA 2607:f8b0:4001:c03::79 ;; AUTHORITY SECTION: google.com. 152742 IN NS ns4.google.com. google.com. 152742 IN NS ns3.google.com. google.com. 152742 IN NS ns2.google.com. google.com. 152742 IN NS ns1.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 152742 IN A 216.239.32.10 ns2.google.com. 152742 IN A 216.239.34.10 ns3.google.com. 152742 IN A 216.239.36.10 ns4.google.com. 152742 IN A 216.239.38.10 ;; Query time: 111 msec ;; SERVER: 167.142.225.5#53(167.142.225.5) ;; WHEN: Tue Dec 23 09:04:26 2014 ;; MSG SIZE rcvd: 241 ============================================ DNS server: 167.142.225.6 (server2 of upstream provider) ; <<>> DiG 9.7.3 <<>> AAAA www.revk.uk @167.142.225.6 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32897 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.revk.uk. IN AAAA ;; ANSWER SECTION: www.revk.uk. 3600 IN CNAME ghs.google.com. ghs.google.com. 586626 IN CNAME ghs.l.google.com. ;; AUTHORITY SECTION: l.google.com. 547 IN SOA ns3.google.com. dns-admin.google.com. 1577052 900 900 1800 60 ;; Query time: 113 msec ;; SERVER: 167.142.225.6#53(167.142.225.6) ;; WHEN: Tue Dec 23 09:04:26 2014 ;; MSG SIZE rcvd: 127 ============================================ _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
