Hello!
Am 2024-06-04 15:28, schrieb Greg Choules:
Hi Thomas.
Firstly, I doubt you actually need to kill and restart `named`.
Flushing the cache would probably work, either all of it or just
selected names.
Secondly, take a packet capture of this happening and analyse what
BIND is really doing, in Wireshark.
- If it shows up that certain NS are causing the problem you can avoid
them, in config.
- If it's a DNSSEC issue, you can get around that on a per-domain
basis, if needed.
- If it turns out that qname minimization is the issue, you can play
with settings for that, too.
In short, there are plenty of tools in the kit bag. But understand
what the problem is first and to do that, gather data (pcaps and logs)
that can be used to paint a picture of what's really happening.
Cheers, Greg
The newsletter is only sent out once a day, so I would have to wait
until tomorrow. I'll record it then. I have already experimented with
tshark and recorded port 53. What I noticed as a network layman is that
a certain response takes much longer on server 1 with the problems than
on server 2.
It's the message:
No such name NS _domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA
ns1.epi.es
Here is a part of the recording of server 1 with the problem, almost a
delay of 2 seconds!
(tshark -w dns-mx1-l5.pcap -i eth0 -f "src port 53")
[...]
6 18:35:38,719369034 216.239.32.106 213.136.83.xxx DNS 141 Standard
query response 0x69ac A ns3.prensaiberica.net A 34.175.122.60 OPT
7 18:35:40,333128992 34.175.122.60 213.136.83.xxx DNS 162 Standard query
response 0xf393 No such name NS
_domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
8 18:35:40,370838540 194.69.254.1 213.136.83.xxx DNS 1219 Standard query
response 0xaadc DS mallorcazeitung.es NSEC3 RRSIG SOA ns1.nic.es RRSIG
NSEC3 RRSIG OPT
9 18:35:40,402465454 34.175.171.102 213.136.83.xxx DNS 165 Standard
query response 0x7bfa A
s1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
Here is the part of the recording of server 2
(tshark -w dns-mx2-l5.pcap -i eth0 -f "src port 53")
5 18:32:03,019743724 213.4.119.2 167.86.126.xxx DNS 139 Standard query
response 0x36bf A ns4.prensaiberica.net A 34.175.171.102 NS ns1.epi.es
NS ns2.epi.es
6 18:32:03,052680383 194.69.254.1 167.86.126.xxx DNS 1219 Standard query
response 0x5643 DS mallorcazeitung.es NSEC3 RRSIG SOA ns1.nic.es RRSIG
NSEC3 RRSIG OPT
7 18:32:03,087003657 34.175.122.60 167.86.126.xxx DNS 162 Standard query
response 0x3d78 No such name NS
_domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
8 18:32:03,120746561 34.175.171.102 167.86.126.xxx DNS 165 Standard
query response 0x3a41 A
s1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
I therefore suspect that the delay will be even greater tomorrow again
when the newsletter arrives, so that the "communication error" will
occur again.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
