bind-8.2.2p5 stops responding
Mark.Andrews at iengines.com
Mark.Andrews at iengines.com
Tue Jan 4 22:43:19 UTC 2000
> Dave,
>
> I'm having a similiar problem w/ 8.2.2p5 on Sol 2.5.1, 2.6 and 7. After some
> time, resolution of only *some* external hosts will fail. A restart seems to
> remedy the problem. Last time it happened (this morning =8^p) i did a dumpdb
> and here's what i found:
>
> (before the restart - resolving fails)
>
> ...
> 169053: djinteractive 29986 IN NS dns1.djinteractive.com.
> ;Cr=auth
> 169054: 29986 IN NS dns2.djinteractive.com. ;Cr=auth
> 169055: 29986 IN A 207.50.249.32 ;Cr=auth
> 169056: 29986 IN A 207.50.249.33 ;Cr=auth
> 169057: 29986 IN A 207.50.249.34 ;Cr=auth
> 169058: 29986 IN A 207.50.249.31 ;Cr=auth
> ...
>
> (after the restart - resolving works again)
>
> ...
> 13336: djinteractive 86395 IN NS dns1.djinteractive.com.
> ;Cr=auth
> 13337: 86395 IN NS dns2.djinteractive.com. ;Cr=auth
> ...
> 13643: $ORIGIN djinteractive.com.
> 13644: dns2 86395 IN A 207.50.249.2 ;Cr=addtnl
> 13645: dns1 86395 IN A 207.50.249.1 ;Cr=addtnl
> 13646: www 86395 IN A 207.50.249.34 ;Cr=auth
> 13647: 86395 IN A 207.50.249.31 ;Cr=auth
> 13648: 86395 IN A 207.50.249.32 ;Cr=auth
> 13649: 86395 IN A 207.50.249.33 ;Cr=auth
> ...
>
> It seems that the cache is dropping the A record for dns1 and dns2 (it has a
> 2d expiration), but for some reason, can't re-fetch those....hmmm <head
> scratching>... one more thing, reverse lookups on the nameserver itself
> (207.50.249.2) always fail, *and* the authority for the reverse domain is
> different than for the forward. Bingo, lameness!
>
> So it looks as if the first time through, bind gets the addtnl info (A record
> s
> for the NS) back after following a normal resolution, then caches the answer
> and will offer (non-authoritative) replies until expiry (2d), at which point
> it tries to re-validate, but since it already has the NS, it tries to do a
> reverse lookup on that name, then contact it directly, which always fails.
>
> What's the solution? Adjust the negative cache? Contact them? Anyone?
Contact them and get them to fix their delegation. The NS RRset
in the parent zone is supposed to be a copy of that in the child
zone.
Mark
; <<>> DiG 8.2 <<>> ns djinteractive.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUERY SECTION:
;; djinteractive.com, type = NS, class = IN
;; ANSWER SECTION:
djinteractive.com. 1d23h57m32s IN NS DNS2.DJNR.com.
djinteractive.com. 1d23h57m32s IN NS DNS3.DJNR.com.
;; ADDITIONAL SECTION:
DNS2.DJNR.com. 1d23h57m32s IN A 207.50.248.1
DNS3.DJNR.com. 1d23h57m32s IN A 207.50.248.65
;; Total query time: 15 msec
;; FROM: bsdi.dv.isc.org to SERVER: default -- 130.155.191.233
;; WHEN: Wed Jan 5 09:32:55 2000
;; MSG SIZE sent: 35 rcvd: 110
>
> Dave Wreski wrote:
>
> > Hi all. I posted a message a week or so ago about bind-8.2.2p5 on Solaris
> > 2.6 ceasing to respond to specific queries, and failing with "host unknown"
> > preventing it from even falling over to another nameserver.
> >
> > It seems that if we have network problems to a specific domain, say, for
> > example, yahoo.com, if a query is performed in the time the network
> > connection is down, once it is brought back up, it can no longer resolve
> > that domain until named is stopped and restarted.
> >
> > What could be the reason for this?
> >
> > Thanks,
> > Dave
>
> --
> Tom Throckmorton
> Harvard Business School
> ITG, Network Operations Center
> throck at hbs.edu
>
>
>
>
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at iengines.com
More information about the bind-users
mailing list