Problem resolving some domains
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Thu Oct 18 01:32:09 UTC 2001
>
> <9qk4ri$qp4 at pub3.rc.vix.com> divulged:
>
> >> | root at alvarez:/# skill -v /usr/sbin/named
> >> | > sent #23882 a TERM (named executing /usr/sbin/named)
> >> | root at alvarez:/# su - named -c /usr/sbin/named
> >
> > You really expect us to believe that named started and
> > bound itself to a reserved port when running as the user
> > named.
> >
> > This is a well known limitation of BIND 4 and BIND 8 (<8.3).
>
> cut and paste error. the `su - named -c' actually preceded the `skill',
> named was run with ``env - /usr/sbin/named''.
>
> since i have nothing to gain by claiming it functional in (my) 4.9.8 and
> you are being, umm, terse, i'll go find why it worked myself. (there are
> no forwarders configured. i have altered the code to setreuid between
> named and root, and to exclude the version responding code. i doubt that
> my code, horrible as it might be, could have changed the way resolution
> happens; it's just after the fork, and in getnetconf and opensocket, though
> that's from memory, i'll have to go check the patch file to be sure there
> aren't other spots.)
>
> --
> okay, have a sig then
>
Show version.
drugs# what named/named
named/named:
named 4.9.8-REL Thu Oct 18 10:54:01 EST 2001 marka at drugs.dv.isc.org:/usr/home/marka/cvs/cur/bind4/named
db_dump.c 4.33 (Berkeley) 3/3/91
db_load.c 4.38 (Berkeley) 3/2/91
db_lookup.c 4.18 (Berkeley) 3/21/91
db_reload.c 4.22 (Berkeley) 3/21/91
db_save.c 4.16 (Berkeley) 3/21/91
db_update.c 4.28 (Berkeley) 3/21/91
db_glue.c 4.4 (Berkeley) 6/1/90
ns_forw.c 4.32 (Berkeley) 3/3/91
ns_init.c 4.38 (Berkeley) 3/21/91
ns_main.c 4.55 (Berkeley) 7/1/91
Copyright (c) 1986, 1989, 1990 The Regents of the University of California.
ns_maint.c 4.39 (Berkeley) 3/2/91
ns_req.c 4.47 (Berkeley) 7/1/91
ns_resp.c 4.65 (Berkeley) 3/3/91
ns_sort.c 4.10 (Berkeley) 3/3/91
ns_stats.c 4.10 (Berkeley) 6/27/90
Show configuration.
drugs# cat /etc/named.boot
directory /var/named
cache . /var/named/master/rootservers
Prove named is not running.
drugs# dig www.passau.de @localhost
; <<>> DiG 8.3 <<>> www.passau.de @localhost
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server localhost 127.0.0.1: Connection refused
Start named.
drugs# named/named
Demonstrate failure. ns_resp.c will drop any additional records
that are returned from the de servers as part of the anti-cache
poisioning rules. The nameserver will then attempt to lookup
up the addresses ns.nameserver121.com and ns2.nameserver121.com
which intern require looking up the address of NS2.ONE-2-ONE.DE
and NS.ONE-2-ONE.NET, this lookup is blocked to prevent infinite
looping.
drugs# dig www.passau.de @localhost
; <<>> DiG 8.3 <<>> www.passau.de @localhost
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server localhost 127.0.0.1: Operation timed out
Show that we have the NS record for passau.de and the above
description was not BS.
drugs# dig www.passau.de @localhost +norec
; <<>> DiG 8.3 <<>> www.passau.de @localhost +norec
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48080
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; QUERY SECTION:
;; www.passau.de, type = A, class = IN
;; AUTHORITY SECTION:
passau.de. 23h59m47s IN NS ns.nameserver121.com.
passau.de. 23h59m47s IN NS ns2.nameserver121.com.
;; Total query time: 1 msec
;; FROM: drugs.dv.isc.org to SERVER: localhost 127.0.0.1
;; WHEN: Thu Oct 18 11:01:59 2001
;; MSG SIZE sent: 31 rcvd: 92
Demonstate that it still fail.
drugs# dig www.passau.de @localhost
; <<>> DiG 8.3 <<>> www.passau.de @localhost
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server localhost 127.0.0.1: Operation timed out
drugs# dig www.passau.de @localhost +norec
; <<>> DiG 8.3 <<>> www.passau.de @localhost +norec
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25001
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; QUERY SECTION:
;; www.passau.de, type = A, class = IN
;; AUTHORITY SECTION:
passau.de. 23h59m13s IN NS ns.nameserver121.com.
passau.de. 23h59m13s IN NS ns2.nameserver121.com.
;; Total query time: 0 msec
;; FROM: drugs.dv.isc.org to SERVER: localhost 127.0.0.1
;; WHEN: Thu Oct 18 11:03:31 2001
;; MSG SIZE sent: 31 rcvd: 92
Look up the ns records for nameserver121.com which triggers
additional fetching. This succeeds which in turn allow the
lookup of www.passau.de to succeed..
drugs# dig ns nameserver121.com @localhost
; <<>> DiG 8.3 <<>> ns nameserver121.com @localhost
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; nameserver121.com, type = NS, class = IN
;; ANSWER SECTION:
nameserver121.com. 1d21h34m IN NS NS2.ONE-2-ONE.DE.
nameserver121.com. 1d21h34m IN NS NS.ONE-2-ONE.NET.
;; Total query time: 0 msec
;; FROM: drugs.dv.isc.org to SERVER: localhost 127.0.0.1
;; WHEN: Thu Oct 18 11:03:51 2001
;; MSG SIZE sent: 35 rcvd: 95
drugs# dig www.passau.de @localhost
; <<>> DiG 8.3 <<>> www.passau.de @localhost
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; www.passau.de, type = A, class = IN
;; ANSWER SECTION:
www.passau.de. 1D IN A 195.243.207.132
;; AUTHORITY SECTION:
passau.de. 1D IN NS ns.nameserver121.com.
passau.de. 1D IN NS ns2.nameserver121.com.
;; ADDITIONAL SECTION:
ns.nameserver121.com. 1D IN A 195.94.80.1
ns2.nameserver121.com. 1D IN A 195.94.83.15
;; Total query time: 5405 msec
;; FROM: drugs.dv.isc.org to SERVER: localhost 127.0.0.1
;; WHEN: Thu Oct 18 11:04:05 2001
;; MSG SIZE sent: 31 rcvd: 131
drugs# ps ax | grep named
17013 ?? Is 0:00.04 named/named
drugs# kill 17013
drugs#
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list