BIND 9.2 for NT and Timeout Issues

Danny Mayer mayer at gis.net
Mon Oct 22 05:48:57 UTC 2001


At 05:42 PM 10/21/01, Kevin Vaughn wrote:
>I am fixing to upgrade my company's internal DNS servers that are running
>BIND 4.9.7.  I am using the same zone files.  The original zone files don't
>have any host names that BIND 8 and 9 shouldn't support.  I rebuilt the BIND
>configuration files from scratch.
>
>I have built a small LAN consisting of four computers, a primary, a slave,
>and two resolvers.  This small network is a test network.  The real network
>has around 1400 hosts.  On my test network I have built the zone that will
>contain all 1400 hosts.  On the test network everything works fine.
>
>Today I moved my zones from my test servers to my real servers.  Just to
>give you a little more info, the production slave server is doubling as our
>e-mail server.  When I bring up the servers there are no problems.  I can
>send and receive e-mail externally and internally.  I can go to any
>websites, etc.  After about ten minutes I start to get resolution timeouts.
>If I use nslookup, I get a message saying my default servers aren't
>available.

Please don't use nslookup, use dig. Does dig timeout?

>   In my log I am getting errors like below:
>
>Oct 21 15:07:30.231 resolver: debug 1: createfetch:
>biz.finance.yahoo.akadns.net A
>Oct 21 15:07:32.231 client: warning: client 10.5.1.206#3517: error sending
>response: address not available
>Oct 21 15:07:32.231 client: warning: client 10.6.76.2#1074: error sending
>response: address not available
>Oct 21 15:07:32.231 client: warning: client 10.6.76.2#1074: error sending
>response: address not available
>Oct 21 15:07:34.231 queries: info: client 10.10.43.3#3044: query:
>csb.yahoo.com IN A
>Oct 21 15:07:34.231 client: warning: client 10.10.43.3#3044: error sending
>response: address not available
>Oct 21 15:07:34.231 queries: info: client 10.5.1.206#3517: query:
>biz.yahoo.com IN A
>Oct 21 15:07:34.231 client: warning: client 10.5.1.206#3517: error sending
>response: address not available
>Oct 21 15:07:34.231 queries: info: client 10.6.76.2#1074: query:
>zone.msn.com IN A
>
>Below is the portion of the log right before the errors start occuring:
>
>Oct 21 15:02:29.606 queries: info: client 10.6.59.3#4288: query:
>office.microsoft.com IN A
>Oct 21 15:02:29.606 queries: info: client 10.6.59.3#4288: query:
>office.microsoft.com IN A
>Oct 21 15:02:29.606 queries: info: client 10.10.8.200#1195: query:
>14.1.6.10.in-addr.arpa IN PTR
>Oct 21 15:02:29.606 queries: info: client 10.10.43.3#3041: query:
>csa.yahoo.com.pcca.com IN A
>Oct 21 15:02:29.606 general: debug 1: message has 1 byte(s) of trailing
>garbage
>Oct 21 15:02:29.606 queries: info: client 10.180.8.4#137: query:
>ADS.WEB.AOL.COM.pcca.com IN A
>Oct 21 15:02:37.653 client: warning: client 10.180.8.4#137: error sending
>response: address not available
>Oct 21 15:05:25.653 queries: info: client 10.10.83.2#1396: query:
>www.yahoo.com.pcca.com IN A
>Oct 21 15:05:25.653 client: warning: client 10.10.83.2#1396: error sending
>response: address not available

Those were the messages I was looking for.  You can't use the Class A
10.x.x.x  IP addresses on a public network. Those have to be behind a
firewall.  The test named.conf didn't show any forwarders set up to forward
out of the internal network. Furthermore your domain name is being
appended to the queries.  I suspect the client is doing that. For example:
www.yahoo.com.pcca.com.

>There is absolutely nothing in the log that gives any insight into why it
>just started failing.  I would be willing to send my zone files if you are
>willing to look at them.  I don't want to post them here.

You can send them to me directly. Your log DOES show something: bad
queries. How are they being generated?  Do you have a tool doing lookups
or are these real queries?

>On a side note, I haven't generated a rndc.key file.  My servers on the test
>network have been working fine without it so I decided to leave it out.
>Could NOT having a key cause the servers to timeout?

Not relevant to the problem.

         Danny



More information about the bind-users mailing list