Another server that doesn't like edns
Doug Barton
DougB at DougBarton.net
Mon Jul 8 01:40:59 UTC 2002
I figured I'd mention this here because last time this topic came
up, Mark was able to use the data to improve bind 8's edns stuff. I saw
lots of "refused query on non-query socket" errors from one IP after
upgrading to bind 8.3.3 on my resolvers. I know from reading here is often
a symptom of edns problems. The IP is 207.14.100.134, which it turns out
is being used as the IP of two different name servers:
dig @207.14.100.134 -x 207.14.100.134 ptr
; <<>> DiG 8.3 <<>> @207.14.100.134 -x ptr
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 134.100.14.207.in-addr.arpa, type = PTR, class = IN
;; ANSWER SECTION:
134.100.14.207.in-addr.arpa. 1D IN A 207.14.100.134
;; AUTHORITY SECTION:
134.100.14.207.in-addr.arpa. 1D IN NS NS1.INTERIMNAMESERVER.COM.
134.100.14.207.in-addr.arpa. 1D IN NS NS2.INTERIMNAMESERVER.COM.
;; ADDITIONAL SECTION:
NS1.INTERIMNAMESERVER.COM. 1D IN A 207.14.100.134
NS2.INTERIMNAMESERVER.COM. 1D IN A 207.14.100.134
Those name servers are authoritative for a lot of zones that my users want
to visit, so I was getting a lot of errors. Interstingly enough, the qr
flag is set on the response when I use dig. In the past, the edns problems
I read about were related to the lack of that flag. I haven't done any
tcpdumping of the traffic to and from my resolvers though... sorry. I do
know that when I put
server 207.14.100.134 { edns no; };
in my configs, the problem goes away, and users are able to surf to those
domains.
HTH,
Doug
--
"We have known freedom's price. We have shown freedom's power.
And in this great conflict, ... we will see freedom's victory."
- George W. Bush, President of the United States
State of the Union, January 28, 2002
Do YOU Yahoo!?
More information about the bind-users
mailing list