Another server that doesn't like edns

Doug Barton DougB at DougBarton.net
Mon Jul 8 01:40:59 UTC 2002


	I figured I'd mention this here because last time this topic came
up, Mark was able to use the data to improve bind 8's edns stuff. I saw
lots of "refused query on non-query socket" errors from one IP after
upgrading to bind 8.3.3 on my resolvers. I know from reading here is often
a symptom of edns problems. The IP is 207.14.100.134, which it turns out
is being used as the IP of two different name servers:

dig @207.14.100.134 -x 207.14.100.134 ptr

; <<>> DiG 8.3 <<>> @207.14.100.134 -x ptr
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      134.100.14.207.in-addr.arpa, type = PTR, class = IN

;; ANSWER SECTION:
134.100.14.207.in-addr.arpa.  1D IN A  207.14.100.134

;; AUTHORITY SECTION:
134.100.14.207.in-addr.arpa.  1D IN NS  NS1.INTERIMNAMESERVER.COM.
134.100.14.207.in-addr.arpa.  1D IN NS  NS2.INTERIMNAMESERVER.COM.

;; ADDITIONAL SECTION:
NS1.INTERIMNAMESERVER.COM.  1D IN A  207.14.100.134
NS2.INTERIMNAMESERVER.COM.  1D IN A  207.14.100.134


Those name servers are authoritative for a lot of zones that my users want
to visit, so I was getting a lot of errors. Interstingly enough, the qr
flag is set on the response when I use dig. In the past, the edns problems
I read about were related to the lack of that flag. I haven't done any
tcpdumping of the traffic to and from my resolvers though... sorry. I do
know that when I put

server 207.14.100.134   { edns no; };

in my configs, the problem goes away, and users are able to surf to those
domains.

HTH,

Doug
-- 
   "We have known freedom's price. We have shown freedom's power.
      And in this great conflict, ...  we will see freedom's victory."
	- George W. Bush, President of the United States
          State of the Union, January 28, 2002

         Do YOU Yahoo!?




More information about the bind-users mailing list