Another server that doesn't like edns

Danny Mayer mayer at gis.net
Mon Jul 8 02:41:05 UTC 2002


At 09:40 PM 7/7/02, Doug Barton wrote:

>         I figured I'd mention this here because last time this topic came
>up, Mark was able to use the data to improve bind 8's edns stuff. I saw
>lots of "refused query on non-query socket" errors from one IP after
>upgrading to bind 8.3.3 on my resolvers. I know from reading here is often
>a symptom of edns problems. The IP is 207.14.100.134, which it turns out
>is being used as the IP of two different name servers:
>
>dig @207.14.100.134 -x 207.14.100.134 ptr
>
>; <<>> DiG 8.3 <<>> @207.14.100.134 -x ptr
>; (1 server found)
>;; res options: init recurs defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
>;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>;; QUERY SECTION:
>;;      134.100.14.207.in-addr.arpa, type = PTR, class = IN
>
>;; ANSWER SECTION:
>134.100.14.207.in-addr.arpa.  1D IN A  207.14.100.134
>
>;; AUTHORITY SECTION:
>134.100.14.207.in-addr.arpa.  1D IN NS  NS1.INTERIMNAMESERVER.COM.
>134.100.14.207.in-addr.arpa.  1D IN NS  NS2.INTERIMNAMESERVER.COM.
>
>;; ADDITIONAL SECTION:
>NS1.INTERIMNAMESERVER.COM.  1D IN A  207.14.100.134
>NS2.INTERIMNAMESERVER.COM.  1D IN A  207.14.100.134
>
>
>Those name servers are authoritative for a lot of zones that my users want
>to visit, so I was getting a lot of errors. Interstingly enough, the qr
>flag is set on the response when I use dig. In the past, the edns problems
>I read about were related to the lack of that flag. I haven't done any
>tcpdumping of the traffic to and from my resolvers though... sorry. I do
>know that when I put
>
>server 207.14.100.134   { edns no; };
>
>in my configs, the problem goes away, and users are able to surf to those
>domains.
A BIND 9 dig shows malformed message packet:
H:\bind9bin>dig @NS1.INTERIMNAMESERVER.COM version.bind txt chaos
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.2.0 <<>> @NS1.INTERIMNAMESERVER.COM version.bind txt chaos
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; ANSWER SECTION:
version.bind.           86400   IN      A       207.14.100.134

;; AUTHORITY SECTION:
version.bind.           86400   IN      NS      NS1.INTERIMNAMESERVER.COM.
version.bind.           86400   IN      NS      NS2.INTERIMNAMESERVER.COM.

;; ADDITIONAL SECTION:
NS1.INTERIMNAMESERVER.COM. 86400 IN     A       207.14.100.134
NS2.INTERIMNAMESERVER.COM. 86400 IN     A       207.14.100.134

;; Query time: 680 msec
;; SERVER: 207.14.100.134#53(NS1.INTERIMNAMESERVER.COM)
;; WHEN: Sun Jul 07 22:28:42 2002
;; MSG SIZE  rcvd: 156

Notice that I asked for a CH class and got back an IN class in the response.
When I looked up the NS1 address I got back:
NS1.INTERIMNAMESERVER.COM. 172800 IN    A       207.14.100.134
NS2.INTERIMNAMESERVER.COM. 172800 IN    A       64.0.0.134

so the glue and the ns entries disagree. Not only that, asking for the SOA
returns the A record.  There's something really strange about this server
and whoever is managing it.

Danny



More information about the bind-users mailing list