Another server that doesn't like edns
James Griffin
agriffin at cpcug.org
Mon Jul 8 03:04:10 UTC 2002
Doug Barton wrote:
>
> I figured I'd mention this here because last time this topic came
> up, Mark was able to use the data to improve bind 8's edns stuff. I saw
> lots of "refused query on non-query socket" errors from one IP after
> upgrading to bind 8.3.3 on my resolvers. I know from reading here is often
> a symptom of edns problems. The IP is 207.14.100.134, which it turns out
> is being used as the IP of two different name servers:
>
> dig @207.14.100.134 -x 207.14.100.134 ptr
>
> ; <<>> DiG 8.3 <<>> @207.14.100.134 -x ptr
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; 134.100.14.207.in-addr.arpa, type = PTR, class = IN
>
> ;; ANSWER SECTION:
> 134.100.14.207.in-addr.arpa. 1D IN A 207.14.100.134
>
> ;; AUTHORITY SECTION:
> 134.100.14.207.in-addr.arpa. 1D IN NS NS1.INTERIMNAMESERVER.COM.
> 134.100.14.207.in-addr.arpa. 1D IN NS NS2.INTERIMNAMESERVER.COM.
>
> ;; ADDITIONAL SECTION:
> NS1.INTERIMNAMESERVER.COM. 1D IN A 207.14.100.134
> NS2.INTERIMNAMESERVER.COM. 1D IN A 207.14.100.134
>
> Those name servers are authoritative for a lot of zones that my users want
> to visit, so I was getting a lot of errors. Interstingly enough, the qr
> flag is set on the response when I use dig. In the past, the edns problems
> I read about were related to the lack of that flag. I haven't done any
> tcpdumping of the traffic to and from my resolvers though... sorry. I do
> know that when I put
>
> server 207.14.100.134 { edns no; };
>
$ whois 207.14.100.134
SprintLink (NETBLK-SPRINT-W2) SPRINT-W2 207.12.0.0 -
207.15.255.255
TIME WARNER - INTERNET DATA DIVISION (NETBLK-FON-34738257923199)
FON-34738257923199
207.14.96.0 -
207.14.111.255
Should we be asking someone at Time Warner?
Inquiring minds want to know! ;)
Jim
> in my configs, the problem goes away, and users are able to surf to those
> domains.
>
> HTH,
>
> Doug
> --
> "We have known freedom's price. We have shown freedom's power.
> And in this great conflict, ... we will see freedom's victory."
> - George W. Bush, President of the United States
> State of the Union, January 28, 2002
>
> Do YOU Yahoo!?
More information about the bind-users
mailing list