Another server that doesn't like edns

James Griffin agriffin at cpcug.org
Mon Jul 8 03:04:10 UTC 2002


Doug Barton wrote:
> 
>         I figured I'd mention this here because last time this topic came
> up, Mark was able to use the data to improve bind 8's edns stuff. I saw
> lots of "refused query on non-query socket" errors from one IP after
> upgrading to bind 8.3.3 on my resolvers. I know from reading here is often
> a symptom of edns problems. The IP is 207.14.100.134, which it turns out
> is being used as the IP of two different name servers:
> 
> dig @207.14.100.134 -x 207.14.100.134 ptr
> 
> ; <<>> DiG 8.3 <<>> @207.14.100.134 -x ptr
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;      134.100.14.207.in-addr.arpa, type = PTR, class = IN
> 
> ;; ANSWER SECTION:
> 134.100.14.207.in-addr.arpa.  1D IN A  207.14.100.134
> 
> ;; AUTHORITY SECTION:
> 134.100.14.207.in-addr.arpa.  1D IN NS  NS1.INTERIMNAMESERVER.COM.
> 134.100.14.207.in-addr.arpa.  1D IN NS  NS2.INTERIMNAMESERVER.COM.
> 
> ;; ADDITIONAL SECTION:
> NS1.INTERIMNAMESERVER.COM.  1D IN A  207.14.100.134
> NS2.INTERIMNAMESERVER.COM.  1D IN A  207.14.100.134
> 
> Those name servers are authoritative for a lot of zones that my users want
> to visit, so I was getting a lot of errors. Interstingly enough, the qr
> flag is set on the response when I use dig. In the past, the edns problems
> I read about were related to the lack of that flag. I haven't done any
> tcpdumping of the traffic to and from my resolvers though... sorry. I do
> know that when I put
> 
> server 207.14.100.134   { edns no; };
> 

$ whois 207.14.100.134
SprintLink (NETBLK-SPRINT-W2)   SPRINT-W2          207.12.0.0 -
207.15.255.255
TIME WARNER - INTERNET DATA DIVISION (NETBLK-FON-34738257923199)
FON-34738257923199
                                                  207.14.96.0 -
207.14.111.255

Should we be asking someone at Time Warner?

Inquiring minds want to know!  ;)

Jim





> in my configs, the problem goes away, and users are able to surf to those
> domains.
> 
> HTH,
> 
> Doug
> --
>    "We have known freedom's price. We have shown freedom's power.
>       And in this great conflict, ...  we will see freedom's victory."
>         - George W. Bush, President of the United States
>           State of the Union, January 28, 2002
> 
>          Do YOU Yahoo!?


More information about the bind-users mailing list