Bind 8.x intermittent resolution issues

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Oct 29 01:03:27 UTC 2002


> I am intermittently experienceing resolution issues with Bind 8.2.3 and
> 8.3.3 for particular names.  With five minutes of failing for a
> non-authoritive lookup the server will be able to resolve the name again,
> with no corrective action taken.  Two such domains are mail.yahoo.com and
> securityresponse.symantec.com.

	These responses won't make it past a PIX firewall.  When we have
	traced this in the past the sites with problems have been behind
	PIX firewalls.  Note both answers are bigger than 512 octets as is
	allowed for with EDNS0.

	Mark

; <<>> DiG 9.2.2rc1 <<>> +bufsize=1024 securityresponse.symantec.com @ns1.symantec.com.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47015
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 14

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;securityresponse.symantec.com.	IN	A

;; ANSWER SECTION:
securityresponse.symantec.com. 21600 IN	CNAME	www.symantec.com.
www.symantec.com.	21600	IN	CNAME	www.symantec.d4p.net.

;; AUTHORITY SECTION:
.			493221	IN	NS	M.ROOT-SERVERS.net.
.			493221	IN	NS	I.ROOT-SERVERS.net.
.			493221	IN	NS	E.ROOT-SERVERS.net.
.			493221	IN	NS	D.ROOT-SERVERS.net.
.			493221	IN	NS	A.ROOT-SERVERS.net.
.			493221	IN	NS	H.ROOT-SERVERS.net.
.			493221	IN	NS	C.ROOT-SERVERS.net.
.			493221	IN	NS	G.ROOT-SERVERS.net.
.			493221	IN	NS	F.ROOT-SERVERS.net.
.			493221	IN	NS	B.ROOT-SERVERS.net.
.			493221	IN	NS	J.ROOT-SERVERS.net.
.			493221	IN	NS	K.ROOT-SERVERS.net.
.			493221	IN	NS	L.ROOT-SERVERS.net.

;; ADDITIONAL SECTION:
M.ROOT-SERVERS.net.	579621	IN	A	202.12.27.33
I.ROOT-SERVERS.net.	579621	IN	A	192.36.148.17
E.ROOT-SERVERS.net.	579621	IN	A	192.203.230.10
D.ROOT-SERVERS.net.	579621	IN	A	128.8.10.90
A.ROOT-SERVERS.net.	579621	IN	A	198.41.0.4
H.ROOT-SERVERS.net.	579621	IN	A	128.63.2.53
C.ROOT-SERVERS.net.	579621	IN	A	192.33.4.12
G.ROOT-SERVERS.net.	579621	IN	A	192.112.36.4
F.ROOT-SERVERS.net.	579621	IN	A	192.5.5.241
B.ROOT-SERVERS.net.	579621	IN	A	128.9.0.107
J.ROOT-SERVERS.net.	579621	IN	A	198.41.0.10
K.ROOT-SERVERS.net.	579621	IN	A	193.0.14.129
L.ROOT-SERVERS.net.	579621	IN	A	198.32.64.12

;; Query time: 285 msec
;; SERVER: 198.6.49.5#53(ns1.symantec.com.)
;; WHEN: Tue Oct 29 11:53:21 2002
;; MSG SIZE  rcvd: 526


; <<>> DiG 9.2.2rc1 <<>> +bufsize=1024 mail.yahoo.com @ns1.yahoo.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47896
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 14

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.yahoo.com.			IN	A

;; ANSWER SECTION:
mail.yahoo.com.		1800	IN	CNAME	login.yahoo.com.
login.yahoo.com.	1800	IN	CNAME	login.yahoo.akadns.net.

;; AUTHORITY SECTION:
net.			91990	IN	NS	A.GTLD-SERVERS.net.
net.			91990	IN	NS	G.GTLD-SERVERS.net.
net.			91990	IN	NS	H.GTLD-SERVERS.net.
net.			91990	IN	NS	C.GTLD-SERVERS.net.
net.			91990	IN	NS	I.GTLD-SERVERS.net.
net.			91990	IN	NS	B.GTLD-SERVERS.net.
net.			91990	IN	NS	D.GTLD-SERVERS.net.
net.			91990	IN	NS	L.GTLD-SERVERS.net.
net.			91990	IN	NS	F.GTLD-SERVERS.net.
net.			91990	IN	NS	J.GTLD-SERVERS.net.
net.			91990	IN	NS	K.GTLD-SERVERS.net.
net.			91990	IN	NS	E.GTLD-SERVERS.net.
net.			91990	IN	NS	M.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net.	91946	IN	A	192.5.6.30
G.GTLD-SERVERS.net.	91946	IN	A	192.42.93.30
H.GTLD-SERVERS.net.	91946	IN	A	192.54.112.30
C.GTLD-SERVERS.net.	91946	IN	A	192.26.92.30
I.GTLD-SERVERS.net.	91946	IN	A	192.43.172.30
B.GTLD-SERVERS.net.	91946	IN	A	192.33.14.30
D.GTLD-SERVERS.net.	91946	IN	A	192.31.80.30
L.GTLD-SERVERS.net.	91946	IN	A	192.41.162.30
F.GTLD-SERVERS.net.	91946	IN	A	192.35.51.30
J.GTLD-SERVERS.net.	91946	IN	A	192.48.79.30
K.GTLD-SERVERS.net.	91946	IN	A	192.52.178.30
E.GTLD-SERVERS.net.	91946	IN	A	192.12.94.30
M.GTLD-SERVERS.net.	91946	IN	A	192.55.83.30

;; Query time: 300 msec
;; SERVER: 66.218.71.63#53(ns1.yahoo.com)
;; WHEN: Tue Oct 29 11:56:43 2002
;; MSG SIZE  rcvd: 528

> 
> I have multiple servers geographically seperated on seperate ISPs.  One will
> have the problem, but another will work fine for the lookup during the same
> period.
> 
> To further complicate things, I have several bind 8.3.1 servers running in a
> similar environment with no issues.  They always seem to look up these names
> correctly.
> 
> Any ideas?  I have seen postings on groups.google.com about similar problems
> with no resolution or followups.
> 
> Thanks,
> 
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list