Problem with a host Delagation
Terry Rossi
tpr at pics.com
Tue Dec 16 18:44:22 UTC 2003
Hi,
I have implemented a F5 Networks Link Controller to do inbound load
balancing. In order to make this device work you need to have the LC
respond to DNS requests for IP addresses you wish to inbound load
balance. I did this with my webserver by adding NS records for the
webserver host.
ie:
;www 3600 IN A 192.135.189.20
www 3600 IN NS bigip1.pics.com. ;Cl=2
3600 IN NS bigip2.pics.com. ;Cl=2
Bind 8.2.3-REL on the parent (where the zone file resides) answers
fine 75% of the time, the other 25% of the time it reports a SERVFAIL
and i see no proof (with tcpdump) that bind is asking the F5 device
for the IP of www.pics.com.
Here is a dig debug (from the parent 192.135.189.20) but I have no
idea what this means or how to correct.
# dig www.pics.com +debug
; <<>> DiG 8.3 <<>> www.pics.com +debug
;; res_nmkquery(QUERY, www.pics.com, IN, A)
;; res options: init debug recurs defnam dnsrch
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18404
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; www.pics.com, type = A, class = IN
;; Querying server (# 1) address = 192.135.189.20
;; new DG socket
server rejected query:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18404
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; www.pics.com, type = A, class = IN
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18404
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; www.pics.com, type = A, class = IN
;; Total query time: 4 msec
;; FROM: picspc01.pics.com to SERVER: default -- 192.135.189.20
;; WHEN: Tue Dec 16 12:58:11 2003
;; MSG SIZE sent: 30 rcvd: 30
Here is an example after I restarted bind
$ named -v
named 8.2.3-REL Thu Feb 15 09:57:28 EST 2001
root at picspc01.pics.com:/u3/obj/u3/src/src/usr.sbin/named
$ dig www.pics.com +debug
; <<>> DiG 8.3 <<>> www.pics.com +debug
;; res_nmkquery(QUERY, www.pics.com, IN, A)
;; res options: init debug recurs defnam dnsrch
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47326
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; www.pics.com, type = A, class = IN
;; Querying server (# 1) address = 192.135.189.20
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47326
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
0
;; QUERY SECTION:
;; www.pics.com, type = A, class = IN
;; ANSWER SECTION:
www.pics.com. 5S IN A 207.8.189.152
;; Total query time: 4 msec
;; FROM: picspc01.pics.com to SERVER: default -- 192.135.189.20
;; WHEN: Tue Dec 16 13:42:55 2003
;; MSG SIZE sent: 30 rcvd: 46
$
Thanks in advance for any advice you can provide.
Regards,
Terry
More information about the bind-users
mailing list