BIND fails if one of 2 servers is bad?

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Sep 30 00:25:25 UTC 2003


> Running BIND 9.2.1 (RedHat 9), I get the following results:
> 
> # dig counterpunch.org
> 
> ; <<>> DiG 9.2.1 <<>> counterpunch.org
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20001
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;counterpunch.org.              IN      A
> 
> But when I do +trace I get:
> 
> # dig counterpunch.org +trace
> 
> ; <<>> DiG 9.2.1 <<>> counterpunch.org +trace
> ;; global options:  printcmd
> ...
> org.                    86400   IN      NS      TLD2.ULTRADNS.NET.
> org.                    86400   IN      NS      TLD1.ULTRADNS.NET.
> ;; Received 116 bytes from 195.206.104.13#53(M.ROOT-SERVERS.ORSC) in 192 ms
> 
> COUNTERPUNCH.ORG.       172800  IN      NS      NS.LEB.NET.
> COUNTERPUNCH.ORG.       172800  IN      NS      NS.DOLEH.COM.
> ;; Received 100 bytes from 204.74.113.1#53(TLD2.ULTRADNS.NET) in 35 ms
> 
> counterpunch.org.       86400   IN      A       38.117.146.196
> counterpunch.org.       86400   IN      NS      ns.leb.net.
> ;; Received 74 bytes from 206.127.55.2#53(NS.LEB.NET) in 108 ms
> 
> So NS.LEB.NET is working and answers for the domain, but when I do the
> simple query (e.g. for normal web browsing) I get the server fail.
> (Presumably because NS.DOLEH.COM does not exist).  Is my server somehow
> mis-configured? Seems like it should answer as long as one of the name
> servers is responding (isn't that the whole point of redundant servers?)
> 
> Thanks for any advice,
> 
> Andre
 
	The listed nameserver is CNAME.  This is the classic example why
	named enforces NS not referring to CNAMES.  It would require the
	com servers to hold both the CNAME and the A record.  It would
	also require additional section processing to follow CNAMES.

	Mark

; <<>> DiG 8.3 <<>> ns.leb.net @206.127.55.2 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;	ns.leb.net, type = A, class = IN

;; ANSWER SECTION:
ns.leb.net.		1D IN CNAME	leb.net.
leb.net.		1D IN A		206.127.55.2

;; AUTHORITY SECTION:
leb.net.		1D IN NS	ns.leb.net.

;; Total query time: 258 msec
;; FROM: bsdi.dv.isc.org to SERVER: 206.127.55.2  206.127.55.2
;; WHEN: Tue Sep 30 10:19:41 2003
;; MSG SIZE  sent: 28  rcvd: 72
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list