Intermittent name resolution issues

Fri Aug 6 18:37:10 UTC 2004

OK. We experienced the problem again today www.yahoo.com couldn't be
resolved by our internal nameserver for approximately 30 minutes, that
we know of. Yes we do have a Checkpoint firewall NG R55 and we turned
off the (DNS) UDP Protocol Enforcement in SmartDefense while
troubleshooting. During the time of troubleshooting I did a trace level
3 and found the following:

Aug 06 10:59:59.030 fctx 0x8527b28: too many timeouts, disabling EDNS0
Aug 06 10:59:59.080 fctx 0x8ef9a88: too many timeouts, disabling EDNS0
Aug 06 10:59:59.510 fctx 0x8effee8: too many timeouts, disabling EDNS0
Aug 06 11:00:00.090 fctx 0x87557f8: too many timeouts, disabling EDNS0
Aug 06 11:00:00.360 fctx 0x81b0908: too many timeouts, disabling EDNS0
Aug 06 11:00:01.690 fctx 0x8279750: too many timeouts, disabling EDNS0
Aug 06 11:00:01.880 fctx 0x8262718: too many timeouts, disabling EDNS0
Aug 06 11:00:01.880 fctx 0x8750cd0: too many timeouts, disabling EDNS0
Aug 06 11:00:01.880 fctx 0x8499178: too many timeouts, disabling EDNS0
Aug 06 11:00:02.460 fctx 0x86201e8: too many timeouts, disabling EDNS0
Aug 06 11:00:02.700 fctx 0x88fdd88: too many timeouts, disabling EDNS0
Aug 06 11:00:02.840 fctx 0x81a2c10: too many timeouts, disabling EDNS0
Aug 06 11:00:02.870 fctx 0x817d7d8: too many timeouts, disabling EDNS0
Aug 06 11:00:02.870 fctx 0x86f79c8: too many timeouts, disabling EDNS0
Aug 06 11:00:02.940 fctx 0x83d8810: too many timeouts, disabling EDNS0
Aug 06 11:00:03.340 fctx 0x81939b0: too many timeouts, disabling EDNS0
Aug 06 11:00:03.800 fctx 0x842c598: too many timeouts, disabling EDNS0
Aug 06 11:00:03.870 fctx 0x8ee4838: too many timeouts, disabling EDNS0
Aug 06 11:00:03.910 fctx 0x8ed2a10: too many timeouts, disabling EDNS0
<- snip ->
Aug 06 11:32:01.714 fctx 0x8106cc0: too many timeouts, disabling EDNS0
Aug 06 11:32:01.883 fctx 0x8d26990: too many timeouts, disabling EDNS0

The consistency is the same, as far as time goes, from 10:59 to 11:32.
The interesting thing to note here is that our secondary internal DNS
server resolved www.yahoo.com just fine as well as our external DNS
server, all running through the same firewall.

>>> "Michael Varre" <bind9 at kishmish.com> 08/05/04 10:10 AM >>>
Are you behind a pix or some other firewall?  I had to raise max packet
size
for dns entries on my pix to 1024 (many people suggest 4096).  It has to
do
with the size of some domains' EDNS0 response packets.

Michael Varre (mike at kishmish.com)
Kishmish LLC. - Systems Administrator
2 Clinton Square Suite 130
Syracuse, NY 13202
t. 315.478.8172
f. 800.375.3951
m. 315.952.5753

Kishmish LLC. Network Services
www.kishmish.com

"Do not be afraid to try something new...Remember, amateurs built the
ark;
professionals built the Titanic." 

[Hidden DOS secret: Add BUGS=OFF to your CONFIG.SYS]

> -----Original Message-----
> From: bind-users-bounce at isc.org 
> [mailto:bind-users-bounce at isc.org] On Behalf Of Jeffrey Brown
> Sent: Thursday, August 05, 2004 11:29 AM
> To: bind-users at isc.org
> Subject: Intermittent name resolution issues
> 
> Hello, we have an internal DNS server (9.2.1) that seems to 
> forget how resolve different names on the internet at varoius 
> times. For example, it'll be happily humming along and then 
> it won't resolve www.yahoo.com however, other queries to 
> internet hosts on the internal DNS server resolve OK and our 
> external DNS server resolves www.yahoo.com OK. This behavior 
> will continue until we either restart named or interestingly 
> enough, I've done a $ dig +trace -x <yahoo.coms ip address> 
> <ip of internal dns server>, and what's that has been 
> resolved, it seems the internal name servers cache magically 
> knows how to resolve www.yahoo.com again. Any hints, 
> suggestions, clues. Thanks.
> 