Bind behaves weirdly

Barry Margolin barmar at alum.mit.edu
Tue Dec 28 00:22:14 UTC 2004 

In article <cqq8d9$25s8$1 at sf1.isc.org>, Bill Larson <bind9 at comcast.net> 
wrote:

> On Dec 27, 2004, at 3:06 PM, jc pinoteau wrote:
> 
> > I am using bind 9.2.3 for caching only on several gateways with 
> > different
> > ISPs. On one of them I get weird results. It won't resolve google.com 
> > (for
> > instance) for a few hours then it would do it again (without any 
> > action from
> > my part). It will give the same result as if I was digging on a non 
> > existing
> > domain.
> >
> > It is not a problem with the ISP as digging on the ISP's DNS returns a 
> > good
> > result.
> >
> > If I restart bind it works again.
> >
> > How can I analyse what is happening?
> 
> You can use "dig" with a "+trace" option to give more complete DNS 
> resolution information.
> 
> > options {
> >            forward first;
> >            forwarders {
> >                195.68.0.1;
> >                195.68.0.2;
> >            };
> > };
> >
> 
> Are you sure that your "forwarders" statement is correct.  You have 
> identified 192.68.0.1 and 192.68.0.2 as the servers that you are 
> forwarding to.  Just guessing, are you sure that you don't want 
> 192.168.0.1 and 192.168.0.2 as your forwarders?  (The 192.68.0.0 
> network belongs to a German organization.  These addresses don't 
> respond to DNS queries so I suspect that they aren't functioning DNS 
> servers.)

It's 195, not 192.  196.68.0.0/24 belongs to ImagiNET France, and 
resolves to what looks like his ISP's nameservers:

barmar $ host 195.68.0.1
1.0.68.195.in-addr.arpa domain name pointer nscache0.coltfrance.com.
barmar $ host 195.68.0.2
2.0.68.195.in-addr.arpa domain name pointer nscache1.coltfrance.com.

Why would you think he would want to forward to 192.168.x.x addresses?  
Those are private addresses, so they probably wouldn't get out of his 
home LAN.

> 
> Then again, since you are running your own DNS servers, do you really 
> need to have these "forward first"/"forwarders" sections at all?  There 
> are many times that trying to specify a forwarding system for DNS 
> causes more problems than it solves.

This I agree with.  Forwarding should be the exception, not the rule.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

More information about the bind-users mailing list