BIND9 don't query specific nameserver with IPv4 address.

Daisuke Koike daisukek at tkd.att.ne.jp
Wed Jun 23 10:45:52 UTC 2004


Hi all,

I have a problem when using BIND-9.2.3 as a cache server.

When I'll resolve RRs of specific domain, sometimes it seems that BIND9 query
that nemeserver only with IPv6, though that nameserver has both IPv4 and IPv6
addresses.
# I checked by tcpdump and trace logs, and thought so
The cache server don't have IPv6 reachability, so the query fails.

The domain is "sm.sony.co.jp" and the problem can reproduce on my box as
follows.


1. enable debugging and flush all caches.
------------------------------------------------------------
13:58> sbin/rndc -c etc/rndc.conf trace 99
13:58> sbin/rndc -c etc/rndc.conf flush
------------------------------------------------------------


2. dig MX record of the domain "sm.sony.co.jp".
------------------------------------------------------------
13:58> dig @localhost sm.sony.co.jp mx +d2 +time=300

; <<>> DiG 8.3 <<>> @localhost sm.sony.co.jp mx +d2 +time=300
; (2 servers found)
;; res_nmkquery(QUERY, sm.sony.co.jp, IN, MX)
;; res options: init debug recurs defnam dnsrch ?0x80000000?
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3332
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      sm.sony.co.jp, type = MX, class = IN

;; Querying server (# 1) address = ::1
;; new DG socket
res_send: recvfrom: Connection refused
;; Querying server (# 2) address = 127.0.0.1
;; new DG socket
server rejected query:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3332
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      sm.sony.co.jp, type = MX, class = IN

;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3332
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      sm.sony.co.jp, type = MX, class = IN

;; Total query time: 30017 msec
;; FROM: rap.jp.above.net to SERVER: localhost  ::1
;; WHEN: Wed Jun 23 13:59:10 2004
;; MSG SIZE  sent: 31  rcvd: 31

13:59>
------------------------------------------------------------
# it often fails like this


3. the result of tcpdump (# tcpdump -n -vvv -s1024 port domain)
Please see http://165.76.207.140/bind/tcpdump.txt

Though an authority nameserver of sm.sony.co.jp is widefw.csl.sony.co.jp,
BIND9 didn't query that.


4. debug log (trace level 99)
Please see http://165.76.207.140/bind/tracelog.txt

It seems that BIND9 is querying to widefw.csl.sony.co.jp only with IPv6.


5. cache dump
Please see http://165.76.207.140/bind/named_dump.txt

BIND9 has both IPv4 and IPv6 addresses about widefw.csl.sony.co.jp on the
cache, as glue record.


# I tested on this environment
------------------------------------------------------------
OS - FreeBSD 4.7-RELEASE
BIND - 9.2.3(compiled from source, with no configure option except prefix)
named.conf -> http://211.18.251.218/bind/named.conf.txt
------------------------------------------------------------

According to my recognition, if the nameserver has both A and AAAA records
and if querying with IPv6 fails, BIND should re-query with IPv4.

Where is my mistake?
Please point it out if there is some unclear information about this.

Thanks.
----------------------------------------
Daisuke Koike 	<daisukek at tkd.att.ne.jp>


More information about the bind-users mailing list