Can't resolve a domain by Cache Server

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Sat Oct 9 11:18:32 UTC 2004


Joe Shen <sj_hznm at yahoo.com.cn> wrote:
> Thanks for your help.

> But, would you please give me more explanation on
> "broken zone"? Why sometimes our cache server could
> resolve names in that domain?=20

Lots of stuff, for instance when asking one of the=20
nameservers for 50hz.cn about the A record for
one of the nameservers :
> dig ns1.50hz.cn. a @202.107.201.1
; <<>> DiG 9.3.0 <<>> ns1.50hz.cn. a @202.107.201.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4108
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.50hz.cn.                   IN      A

;; ANSWER SECTION:
ns1.50hz.cn.            86400   IN      CNAME   202-107-201-1.50hz.cn.
202-107-201-1.50hz.cn.  86400   IN      A       202.107.201.1

;; AUTHORITY SECTION:
50hz.cn.                86400   IN      NS      ns1.50hz.cn.

NS records uses FQDN not cnames as rhs


A second thing, the zone is delegated to ( according to delegation) :
50hz.cn.                86400   IN      NS      ns2.50hz.cn.
50hz.cn.                86400   IN      NS      ns1.50hz.cn.

Within the zone itself only one of the servers are named :
50hz.cn.                86400   IN      NS      ns1.50hz.cn.
( using a cname as rhs)


Third, all nameservers are located at the end of the same=20
thin link , any congestions and or disturbances will affect=20
the ability to resolve anything from that zone.


The list is long ...


>  as we are planning to setup our primary DNS server ,
> it's really valuable for me to know how to avoid and
> fix such problem.=20



> Thanks again and long for your help.



> regards

> Joe
> =20

> --- phn at icke-reklam.ipsec.nu =B5=C4=D5=FD=CE=C4=A3=BA
>> Joe Shen <sj_hznm at yahoo.com.cn> wrote:
>> > Hi,
>>=20
>> > We met a strange behavior with our cache server
>> that
>> > it can't resolve a special domain from time to
>> time.=20
>>=20
>> > The phenomenon is: we set up a cache server on a
>> > Solaris8 with BIND9. It seems it could serve our
>> > customers' requestes successfully. But, the day
>> before
>> > yesterday someone told me the cache server could
>> not
>> > resolve names under 50hz.cn from time to time.=20
>>=20
>> > We check ns1.50hz.cn , ns2.50hz.cn, www.50hz.cn by
>> > nslookup. The results shows , the three names
>> could be
>> > solved from time to time but it fails frequently.
>> > There is no periodical characteristics with the
>> > frequency of failings.  If we set up cache server
>> to
>> > forward all requests on 50hz.cn to its name
>> server, no
>> > requests fails.  We contacted with administrator
>> of
>> > 50hz.cn and they told us they use BIND9 on Linux .
>> > We don't understand why this happens and how could
>> we
>> > fix it.
>>=20
>> Don't you worry, the zone is broken (Tm)
>>=20
>> I'll leave the problems to the sysadmins at 50hz.cn,
>> they=20
>> might need some training.
>>=20
>> > Has anybody met similar problem?=20
>>=20
>> Shure. There is lot's of broken zones "out there"
>>=20
>> --=20
>> Peter H=E5kanson        =20
>>         IPSec  Sverige      ( At Gothenburg
>> Riverside )
>>            Sorry about my e-mail address, but i'm
>> trying to keep spam out,
>> 	   remove "icke-reklam" if you feel for mailing me.
>> Thanx.
>>=20
>> =20

> _________________________________________________________
> Do You Yahoo!?
> 150=CD=F2=C7=FAMP3=B7=E8=BF=F1=CB=D1=A3=AC=B4=F8=C4=FA=B4=B3=C8=EB=D2=F4=
=C0=D6=B5=EE=CC=C3
> http://cn.rd.yahoo.com/mail_cn/tag/yisou/music/*http://music.yisou.com/
> =C3=C0=C5=AE=C3=F7=D0=C7=D3=A6=D3=D0=BE=A1=D3=D0=A3=AC=CB=D1=B1=E9=C3=C0=
=CD=BC=A1=A2=D1=DE=CD=BC=BA=CD=BF=E1=CD=BC
> http://cn.rd.yahoo.com/mail_cn/tag/yisou/image/*http://image.yisou.com
> 1G=BE=CD=CA=C71000=D5=D7=A3=AC=D1=C5=BB=A2=B5=E7=D3=CA=D7=D4=D6=FA=C0=A9=
=C8=DD=A3=A1
> http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/m=
ail_1g/


--=20
Peter H=E5kanson        =20
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out=
,
	   remove "icke-reklam" if you feel for mailing me. Thanx.


More information about the bind-users mailing list