Warning: ID mismatch:
Maria Iano
maria at iano.org
Wed Sep 8 16:55:31 UTC 2004
This same issue is recurring! This time it is on res1 again. res1 has address 172.21.0.100 and res2 has address 172.21.0.200. Below I have pasted in the series of dig commands I ran on res2 sending queries to res1. Below that I have pasted in the tethereal output during those commands.
Since this issue seems to only be a problem for data which isn't cached, I wonder if there is any connection with the thread with subject 'Weird named act!'. So I also issued this command suggested in that thread:
res1 in: bind$ ps -flp 24708
Warning: /boot/System.map has an incorrect kernel version.
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
140 S bind 24708 1 0 74 0 - 3596 14372d Sep07 ? 00:00:55 [named]
This server has a non-modular kernel with the grsecurity patch. In case it's relevant here is the output of uname -a:
res1 in: bind$ uname -a
Linux ent-mocux15.moc.gci 2.4.20-grsec #3 Tue Mar 25 09:21:41 EST 2003 i686 i686 i386 GNU/Linux
Thanks in advance for any help!
Maria
###################################################
Commands issued on res2
###################################################
res2 in: bind$ dig @res1.moc.gci www.silver.com
; <<>> DiG 9.2.3 <<>> @res1.moc.gci www.silver.com
;; global options: printcmd
;; connection timed out; no servers could be reached
res2 in: bind$ dig @res1.moc.gci www.silver.com
;; Warning: ID mismatch: expected ID 56696, got 10590
;; Warning: ID mismatch: expected ID 56696, got 10590
; <<>> DiG 9.2.3 <<>> @res1.moc.gci www.silver.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56696
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;www.silver.com. IN A
;; ANSWER SECTION:
www.silver.com. 86400 IN A 205.150.176.184
;; AUTHORITY SECTION:
silver.com. 259200 IN NS ns1.ktrafic.com.
silver.com. 259200 IN NS ns2.ktrafic.com.
;; Query time: 2716 msec
;; SERVER: 172.21.0.100#53(res1.moc.gci)
;; WHEN: Wed Sep 8 12:19:43 2004
;; MSG SIZE rcvd: 92
res2 in: bind$ dig @res1.moc.gci www.gold.com
; <<>> DiG 9.2.3 <<>> @res1.moc.gci www.gold.com
;; global options: printcmd
;; connection timed out; no servers could be reached
res2 in: bind$ dig @res1.moc.gci www.gold.com
; <<>> DiG 9.2.3 <<>> @res1.moc.gci www.gold.com
;; global options: printcmd
;; connection timed out; no servers could be reached
res2 in: bind$ dig @res1.moc.gci www.gold.com
; <<>> DiG 9.2.3 <<>> @res1.moc.gci www.gold.com
;; global options: printcmd
;; connection timed out; no servers could be reached
res2 in: bind$ dig @res1.moc.gci www.purple.com
;; Warning: ID mismatch: expected ID 58216, got 51960
;; Warning: ID mismatch: expected ID 58216, got 51960
;; Warning: ID mismatch: expected ID 58216, got 36737
;; Warning: ID mismatch: expected ID 58216, got 36737
;; Warning: ID mismatch: expected ID 58216, got 20208
;; Warning: ID mismatch: expected ID 58216, got 20208
; <<>> DiG 9.2.3 <<>> @res1.moc.gci www.purple.com
;; global options: printcmd
;; connection timed out; no servers could be reached
res2 in: bind$ dig @res1.moc.gci www.gold.com
; <<>> DiG 9.2.3 <<>> @res1.moc.gci www.gold.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46790
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;www.gold.com. IN A
;; ANSWER SECTION:
www.gold.com. 86313 IN CNAME gold.com.
gold.com. 86311 IN A 198.70.201.51
;; AUTHORITY SECTION:
gold.com. 86311 IN NS extns1.jewels.com.
gold.com. 86311 IN NS extns2.jewels.com.
;; Query time: 1 msec
;; SERVER: 172.21.0.100#53(res1.moc.gci)
;; WHEN: Wed Sep 8 12:21:41 2004
;; MSG SIZE rcvd: 109
<performed rndc flush on res1>
res2 in: bind$ dig @res1.moc.gci www.gold.com
; <<>> DiG 9.2.3 <<>> @res1.moc.gci www.gold.com
;; global options: printcmd
;; connection timed out; no servers could be reached
###################################################
Output of tethereal during those commands
###################################################
0.000000 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.blue.com
0.000124 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME blue.com A 216.91.187.86
4.991126 Ibm_7b:a6:69 -> Ibm_7b:a4:a3 ARP Who has 172.21.0.200? Tell 172.21.0.100
4.991493 Ibm_7b:a4:a3 -> Ibm_7b:a6:69 ARP 172.21.0.200 is at 00:02:55:7b:a4:a3
6.320441 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.silver.com
11.318427 Ibm_7b:a4:a3 -> Ibm_7b:a6:69 ARP Who has 172.21.0.100? Tell 172.21.0.200
11.318438 Ibm_7b:a6:69 -> Ibm_7b:a4:a3 ARP 172.21.0.100 is at 00:02:55:7b:a6:69
11.328548 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.silver.com
24.820791 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.silver.com
27.536065 172.21.0.100 -> 172.21.0.200 DNS Standard query response A 205.150.176.184
27.536121 172.21.0.100 -> 172.21.0.200 DNS Standard query response A 205.150.176.184
27.536184 172.21.0.100 -> 172.21.0.200 DNS Standard query response A 205.150.176.184
36.446784 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.gold.com
41.449517 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.gold.com
49.777125 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.gold.com
54.769991 Ibm_7b:a4:a3 -> Ibm_7b:a6:69 ARP Who has 172.21.0.100? Tell 172.21.0.200
54.770002 Ibm_7b:a6:69 -> Ibm_7b:a4:a3 ARP 172.21.0.100 is at 00:02:55:7b:a6:69
54.779985 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.gold.com
61.418983 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.gold.com
66.420344 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.gold.com
76.502267 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.purple.com
77.687081 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME gold.com A 198.70.201.51
77.687142 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME gold.com A 198.70.201.51
77.687208 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME gold.com A 198.70.201.51
77.687263 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME gold.com A 198.70.201.51
77.687328 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME gold.com A 198.70.201.51
77.687382 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME gold.com A 198.70.201.51
81.510874 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.purple.com
82.684071 Ibm_7b:a6:69 -> Ibm_7b:a4:a3 ARP Who has 172.21.0.200? Tell 172.21.0.100
82.684293 Ibm_7b:a4:a3 -> Ibm_7b:a6:69 ARP 172.21.0.200 is at 00:02:55:7b:a4:a3
96.508164 172.21.0.100 -> 172.21.0.200 DNS Standard query response A 153.104.63.227
96.508232 172.21.0.100 -> 172.21.0.200 DNS Standard query response A 153.104.63.227
96.508587 172.21.0.200 -> 172.21.0.100 ICMP Destination unreachable
96.508589 172.21.0.200 -> 172.21.0.100 ICMP Destination unreachable
101.501576 Ibm_7b:a4:a3 -> Ibm_7b:a6:69 ARP Who has 172.21.0.100? Tell 172.21.0.200
101.501587 Ibm_7b:a6:69 -> Ibm_7b:a4:a3 ARP 172.21.0.100 is at 00:02:55:7b:a6:69
145.126659 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.gold.com
145.127129 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME gold.com A 198.70.201.51
150.123148 Ibm_7b:a4:a3 -> Ibm_7b:a6:69 ARP Who has 172.21.0.100? Tell 172.21.0.200
150.123159 Ibm_7b:a6:69 -> Ibm_7b:a4:a3 ARP 172.21.0.100 is at 00:02:55:7b:a6:69
<performed rndc flush on res1>
229.285189 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.gold.com
234.276056 Ibm_7b:a4:a3 -> Ibm_7b:a6:69 ARP Who has 172.21.0.100? Tell 172.21.0.200
234.276067 Ibm_7b:a6:69 -> Ibm_7b:a4:a3 ARP 172.21.0.100 is at 00:02:55:7b:a6:69
234.286050 172.21.0.200 -> 172.21.0.100 DNS Standard query A www.gold.com
269.304469 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME gold.com A 198.70.201.51
269.304526 172.21.0.100 -> 172.21.0.200 DNS Standard query response CNAME gold.com A 198.70.201.51
269.304821 172.21.0.200 -> 172.21.0.100 ICMP Destination unreachable
269.304822 172.21.0.200 -> 172.21.0.100 ICMP Destination unreachable
274.297311 Ibm_7b:a4:a3 -> Ibm_7b:a6:69 ARP Who has 172.21.0.100? Tell 172.21.0.200
274.297324 Ibm_7b:a6:69 -> Ibm_7b:a4:a3 ARP 172.21.0.100 is at 00:02:55:7b:a6:69
On Wed, Sep 08, at 10:58%P so wrote Ladislav Vobr (lvobr at ies.etisalat.ae):
> Maria Iano wrote:
> > I have two caching servers, res1 and res2, running BIND 9.2.3 on Red Hat Linux release 8.0 (Psyche). They sit inside a firewall, and forward queries to four different caching servers on the outside, as well as some internal servers authoritative for internal zones.
> >
> > Last week res2 starting being slow and failing resolution intermittently. Dig queries sent from res2 to the outside resolvers worked correctly. Dig queries sent from res2 to res1 worked correctly. However, dig queries from res1 to res2 produced error messages like this:
> >
> > ;; Warning: ID mismatch: expected ID 3325, got 34596
> >
> > with various different IDs produced from different queries. It was late at night (I had been paged) so I went ahead and rebooted res2. This cleared up the issue.
> >
> > Now, a week later, this same issue is occurring on res1. res1 is slow to respond to queries and intermittently failing to resolve names. digs issued on res1 pointing to the outside resolvers work fine. Digs issued on res1 pointing to res2 work fine. Digs issued on res2 pointing to res1 produce the ID mismatch errors again.
> >
> > I suspect that if I reboot it the error will clear up again, but before I do that I want to try and work out what is going on.
> >
> > Any advice?
>
> You might possibly use a packetsniffer to see what you send and what
> other side received and similiarly for the reply. On linux you can use
> tcpdump or ethereal for example. I faced once these messages, when I was
> using query-source port 53 on my recursive nameserver, and I patched dig
> to use port 53 as a source port as well, than I got lot of these
> everytime I issued such a command from the recursive server prompt, but
> it was understandable, since regular replies coming to my nameserver
> confused dig.
>
>
More information about the bind-users
mailing list