Problem with WorldNIC servers?

Barry Margolin barry_margolin at symantec.com
Thu Apr 21 18:41:19 UTC 2005 

A number of our customers have recently reported problems resolving names 
in domains hosted by worldnic.com nameservers, such as slccu.org and 
mastersofdesign.com.  When I investigated, I found that occasionally the 
worldnic.com servers will respond to a query with an empty response with 
the Truncated flag set.  The problem on our end is that the DNS proxy in 
our firewall seems to ignore the Truncated flag, rather than retry using 
TCP (I've reported this bug to development), so we cache the NOANSWER 
response (but we have a hard-coded 60-second negative cache TTL, so the 
problem usually clears up shortly).

What I can't understand is why these responses are occurring in the first 
place.  It doesn't happen consistently, and I haven't found a pattern to 
it.  None of the responses are very large, so there's no reason they 
should need to be truncated.  And when a response is truncated, the server 
is supposed to fill in as much as it can, not send an empty response.  The 
servers all claim to be running BIND 9.2.2.  Here's a tcpdump showing one 
of these:

# dig mail.mastersofdesign.com a @ns70.worldnic.com
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.2.1 <<>> mail.mastersofdesign.com a @ns70.worldnic.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39478
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mastersofdesign.com.      IN      A

;; ANSWER SECTION:
mail.mastersofdesign.com. 7200  IN      A       207.190.248.78

;; AUTHORITY SECTION:
mastersofdesign.com.    7200    IN      NS      NS70.WORLDNIC.com.
mastersofdesign.com.    7200    IN      NS      NS69.WORLDNIC.com.

;; Query time: 39 msec
;; SERVER: 216.168.225.210#53(ns70.worldnic.com)
;; WHEN: Thu Apr 21 14:24:47 2005
;; MSG SIZE  rcvd: 125

14:24:47.328456 67.98.223.11.1038 > 216.168.225.210.53: 58932+ A? 
mail.mastersofdesign.com. (
42) (DF) (ttl 64, id 0)
         4500 0046 0000 4000 4011 5dbe 4362 df0b          E..F.. at .@.].Cb..
         d8a8 e1d2 040e 0035 0032 37d6 e634 0100          .......5.27..4..
         0001 0000 0000 0000 046d 6169 6c0f 6d61          .........mail.ma
         7374 6572 736f 6664 6573 6967 6e03 636f          stersofdesign.co
         6d00 0001 0001                                   m.....
14:24:47.369828 216.168.225.210.53 > 67.98.223.11.1038: 58932*| q: 
mail.mastersofdesign.com.
0/0/0 (42) (DF) (ttl 52, id 0)
         4500 0046 0000 4000 3411 69be d8a8 e1d2          E..F.. at .4.i.....
         4362 df0b 0035 040e 0032 0000 e634 8780          Cb...5...2...4..
         0001 0000 0000 0000 046d 6169 6c0f 6d61          .........mail.ma
         7374 6572 736f 6664 6573 6967 6e03 636f          stersofdesign.co
         6d00 0001 0001                                   m.....
14:24:47.370663 67.98.223.11.35872 > 216.168.225.210.53: S 
3829790512:3829790512(0) win 5840
<mss 1460,nop,nop,sackOK,nop,wscale 0> (DF) (ttl 64, id 4297)
         4500 0034 10c9 4000 4006 4d12 4362 df0b          E..4.. at .@.M.Cb..
         d8a8 e1d2 8c20 0035 e445 f730 0000 0000          .......5.E.0....
         8002 16d0 1393 0000 0204 05b4 0101 0402          ................
         0103 0300                                        ....
14:24:47.407443 216.168.225.210.53 > 67.98.223.11.35872: S 
2193147184:2193147184(0) ack 38297
90513 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0> (DF) (ttl 37, id 
4297)
         4500 0034 10c9 4000 2506 6812 d8a8 e1d2          E..4.. at .%.h.....
         4362 df0b 0035 8c20 82b8 c530 e445 f731          Cb...5.....0.E.1
         8012 16d0 cb98 0000 0204 05b4 0101 0402          ................
         0103 0300                                        ....
14:24:47.407514 67.98.223.11.35872 > 216.168.225.210.53: . ack 1 win 5840 
(DF) (ttl 64, id 42
98)
         4500 0028 10ca 4000 4006 4d1d 4362 df0b          E..(.. at .@.M.Cb..
         d8a8 e1d2 8c20 0035 e445 f731 82b8 c531          .......5.E.1...1
         5010 16d0 0c64 0000                              P....d..
14:24:47.407739 67.98.223.11.35872 > 216.168.225.210.53: P 1:45(44) ack 1 
win 5840 (DF) (ttl
64, id 4299)
         4500 0054 10cb 4000 4006 4cf0 4362 df0b          E..T.. at .@.L.Cb..
         d8a8 e1d2 8c20 0035 e445 f731 82b8 c531          .......5.E.1...1
         5018 16d0 717c 0000 002a 9a36 0100 0001          P...q|...*.6....
         0000 0000 0000 046d 6169 6c0f 6d61 7374          .......mail.mast
         6572 736f 6664 6573 6967 6e03 636f 6d00          ersofdesign.com.
         0001 0001                                        ....
14:24:47.446285 216.168.225.210.53 > 67.98.223.11.35872: . 1:128(127) ack 
45 win 512 (ttl 52,
 id 1794)
         4500 00a7 0702 0000 3406 a266 d8a8 e1d2          E.......4..f....
         4362 df0b 0035 8c20 82b8 c531 e445 f75d          Cb...5.....1.E.]
         5010 0200 dba1 0000 007d 9a36 8500 0001          P........}.6....
         0001 0002 0000 046d 6169 6c0f 6d61 7374          .......mail.mast
         6572 736f 6664 6573 6967 6e03 636f 6d00          ersofdesign.com.
         0001 0001 c00c 0001 0001 0000 1c20 0004          ................
         cfbe f84e c011 0002 0001 0000 1c20 0010          ...N............
         044e 5337 3008 574f 524c 444e 4943 c021          .NS70.WORLDNIC.!
         c011 0002 0001 0000 1c20 0007 044e 5336          .............NS6
         39c0 4bc6 9bd9 9a36 9700 1800 0000 0004          9.K....6........
         cfbe f84e c011 00                                ...N...
14:24:47.446392 67.98.223.11.35872 > 216.168.225.210.53: . ack 128 win 
5840 (DF) (ttl 64, id
4300)
         4500 0028 10cc 4000 4006 4d1b 4362 df0b          E..(.. at .@.M.Cb..
         d8a8 e1d2 8c20 0035 e445 f75d 82b8 c5b0          .......5.E.]....
         5010 16d0 0bb9 0000

Barry Margolin, CISSP
Sr. Technical Support Engineer
Symantec Corporation
barry_margolin at symantec.com
781-530-2367

More information about the bind-users mailing list