Why would BIND timeout on only 'A' results?

Barry Margolin barmar at alum.mit.edu
Sat Aug 13 00:59:56 UTC 2005 

In article <ddjep6$2ss5$1 at sf1.isc.org>,
 Merton Campbell Crockett <mcc at CATO.GD-AIS.COM> wrote:

> On Fri, 12 Aug 2005, Dave Clark wrote:
> 
> > Check out this strangeness.  Keep in mind I am not the owner of this 
> > domain.
> > I'm just helping this guy with diagnosing the problem with his dns server:
> > 
> > dig cawunited.com (times out)
> > http://www.dollardns.net/cgi-bin/dnscrawler/index.pl?name=cawunited.com&lr=6
> > &submit=BU
> > 
> > Now, maybe it isn't BIND's fault.  Maybe there is an intermediate gateway 
> > or
> > router that is specifically blocking these kinds of responses, but that
> > would be very strange.  Looking for ideas on the explanation.
> 
> It may be more of a problem with DNS Crawler.  It works fine with dig and 
> my home brew equivalent of DNS Crawler.

I see the same timeout when I try to use dig from home (on Comcast).

$ dig cawunited.com a @ns1.cawunited.com

; <<>> DiG 9.2.2 <<>> cawunited.com a @ns1.cawunited.com
;; global options:  printcmd
;; connection timed out; no servers could be reached
$ dig cawunited.com a @ns1.cawunited.com +vc

; <<>> DiG 9.2.2 <<>> cawunited.com a @ns1.cawunited.com +vc
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51646
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;cawunited.com.         IN A

;; ANSWER SECTION:
cawunited.com.    86400 IN A  67.171.102.148

;; AUTHORITY SECTION:
cawunited.com.    86400 IN NS ns1.cawunited.com.
cawunited.com.    86400 IN NS ns2.cawunited.com.

;; ADDITIONAL SECTION:
ns1.cawunited.com.   86400 IN A  67.171.102.148
ns2.cawunited.com.   86400 IN A  67.171.102.148

;; Query time: 36 msec
;; SERVER: 67.171.102.148#53(ns1.cawunited.com)
;; WHEN: Fri Aug 12 20:54:38 2005
;; MSG SIZE  rcvd: 115

$ dig cawunited.com any @ns1.cawunited.com

; <<>> DiG 9.2.2 <<>> cawunited.com any @ns1.cawunited.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61578
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;cawunited.com.         IN ANY

;; ANSWER SECTION:
cawunited.com.    86400 IN TXT   "v=spf1 mx ptr ~all"
cawunited.com.    86400 IN A  67.171.102.148
cawunited.com.    86400 IN SOA   ns1.cawunited.com. 
support.cawunited.com. 2005081007 10800 3600 604800 86400
cawunited.com.    86400 IN NS ns2.cawunited.com.
cawunited.com.    86400 IN NS ns1.cawunited.com.
cawunited.com.    86400 IN MX 10 mail.cawunited.com.

;; ADDITIONAL SECTION:
ns1.cawunited.com.   86400 IN A  67.171.102.148
ns2.cawunited.com.   86400 IN A  67.171.102.148
mail.cawunited.com.  86400 IN A  67.171.102.148

;; Query time: 36 msec
;; SERVER: 67.171.102.148#53(ns1.cawunited.com)
;; WHEN: Fri Aug 12 20:55:29 2005
;; MSG SIZE  rcvd: 227

> This is a good example of why you don't want both name servers for a 
> domain on the same network.

His configuration is even worse.  ns1.cawunited.com and 
ns2.cawunited.com have the same address.  And his registrar (Go Daddy) 
let him register both of them like this.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

More information about the bind-users mailing list