Can't resolve occ.com.mx

Kevin Darcy kcd at daimlerchrysler.com
Fri Sep 14 21:28:39 UTC 2007 

Mónica Soto Valencia wrote:
> Chris, 
>
> This statement I put it into the named.conf, right?.... No manner the order
> to put it into the file? 
It needs to be syntactically at the "top level" of the configuration. 
You couldn't put it in the middle of "options" or a "zone" definition, 
for instance.
> ....And the main question the EDNS is a "type of
> value" o what is it exactly?, I've found out that it appears related with
> dnssec, but I don´t have implemented dnssec yet, so I am a little confused
> of what it is refered to and how would help me to put the statement into the
> configuration file???. If you could recommend me some literature for
> understand the concepts I really appreciate it.
>   
RFC 2671 defines the EDNS0 extension. 
ftp://ftp.rfc-editor.org/in-notes/rfc2671.txt
Its main use is for clients and servers to negotiate buffer sizes larger 
than 512 bytes. Because DNSSEC increases packet sizes, EDNS0 is 
considered a prerequisite for it, but there are other situations besides 
DNSSEC which can benefit from larger buffer sizes, and that's why BIND 9 
uses EDNS0 by default. Setting "edns no" turns off that behavior 
selectively, if the end device or devices in the path can't deal with EDNS0.

                                                                         
                        - Kevin

> Mónica Soto Valencia
> Comunicación y Sistemas
> Universidad La Salle
> 52789500 xt. 1068
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
> Of Chris Buxton
> Sent: Jueves, 13 de Septiembre de 2007 02:54 p.m.
> To: Mónica Soto Valencia
> Cc: bind-users at isc.org
> Subject: Re: Can't resolve occ.com.mx
>
> We saw this exact same behavior at a customer site recently. The problem was
> caused by the firewall, which had some kind of DNS packet inspection enabled
> and didn't understand EDNS - in that case, it was affecting all queries, not
> just queries for a particular domain.
>
> Try putting a server statement into your configuration for the occ.com.mx
> server, and disabling EDNS when talking to that server.
> For example:
>
> server 207.250.79.50 {
> 	edns no;
> };
>
> Chris Buxton
> Men & Mice
>
> On Sep 13, 2007, at 12:09 PM, Mónica Soto Valencia wrote:
>
>   
>> Hello, I have some problems with my dns servers when I try to resolve 
>> occ.com.mx, sometimes it resolve it well and sometimes doesn't.
>> When I use
>> dig sometimes I got the following errors:
>>
>> dig  @200.10.243.45 occ.com.mx MX
>> ;; Warning: ID mismatch: expected ID 23002, got 16756 ;; Warning: ID 
>> mismatch: expected ID 23002, got 16756 ;; Warning: ID mismatch: 
>> expected ID 23002, got 16756
>>
>> ; <<>> DiG 9.3.2-P1 <<>> @200.10.243.45 occ.com.mx MX ; (1 server 
>> found) ;; global options:  printcmd ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23002 ;; flags: 
>> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;occ.com.mx.                    IN      MX
>>
>> ;; Query time: 297 msec
>> ;; SERVER: 200.10.243.45#53(200.10.243.45) ;; WHEN: Thu Sep 13 
>> 13:29:37 2007 ;; MSG SIZE  rcvd: 28 dig  @200.10.243.45 occ.com.mx MX
>>
>> ; <<>> DiG 9.3.2-P1 <<>> @200.10.243.45 occ.com.mx MX ; (1 server 
>> found) ;; global options:  printcmd ;; connection timed out; no 
>> servers could be reached
>>
>>
>> When I use dig using +trace I succesfully reach the server:
>>
>> dig +trace @200.10.243.45 occ.com.mx MX
>>
>> ; <<>> DiG 9.3.2-P1 <<>> +trace @200.10.243.45 occ.com.mx MX ; (1 
>> server found) ;; global options:  printcmd
>> .                       426427  IN      NS      M.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      A.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      B.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      C.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      D.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      E.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      F.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      G.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      H.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      I.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      J.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      K.ROOT-SERVERS.NET.
>> .                       426427  IN      NS      L.ROOT-SERVERS.NET.
>> ;; Received 356 bytes from 200.10.243.45#53(200.10.243.45) in 1 ms
>>
>> mx.                     172800  IN      NS      B.NS.mx.
>> mx.                     172800  IN      NS      C.NS.mx.
>> mx.                     172800  IN      NS      D.NS.mx.
>> mx.                     172800  IN      NS      A.NS.mx.
>> ;; Received 159 bytes from 198.41.0.4#53(A.ROOT-SERVERS.NET) in 72 ms
>>
>> occ.com.mx.             86400   IN      NS      ns1.occmx.com.
>> ;; Received 55 bytes from 200.23.179.1#53(B.NS.mx) in 8 ms
>>
>> occ.com.mx.             180     IN      MX      10 mail.occ.com.mx.
>> ;; Received 59 bytes from 207.250.79.50#53(ns1.occmx.com) in 85 ms
>>
>>
>> Does anyone know what could be the problem??. I am using BIND 9.3.4-
>> P1 whit
>> Red Hat 4.0 Enterprise.
>>
>> I'll appreciate your help!!.
>>
>> Regards
>>
>> ______________________
>> Mónica Soto Valencia
>> Comunicación y Sistemas
>> Universidad La Salle
>> 52789500 xt. 1068
>>
>>
>>
>>     
>
>
>
>
>
>
>
>
>

More information about the bind-users mailing list