bad udp cksum ServFail Error
Kevin Darcy
kcd at chrysler.com
Tue Jul 29 22:09:04 UTC 2008
Linux Addict wrote:
> I have Bind 9.5 p1 running RHEL4 running slave. The Slave is configured with
> allow-update-forwarding { any; };.
> When I do a ipconfig /registerdns, that does not seems to be updating
> master. I think the slave is trying to forward the DDNS traffic to master,
> but somehow it seems to failing. The same Windows host works when directly
> pointed to Master.
>
How are you "pointing" the Wintel box? Are you talking about its
resolver configuration? That should (according to the standards and some
of Microsoft's published documentation) have nothing to do with where
Dynamic Updates get sent. The standard way for a Dynamic Update client
to select the master to be updated, is to consult the SOA and/or NS
records for the zone.
> The tcpdump shows [bad udp cksum 8426!] 53702 ServFail q: at the bottom.
>
Where are you running this tcpdump? Master? Slave?
What version of tcpdump/libpcap you running?
https://bugs.launchpad.net/ubuntu/+source/libpcap/+bug/31273 might be
relevant here.
I'd be much more concerned about the "ServFail" in that output, rather
than the (allegedly) bad UDP checksum. If the client is having a problem
resolving the SOA/NS records of the zone (getting a SERVFAIL response),
then it's not going to know where to send the Dynamic Updates. You'd
need to get to the bottom of why the SERVFAIL is happening, but
unfortunately SERVFAIL is a very generic "catch-all" error code and
there could be any number of causes for it.
If you do an SOA query for the zone from the client (using "dig" if you
have it installed, or, if you must, nslookup), what do you get?
> I am not sure why it creates bad check sum. Could you please help me
> resolve?
>
Why don't you just have the DHCP server register forward and reverse
DNS? Having the clients register themselves is rife with pitfalls and
opportunities for failure.
I'm *assuming* DHCP here, since if these clients' addresses are
statically-configured, there's little or no reason to have an automatic
mechanism for the update of their DNS.
- Kevin
More information about the bind-users
mailing list