bad udp cksum ServFail Error

Kevin Darcy kcd at chrysler.com
Tue Jul 29 22:09:04 UTC 2008 

Linux Addict wrote:
> I have Bind 9.5 p1 running RHEL4 running slave. The Slave is configured with
> allow-update-forwarding { any; };.
> When I do a ipconfig /registerdns, that does not seems to be updating
> master. I think the slave is trying to forward the DDNS traffic to master,
> but somehow it seems to failing. The same Windows host works when directly
> pointed to Master.
>   
How are you "pointing" the Wintel box? Are you talking about its 
resolver configuration? That should (according to the standards and some 
of Microsoft's published documentation) have nothing to do with where 
Dynamic Updates get sent. The standard way for a Dynamic Update client 
to select the master to be updated, is to consult the SOA and/or NS 
records for the zone.
> The tcpdump shows [bad udp cksum 8426!]  53702 ServFail q: at the bottom.
>   
Where are you running this tcpdump? Master? Slave?

What version of tcpdump/libpcap you running? 
https://bugs.launchpad.net/ubuntu/+source/libpcap/+bug/31273 might be 
relevant here.

I'd be much more concerned about the "ServFail" in that output, rather 
than the (allegedly) bad UDP checksum. If the client is having a problem 
resolving the SOA/NS records of the zone (getting a SERVFAIL response), 
then it's not going to know where to send the Dynamic Updates. You'd 
need to get to the bottom of why the SERVFAIL is happening, but 
unfortunately SERVFAIL is a very generic "catch-all" error code and 
there could be any number of causes for it.

If you do an SOA query for the zone from the client (using "dig" if you 
have it installed, or, if you must, nslookup), what do you get?
> I am not sure why it creates bad check sum. Could you please help me
> resolve?
>   
Why don't you just have the DHCP server register forward and reverse 
DNS? Having the clients register themselves is rife with pitfalls and 
opportunities for failure.

I'm *assuming* DHCP here, since if these clients' addresses are 
statically-configured, there's little or no reason to have an automatic 
mechanism for the update of their DNS.

                                                                         
                        - Kevin

More information about the bind-users mailing list