bad udp cksum ServFail Error

Linux Addict linuxaddict7 at gmail.com
Wed Jul 30 13:41:53 UTC 2008


Kevin Darcy wrote:
> Linux Addict wrote:
>   
>> I have Bind 9.5 p1 running RHEL4 running slave. The Slave is configured with
>> allow-update-forwarding { any; };.
>> When I do a ipconfig /registerdns, that does not seems to be updating
>> master. I think the slave is trying to forward the DDNS traffic to master,
>> but somehow it seems to failing. The same Windows host works when directly
>> pointed to Master.
>>   
>>     
> How are you "pointing" the Wintel box? Are you talking about its 
> resolver configuration? That should (according to the standards and some 
> of Microsoft's published documentation) have nothing to do with where 
> Dynamic Updates get sent. The standard way for a Dynamic Update client 
> to select the master to be updated, is to consult the SOA and/or NS 
> records for the zone.
>   

I ran the wire shark on both Wintel and Slave. I think what happened was 
the Wintel DDNS queries the SOA record of hostname.Domain Name. The 
result returned the master.domain.net. But the slave server was not able 
to resolve the master server as it was built recently. I just added the 
forwarder on the slave to master and the DDNS seems to be working.

Thank you.

Cheers, LA
>> The tcpdump shows [bad udp cksum 8426!]  53702 ServFail q: at the bottom.
>>   
>>     
> Where are you running this tcpdump? Master? Slave?
>
> What version of tcpdump/libpcap you running? 
> https://bugs.launchpad.net/ubuntu/+source/libpcap/+bug/31273 might be 
> relevant here.
>
> I'd be much more concerned about the "ServFail" in that output, rather 
> than the (allegedly) bad UDP checksum. If the client is having a problem 
> resolving the SOA/NS records of the zone (getting a SERVFAIL response), 
> then it's not going to know where to send the Dynamic Updates. You'd 
> need to get to the bottom of why the SERVFAIL is happening, but 
> unfortunately SERVFAIL is a very generic "catch-all" error code and 
> there could be any number of causes for it.
>
> If you do an SOA query for the zone from the client (using "dig" if you 
> have it installed, or, if you must, nslookup), what do you get?
>   
>> I am not sure why it creates bad check sum. Could you please help me
>> resolve?
>>   
>>     
> Why don't you just have the DHCP server register forward and reverse 
> DNS? Having the clients register themselves is rife with pitfalls and 
> opportunities for failure.
>
> I'm *assuming* DHCP here, since if these clients' addresses are 
> statically-configured, there's little or no reason to have an automatic 
> mechanism for the update of their DNS.
>
>                                                                          
>                         - Kevin
>
>
>
>
>   



More information about the bind-users mailing list