inconsistent answer ?

Mike Tancsa mike at sentex.net
Wed Jun 4 02:29:16 UTC 2008


Thank you both again for the responses and for the detailed explanation!

         ---Mike


At 10:25 PM 6/3/2008, Mark Andrews wrote:

> > At 05:22 PM 6/3/2008, Kevin Darcy wrote:
> > >Note that the serial numbers are significantly different.
> >
> >
> > Hi,
> >          In the info below, I see it as 76 for the one domain and 24
> > for the other, but I didnt see any inconsistencies there?
> >
> >
> > >I'm thinking this is 2 servers (or more) behind a load-balancer, and
> > >replication has broken between them...
> >
> > But I dont understand why bind is giving 2 different answers locally.
> > The first query generates network traffic, gets an answer from one of
> > the remote servers.  The second gives no info.... If I flush the
> > local cache, the pattern repeats.   Why would BIND not give the same
> > answers whether its a fresh query or one served from cache ?
> >
> >
> > e.g.
> > [auth2]% host www.tigerdirect.ca
> > www.tigerdirect.ca has address 206.191.131.11
> > Host www.tigerdirect.ca not found: 3(NXDOMAIN)
> > Host www.tigerdirect.ca not found: 3(NXDOMAIN)
> >
> >
> > [auth2]% host www.tigerdirect.ca
> > Host www.tigerdirect.ca not found: 3(NXDOMAIN)
> > [auth2]%
>
>         Because there is a load balancer sitting in front of the
>         nameserver and there is a CNAME for www.tigerdirect.ca that
>         points to a non-existant name in the zone that is behind
>         the load balancer which answers all the other queries other
>         than the A query.
>
>         The load balancer copes with EDNS by ignoring it.
>         The backing nameserver doesn't handle with EDNS, it returns FORMERR.
>
>         The reason for the second invocation of host returning
>         NXDOMAIN is that the local cache remembers the NXDOMAIN.
>
>         This is a classic case of Garbage-In Garbage-Out.
>
>         The way to fix this is to replace the CNAME with a A RRset
>         which has the addresses of all the machines the load balancer
>         is distributing the load amongst.  That way all the answers
>         that are returned from the backing nameserver will be
>         consistant with the answers returned from the load balancer,
>         and if necessary, the load balancer can be removed and
>         everything will continue to work.  This is how things should
>         have been setup in the first place.
>
>         Mark
>
>; <<>> DiG 9.3.4-P1 <<>> www.tigerdirect.ca +norec 
>@ns01.highspeedbackbone.net +dnssec
>; (1 server found)
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64051
>;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;www.tigerdirect.ca.            IN      A
>
>;; ANSWER SECTION:
>www.tigerdirect.ca.     20      IN      A       206.191.131.51
>
>;; Query time: 406 msec
>;; SERVER: 69.42.101.231#53(69.42.101.231)
>;; WHEN: Wed Jun  4 12:19:29 2008
>;; MSG SIZE  rcvd: 52
>
>
>; <<>> DiG 9.3.4-P1 <<>> www.tigerdirect.ca +norec 
>@ns01.highspeedbackbone.net +dnssec txt
>; (1 server found)
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 291
>;; flags: qr ra; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>;; Query time: 382 msec
>;; SERVER: 69.42.101.231#53(69.42.101.231)
>;; WHEN: Wed Jun  4 12:19:48 2008
>;; MSG SIZE  rcvd: 12
>
>
>; <<>> DiG 9.3.4-P1 <<>> www.tigerdirect.ca +norec 
>@ns01.highspeedbackbone.net txt
>; (1 server found)
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23997
>;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;www.tigerdirect.ca.            IN      TXT
>
>;; ANSWER SECTION:
>www.tigerdirect.ca.     600     IN      CNAME   web60.highspeedbackbone.net.
>
>;; AUTHORITY SECTION:
>highspeedbackbone.net.  600     IN      SOA 
>ns01.highspeedbackbone.net. admin.highspeedbackbone.net. 76 3600 600 604800 600
>
>;; Query time: 376 msec
>;; SERVER: 69.42.101.231#53(69.42.101.231)
>;; WHEN: Wed Jun  4 12:20:00 2008
>;; MSG SIZE  rcvd: 124
>
> >          ---Mike
> >
> >
> >
> >
> >
> > >- Kevin
> > >
> > >Mike Tancsa wrote:
> > > > Hi,
> > > >          I am trying to understand BIND's interaction with a
> > > > seemingly misconfigured server.  A few customers called in asking why
> > > > they could not periodically get to www.tigerdirect.ca.
> > > >
> > > >
> > > > It seems to be a MS server and is letting a full transfer of the 2
> > > > zones, so we see
> > > >
> > > >   dig axfr @69.42.101.231 tigerdirect.ca
> > > >
> > > > ; <<>> DiG 9.3.4-P1 <<>> axfr @69.42.101.231 tigerdirect.ca
> > > > ; (1 server found)
> > > > ;; global options:  printcmd
> > > > tigerdirect.ca.         600     IN      SOA
> > > > ns01.highspeedbackbone.net. admin.highspeedbackbone.net. 24 3600
> > > 600 604800 600
> > > > tigerdirect.ca.         600     IN      TXT     "v=spf1
> > > > ip4:206.191.131.0/24 mx -all"
> > > > tigerdirect.ca.         600     IN      MX      10
> > > mail.highspeedbackbone.net.
> > > > 
> tigerdirect.ca.         600     IN      NS      ns01.highspeedbackbone.ne
> > t.
> > > > 
> tigerdirect.ca.         600     IN      NS      ns02.highspeedbackbone.ne
> > t.
> > > > tigerdirect.ca.         600     IN      A       206.191.131.49
> > > >
> > > 
> comp.tigerdirect.ca.    600     IN      CNAME   web140.highspeedbackbone.ne
> > t.
> > > > 
> help.tigerdirect.ca.    600     IN      NS      ns01.highspeedbackbone.ne
> > t.
> > > > 
> help.tigerdirect.ca.    600     IN      NS      ns02.highspeedbackbone.ne
> > t.
> > > > images.tigerdirect.ca.  600     IN      CNAME
> > > > images.tigerdirect.ca.edgesuite.net.
> > > >
> > > 
> media.tigerdirect.ca.   600     IN      CNAME   web140.highspeedbackbone.ne
> > t.
> > > > origin-images.tigerdirect.ca. 600
> > > IN    CNAME   web140.highspeedbackbone.net.
> > > >
> > > 
> static.tigerdirect.ca.  600     IN      CNAME   web140.highspeedbackbone.ne
> > t.
> > > >
> > > 
> www.tigerdirect.ca.     600     IN      CNAME   web60.highspeedbackbone.net
> > .
> > > > tigerdirect.ca.         600     IN      SOA
> > > > ns01.highspeedbackbone.net. admin.highspeedbackbone.net. 24 3600
> > > 600 604800 600
> > > > ;; Query time: 101 msec
> > > > ;; SERVER: 69.42.101.231#53(69.42.101.231)
> > > > ;; WHEN: Tue Jun  3 14:31:31 2008
> > > > ;; XFR size: 15 records (messages 15)
> > > >
> > > >   dig axfr @69.42.101.231 highspeedbackbone.net
> > > >
> > > > ; <<>> DiG 9.3.4-P1 <<>> axfr @69.42.101.231 highspeedbackbone.net
> > > > ; (1 server found)
> > > > ;; global options:  printcmd
> > > > highspeedbackbone.net.  600     IN      SOA
> > > > ns01.highspeedbackbone.net. admin.highspeedbackbone.net. 76 3600
> > > 600 604800 600
> > > > highspeedbackbone.net.  600     IN      TXT     "v=spf1
> > > > ip4:206.191.131.0/24 mx -all"
> > > > 
> highspeedbackbone.net.  600     IN      NS      ns01.highspeedbackbone.ne
> > t.
> > > > 
> highspeedbackbone.net.  600     IN      NS      ns02.highspeedbackbone.ne
> > t.
> > > > click.highspeedbackbone.net. 600 IN     A       206.191.131.125
> > > > ftps.highspeedbackbone.net. 600 IN      A       69.42.102.34
> > > > mail01.highspeedbackbone.net. 600 IN    A       206.191.131.100
> > > > mail02.highspeedbackbone.net. 600 IN    A       206.191.131.101
> > > > ns01.highspeedbackbone.net. 600 IN      A       69.42.101.231
> > > > ns02.highspeedbackbone.net. 600 IN      A       69.42.101.232
> > > > promo.highspeedbackbone.net. 600 IN     A       206.191.131.124
> > > > sslvpn.highspeedbackbone.net. 600 IN    A       69.42.103.6
> > > > van01.highspeedbackbone.net. 600 IN     A       69.42.102.121
> > > > vpn.highspeedbackbone.net. 600  IN      A       69.42.103.13
> > > > vpn2.highspeedbackbone.net. 600 IN      A       69.42.103.14
> > > > web50.highspeedbackbone.net. 600 
> IN     NS      ns01.highspeedbackbone.ne
> > t.
> > > > highspeedbackbone.net.  600     IN      SOA
> > > > ns01.highspeedbackbone.net. admin.highspeedbackbone.net. 76 3600
> > > 600 604800 600
> > > > ;; Query time: 102 msec
> > > > ;; SERVER: 69.42.101.231#53(69.42.101.231)
> > > > ;; WHEN: Tue Jun  3 14:15:13 2008
> > > > ;; XFR size: 17 records (messages 17)
> > > >
> > > >
> > > >
> > > > So, www.tigerdirect.ca is a CNAME for web60.highspeedbackbone.net,
> > > > which according to the axfer, does not exist.
> > > >
> > > > But, using host, I get strange initial results
> > > >
> > > > [auth2]# host www.tigerdirect.ca
> > > > www.tigerdirect.ca is an alias for web60.highspeedbackbone.net.
> > > > web60.highspeedbackbone.net has address 206.191.131.51
> > > > Host web60.highspeedbackbone.net not found: 3(NXDOMAIN)
> > > > Host web60.highspeedbackbone.net not found: 3(NXDOMAIN)
> > > > [auth2]# host www.tigerdirect.ca
> > > > Host www.tigerdirect.ca not found: 3(NXDOMAIN)
> > > > [auth2]#
> > > >
> > > > Why do I get a response initially, and not on subsequent queries
> > > > ?  Is it because the authoritative name server is giving a cached
> > > > non-authoritative response ?  Should not host regardless give the
> > > same answer ?
> > > >
> > > >
> > > > Using dig, I see
> > > >
> > > > [auth2]# dig www.tigerdirect.ca
> > > >
> > > > ; <<>> DiG 9.3.4-P1 <<>> www.tigerdirect.ca
> > > > ;; global options:  printcmd
> > > > ;; Got answer:
> > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58136
> > > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> > > >
> > > > ;; QUESTION SECTION:
> > > > ;www.tigerdirect.ca.            IN      A
> > > >
> > > > ;; ANSWER SECTION:
> > > >
> > > 
> www.tigerdirect.ca.     600     IN      CNAME   web60.highspeedbackbone.net
> > .
> > > > web60.highspeedbackbone.net. 20 IN      A       206.191.131.51
> > > >
> > > > ;; AUTHORITY SECTION:
> > > > 
> highspeedbackbone.net.  549     IN      NS      ns02.highspeedbackbone.ne
> > t.
> > > > 
> highspeedbackbone.net.  549     IN      NS      ns01.highspeedbackbone.ne
> > t.
> > > >
> > > > ;; ADDITIONAL SECTION:
> > > > ns01.highspeedbackbone.net. 166602 IN   A       69.42.101.231
> > > > ns02.highspeedbackbone.net. 167305 IN   A       69.42.101.232
> > > >
> > > > ;; Query time: 101 msec
> > > > ;; SERVER: 205.211.164.51#53(205.211.164.51)
> > > > ;; WHEN: Tue Jun  3 14:38:51 2008
> > > > ;; MSG SIZE  rcvd: 163
> > > >
> > > > [auth2]#
> > > >
> > > > [auth2]# dig @ns01.highspeedbackbone.net web60.highspeedbackbone.net
> > > >
> > > > ; <<>> DiG 9.3.4-P1 <<>> @ns01.highspeedbackbone.net
> > > > web60.highspeedbackbone.net
> > > > ; (1 server found)
> > > > ;; global options:  printcmd
> > > > ;; Got answer:
> > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32182
> > > > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> > > >
> > > > ;; QUESTION SECTION:
> > > > ;web60.highspeedbackbone.net.   IN      A
> > > >
> > > > ;; ANSWER SECTION:
> > > > web60.highspeedbackbone.net. 20 IN      A       206.191.131.51
> > > >
> > > > ;; Query time: 52 msec
> > > > ;; SERVER: 69.42.101.231#53(69.42.101.231)
> > > > ;; WHEN: Tue Jun  3 14:39:38 2008
> > > > ;; MSG SIZE  rcvd: 61
> > > >
> > > > [auth2]#
> > > >
> > > > [auth2]# dig @ns02.highspeedbackbone.net web60.highspeedbackbone.net
> > > >
> > > > ; <<>> DiG 9.3.4-P1 <<>> @ns02.highspeedbackbone.net
> > > > web60.highspeedbackbone.net
> > > > ; (1 server found)
> > > > ;; global options:  printcmd
> > > > ;; Got answer:
> > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55930
> > > > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> > > >
> > > > ;; QUESTION SECTION:
> > > > ;web60.highspeedbackbone.net.   IN      A
> > > >
> > > > ;; ANSWER SECTION:
> > > > web60.highspeedbackbone.net. 20 IN      A       206.191.131.51
> > > >
> > > > ;; Query time: 52 msec
> > > > ;; SERVER: 69.42.101.232#53(69.42.101.232)
> > > > ;; WHEN: Tue Jun  3 14:39:54 2008
> > > > ;; MSG SIZE  rcvd: 61
> > > >
> > > > [auth2]#
> > > >
> > > >
> > > >
> > > >
> > > > I am using the stock BIND on FreeBSD RELENG_6 and FreeBSD RELENG_7
> > > > and both show the same behavior.  Doing a tcpdump, I see the
> > > > following raw responses.
> > > >
> > > >
> > > >   tcpdump -xX -s0 -vni bge0 host 69.42.101.231 or host 69.42.101.232
> > > > tcpdump: listening on bge0, link-type EN10MB (Ethernet), capture size
> > > > 65535 bytes
> > > > 14:35:49.021797 IP (tos 0x0, ttl  64, id 32432, offset 0, flags
> > > > [none], proto: UDP (17), length: 64) 205.211.164.51.53743 >
> > > > 69.42.101.232.53:  37954 A? www.tigerdirect.ca. (36)
> > > >          0x0000:  4500 0040 7eb0 0000 4011 dee3 cdd3 
> a433  E..@~... at .....
> > .3
> > > >          0x0010:  452a 65e8 d1ef 0035 002c 892f 9442 
> 0000  E*e....5.,./.B
> > ..
> > > >          0x0020:  0001 0000 0000 0000 0377 7777 0b74 
> 6967  .........www.t
> > ig
> > > >          0x0030:  6572 6469 7265 6374 0263 6100 0001 
> 0001  erdirect.ca...
> > ..
> > > > 14:35:49.072965 IP (tos 0x0, ttl  53, id 54410, offset 0, flags [DF],
> > > > proto: UDP (17), length: 152) 69.42.101.232.53 >
> > > > 205.211.164.51.53743:  37954 NXDomain* 1/1/0 www.tigerdirect.ca.
> > > > CNAME web60.highspeedbackbone.net. (124)
> > > >          0x0000:  4500 0098 d48a 4000 3511 53b1 452a 
> 65e8  E..... at .5.S.E*
> > e.
> > > >          0x0010:  cdd3 a433 0035 d1ef 0084 ef2c 9442 
> 8483  ...3.5.....,.B
> > ..
> > > >          0x0020:  0001 0001 0001 0000 0377 7777 0b74 
> 6967  .........www.t
> > ig
> > > >          0x0030:  6572 6469 7265 6374 0263 6100 0001 
> 0001  erdirect.ca...
> > ..
> > > >          0x0040:  c00c 0005 0001 0000 0258 001d 0577 
> 6562  .........X...w
> > eb
> > > >          0x0050:  3630 1168 6967 6873 7065 6564 6261 
> 636b  60.highspeedba
> > ck
> > > >          0x0060:  626f 6e65 036e 6574 00c0 3600 0600 
> 0100  bone.net..6...
> > ..
> > > >          0x0070:  0002 5800 2304 6e73 3031 c036 0561 
> 646d  ..X.#.ns01.6.a
> > dm
> > > >          0x0080:  696e c036 0000 004c 0000 0e10 0000 
> 0258  in.6...L......
> > .X
> > > >          0x0090:  0009 3a80 0000 0258                      ..:....X
> > > > 14:35:49.073103 IP (tos 0x0, ttl  64, id 32445, offset 0, flags
> > > > [none], proto: UDP (17), length: 73) 205.211.164.51.53743 >
> > > > 69.42.101.231.53:  578 A? web60.highspeedbackbone.net. (45)
> > > >          0x0000:  4500 0049 7ebd 0000 4011 dece cdd3 
> a433  E..I~... at .....
> > .3
> > > >          0x0010:  452a 65e7 d1ef 0035 0035 b269 0242 
> 0000  E*e....5.5.i.B
> > ..
> > > >          0x0020:  0001 0000 0000 0000 0577 6562 3630 
> 1168  .........web60
> > .h
> > > >          0x0030:  6967 6873 7065 6564 6261 636b 626f 
> 6e65  ighspeedbackbo
> > ne
> > > >          0x0040:  036e 6574 0000 0100 01                   .net.....
> > > > 14:35:49.123297 IP (tos 0x0, ttl  52, id 23015, offset 0, flags [DF],
> > > > proto: UDP (17), length: 89) 69.42.101.231.53 >
> > > > 205.211.164.51.53743:  578*- 1/0/0 web60.highspeedbackbone.net. A
> > > > 206.191.131.51 (61)
> > > >          0x0000:  4500 0059 59e7 4000 3411 cf94 452a 
> 65e7  E..YY. at .4...E*
> > e.
> > > >          0x0010:  cdd3 a433 0035 d1ef 0045 1436 0242 
> 8400  ...3.5...E.6.B
> > ..
> > > >          0x0020:  0001 0001 0000 0000 0577 6562 3630 
> 1168  .........web60
> > .h
> > > >          0x0030:  6967 6873 7065 6564 6261 636b 626f 
> 6e65  ighspeedbackbo
> > ne
> > > >          0x0040:  036e 6574 0000 0100 01c0 0c00 0100 
> 0100  .net..........
> > ..
> > > >          0x0050:  0000 1400 04ce bf83 33                   ........3
> > > > 14:35:49.123908 IP (tos 0x0, ttl  64, id 32457, offset 0, flags
> > > > [none], proto: UDP (17), length: 73) 205.211.164.51.53743 >
> > > > 69.42.101.232.53:  34516 AAAA? web60.highspeedbackbone.net. (45)
> > > >          0x0000:  4500 0049 7ec9 0000 4011 dec1 cdd3 
> a433  E..I~... at .....
> > .3
> > > >          0x0010:  452a 65e8 d1ef 0035 0035 12d6 86d4 
> 0000  E*e....5.5....
> > ..
> > > >          0x0020:  0001 0000 0000 0000 0577 6562 3630 
> 1168  .........web60
> > .h
> > > >          0x0030:  6967 6873 7065 6564 6261 636b 626f 
> 6e65  ighspeedbackbo
> > ne
> > > >          0x0040:  036e 6574 0000 1c00 01                   .net.....
> > > > 14:35:49.174369 IP (tos 0x0, ttl  53, id 54473, offset 0, flags [DF],
> > > > proto: UDP (17), length: 141) 69.42.101.232.53 >
> > > > 205.211.164.51.53743:  34516 NXDomain* 0/1/0 (113)
> > > >          0x0000:  4500 008d d4c9 4000 3511 537d 452a 
> 65e8  E..... at .5.S}E*
> > e.
> > > >          0x0010:  cdd3 a433 0035 d1ef 0079 244f 86d4 
> 8483  ...3.5...y$O..
> > ..
> > > >          0x0020:  0001 0000 0001 0000 0577 6562 3630 
> 1168  .........web60
> > .h
> > > >          0x0030:  6967 6873 7065 6564 6261 636b 626f 
> 6e65  ighspeedbackbo
> > ne
> > > >          0x0040:  036e 6574 0000 1c00 0111 6869 6768 
> 7370  .net......high
> > sp
> > > >          0x0050:  6565 6462 6163 6b62 6f6e 6503 6e65 
> 7400  eedbackbone.ne
> > t.
> > > >          0x0060:  0006 0001 0000 0258 0023 046e 7330 
> 31c0  .......X.#.ns0
> > 1.
> > > >          0x0070:  2d05 6164 6d69 6ec0 2d00 0000 4c00 
> 000e  -.admin.-...L.
> > ..
> > > >          0x0080:  1000 0002 5800 093a 8000 0002 
> 58         ....X..:....X
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --------------------------------------------------------------------
> > > > Mike Tancsa,                                      tel +1 519 651 3400
> > > > Sentex Communications,                            mike at sentex.net
> > > > Providing Internet since 1994                    www.sentex.net
> > > > Cambridge, Ontario Canada                         www.sentex.net/mike
> > > >
> > > >
> > > >
> > > >
> > > >
> >
> >
>--
>Mark Andrews, ISC
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list