Bind 9.4.2 not resolving one domain

caio elcaio at gmail.com
Thu Sep 4 19:00:05 UTC 2008 

Hans F. Nordhaug escribió:
> * caio <elcaio at gmail.com> [2008-09-04]:
> [cut]
>> do not know if a connectivity problem, because i have 2 name servers, at 
>> the same network level hierarchy (but differents subnet).., and maybe 
>> there is one working ok while the other with failure..
>>
>> here the case of the secondary ns...(at this moment):
>>
>> # dig @dns2.mydomain.com www.yahoo.com.ar +trace
> [cut]
>> www.yahoo.com.ar.       1800    IN      CNAME   hp2.latam.g1.b.yahoo.com.
>> g1.b.yahoo.com.         172800  IN      NS      yf1.yahoo.com.
>> g1.b.yahoo.com.         172800  IN      NS      yf2.yahoo.com.
>> g1.b.yahoo.com.         172800  IN      NS      yf3.yahoo.com.
>> g1.b.yahoo.com.         172800  IN      NS      yf4.yahoo.com.
>> g1.b.yahoo.com.         172800  IN      NS      yf5.yahoo.com.
>> g1.b.yahoo.com.         172800  IN      NS      yf6.yahoo.com.
>> g1.b.yahoo.com.         172800  IN      NS      yf7.yahoo.com.
>> ;; Received 310 bytes from 66.218.71.63#53(ns1.yahoo.com) in 233 ms
>>
>> And without "+trace" argument:
>>
>> # dig @dns2.mydomain.com www.yahoo.com.ar
>>
>> ; <<>> DiG 9.4.2 <<>> @dns2.mydomain.com www.yahoo.com.ar
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; connection timed out; no servers could be reached
>>
>> Why with 'trace' the query seem to finish, and without 'trace' it fails?
> 
> Yes, why? I have discussed this in another thread - "Recursive queries
> fail if query source port is not fixed" - see
> <http://marc.info/?l=bind-users&s=nordhaug>
> I haven't followed all posts in this thread, but my problem appears
> only if I have random query source port - any fixed number is OK.
> 
> Hans
> 

Hi Hans, yesterday i've visited this thread but with a quick-read I 
thought that the problem was a Cisco PIX bug...., i did not pay too much 
attention..

I tested with fixed and random source port (53) but no difference.

Now my named.conf has (commented):

         #query-source address * port 53;

Anyway, the dig query failure cicles between these 2 results:

1)
# dig @dns2.mydomain.com www.yahoo.com.ar

; <<>> DiG 9.4.2 <<>> @dns2.mydomain.com www.yahoo.com.ar
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42577
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.yahoo.com.ar.              IN      A

;; Query time: 4340 msec
;; SERVER: <mydomain_public_ip_addr>#53(ip_addr)
;; WHEN: Thu Sep  4 15:49:45 2008
;; MSG SIZE  rcvd: 34

and..

2)
# dig @dns2.mydomain.com www.yahoo.com.ar

; <<>> DiG 9.4.2 <<>> @dns2.mydomain www.yahoo.com.ar
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

--
caio

More information about the bind-users mailing list