Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNS problem?

bert hubert bert.hubert at gmail.com
Thu Jul 30 20:27:24 UTC 2009


On Mon, Jul 27, 2009 at 11:36 AM, Richard<richard.traveling at gmail.com> wrote:
> (This problem involves bind, but it's not about bind strictly
> speaking.  Is there a general DNS discussion list somewhere?  If so,
> please direct me.)

dns-operations might come reasonably close. Historically, this list
used to be 'the' place, back when BIND was pioneering nameserver, and
de facto "the nameserver".

These days, the situation is a bit more complicated.

> Queries of "agences.fr.lastminute.com" against two servers of the
> French ISP Free.fr, dns{1,2}.proxad.net, fail occasionally with
> NXDOMAIN.
> Queries against other nameservers do not fail (repeated many times).
>
> I think there is..
>
> 1/ an issue with PowerDNS on the Free.fr resolvers, which is
> interacting with
> 2/ a bad configuration of Bind 9.2.3 for lastminute.com

I'm one of the PowerDNS people, and while the PowerDNS motto is 'it
has to work' (RFC 1925 compliancy), agences.fr.lastminute.com is
misconfigured so badly I make no apologies about PowerDNS
intermittently failing to resolve this domain.

Stephane debugged it already, this is the --trace output from PowerDNS:

agences.fr.lastminute.com.: Resolved 'lastminute.com.' NS
3dns1.pct.lastminute.com. to: 93.88.192.70
agences.fr.lastminute.com.: Trying IP 93.88.192.70:53, asking
'agences.fr.lastminute.com.|A'
agences.fr.lastminute.com.: Got 2 answers from
3dns1.pct.lastminute.com. (93.88.192.70), rcode=3, in 33ms
agences.fr.lastminute.com.: accept answer
'agences.fr.lastminute.com.|CNAME|pos1.leadformance.com.' from
'lastminute.com.' nameservers? YES!
agences.fr.lastminute.com.: accept answer
'com.|SOA|3dns0.pwg.lastminute.com.
hostmaster.3dns0.pwg.lastminute.com. 4 10800 3600 604800 60' from
'lastminute.com.' nameservers? NO!
agences.fr.lastminute.com.: determining status after receiving this packet
agences.fr.lastminute.com.: got negative caching indication for RECORD
'agences.fr.lastminute.com.'
agences.fr.lastminute.com.: status=NXDOMAIN, we are done (have negative SOA)
agences.fr.lastminute.com.: failed (res=3)
answer to question 'agences.fr.lastminute.com.|A': 1 answers, 0
additional, took 3 packets, 0 throttled, 0 timeouts, 0 tcp
connections, rcode=3

Strictly speaking, PowerDNS might ignore the 'com.|SOA' record - but
lastminute.com should not ever be sending it.

> Is this bind misconfigured, returning to the public the SOA for "com."
> as their own lastminute.com server and no NS records?

The first part is the problem.

I'm sorry I can't fix this problem for you, I'll see if I can contact
the lastminute.com people.

    Bert



More information about the bind-users mailing list