Problema Bind 9.6.1 CentOS 5.3

Kevin Darcy kcd at chrysler.com
Tue Nov 17 23:23:32 UTC 2009


Luiz Ricardo Olicio wrote:
> Hi guys!
>
> We have some DNS servers with BIND version 9.6.1-P1 and we have some 
> problems to resolve domain addresses. But to clear the cache 
> (rndc-flush) they return to settle for some time.
>
> When the resolution gives error, we have the following message:
> ;; Connection timed out, the servers could be reached
The fact that a flush clears that error implies a mismatch between the 
delegating NS records for a zone (which are used when the resolver 
doesn't have anything cached), and the NS records at the apex of the 
zone (which are cached and used on subsequent queries for anything in 
the zone).

The apex NS records are either invalid, or you simply can't get to any 
of those nameservers, due to routing issues, firewall rules, something 
of that nature. If you would provide the name of a DNS name that's 
exhibiting the problem, maybe we could check further.

By clearing the cache, you're forcing your resolver to use the 
delegating NS records, which may get it working temporarily, but you 
should try to figure out the real problem, since obviously you can't be 
flushing your cache constantly to work around this.
>
> But in another moment had the following message:
> dig: isc_socket_create: address family not supported
I'm not sure what causes that; I don't think I've ever seen it in the 
wild. A quick Google search indicates that on some OSes (you didn't say 
what you're running this on) EAFNOSUPPORT may be given erroneously as a 
"generic" error for certain kinds of socket-level failures.
>
> Use the barefruit, it would be something related to it? Has anyone had 
> this same problem.
>
Do you mean http://www.barefruit.co.uk/?

If they're doing what I think they're doing -- NXDOMAIN redirection -- 
then, yeah, that will break things, and if you chose to deliberately get 
your NXDOMAINs redirected, frankly you deserve whatever you get.

                                                                         
                                                   - Kevin




More information about the bind-users mailing list