Problema Bind 9.6.1 CentOS 5.3
kcd at chrysler.com
Tue Nov 17 23:23:32 UTC 2009
Luiz Ricardo Olicio wrote:
> Hi guys!
> We have some DNS servers with BIND version 9.6.1-P1 and we have some
> problems to resolve domain addresses. But to clear the cache
> (rndc-flush) they return to settle for some time.
> When the resolution gives error, we have the following message:
> ;; Connection timed out, the servers could be reached
The fact that a flush clears that error implies a mismatch between the
delegating NS records for a zone (which are used when the resolver
doesn't have anything cached), and the NS records at the apex of the
zone (which are cached and used on subsequent queries for anything in
The apex NS records are either invalid, or you simply can't get to any
of those nameservers, due to routing issues, firewall rules, something
of that nature. If you would provide the name of a DNS name that's
exhibiting the problem, maybe we could check further.
By clearing the cache, you're forcing your resolver to use the
delegating NS records, which may get it working temporarily, but you
should try to figure out the real problem, since obviously you can't be
flushing your cache constantly to work around this.
> But in another moment had the following message:
> dig: isc_socket_create: address family not supported
I'm not sure what causes that; I don't think I've ever seen it in the
wild. A quick Google search indicates that on some OSes (you didn't say
what you're running this on) EAFNOSUPPORT may be given erroneously as a
"generic" error for certain kinds of socket-level failures.
> Use the barefruit, it would be something related to it? Has anyone had
> this same problem.
Do you mean http://www.barefruit.co.uk/?
If they're doing what I think they're doing -- NXDOMAIN redirection --
then, yeah, that will break things, and if you chose to deliberately get
your NXDOMAINs redirected, frankly you deserve whatever you get.
More information about the bind-users