Bind not returning A record
Paul Ooi Cong Jen
paulooi at takizo.com
Wed Dec 22 07:11:16 UTC 2010
Hi All,
I am having problem with Bind query, but not sure is it client error or server error.
Below is the server details.
Server running FreeBSD 8.1
Bind 9.7.0-P3
options {
query-source address * port *;
use-v4-udp-ports { range 2048 65535; };
recursive-clients 20000;
recursion yes;
allow-recursion {
any;
};
allow-query {
any;
};
allow-transfer {
trusted;
};
}
When I try to dig the domain name, received SERVFAIL status but when +trace initiate, it seem fine
--------------
dig @localhost www.kwsp.gov.my
; <<>> DiG 9.7.0-P3 <<>> @localhost www.kwsp.gov.my
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32501
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.kwsp.gov.my. IN A
;; Query time: 384 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 22 15:02:41 2010
;; MSG SIZE rcvd: 33
-------------------------
-------------------------
dig @localhost www.kwsp.gov.my +trace
; <<>> DiG 9.7.0-P3 <<>> @localhost www.kwsp.gov.my +trace
; (2 servers found)
;; global options: +cmd
. 518400 IN NS k.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS g.root-servers.net.
;; Received 504 bytes from 127.0.0.1#53(127.0.0.1) in 2 ms
my. 172800 IN NS dns.mynic.net.my.
my. 172800 IN NS ns20.iij.ad.jp.
my. 172800 IN NS ns2.cuhk.edu.hk.
my. 172800 IN NS ns5.jaring.my.
my. 172800 IN NS ns6.jaring.my.
my. 172800 IN NS ns-my.nic.fr.
my. 172800 IN NS dns2.mynic.net.my.
;; Received 486 bytes from 192.5.5.241#53(f.root-servers.net) in 5 ms
gov.my. 86400 IN NS ns5.jaring.my.
gov.my. 86400 IN NS ns20.iij.ad.jp.
gov.my. 86400 IN NS ns2.cuhk.edu.hk.
gov.my. 86400 IN NS dns1.mynic.net.my.
gov.my. 86400 IN NS ns6.jaring.my.
;; Received 266 bytes from 192.134.0.49#53(ns-my.nic.fr) in 351 ms
kwsp.gov.my. 86400 IN NS harimau.skali.com.my.
kwsp.gov.my. 86400 IN NS rusa.skali.com.my.
kwsp.gov.my. 86400 IN NS ns3.pttcdc.com.my.
;; Received 109 bytes from 137.189.6.21#53(ns2.cuhk.edu.hk) in 52 ms
www.kwsp.gov.my. 43200 IN CNAME www.yu.kwsp.gov.my.
;; Received 54 bytes from 202.184.117.10#53(ns3.pttcdc.com.my) in 21 ms
-----------------------------------------------
If I tried to rndc flush, dig again the record return the result
------------------------------
dig @localhost www.kwsp.gov.my
; <<>> DiG 9.7.0-P3 <<>> @localhost www.kwsp.gov.my
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20092
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;www.kwsp.gov.my. IN A
;; ANSWER SECTION:
www.kwsp.gov.my. 43186 IN CNAME www.yu.kwsp.gov.my.
www.yu.kwsp.gov.my. 30 IN A 202.162.21.166
;; AUTHORITY SECTION:
yu.kwsp.gov.my. 43200 IN NS ns2.yu.kwsp.gov.my.
yu.kwsp.gov.my. 43200 IN NS ns1.yu.kwsp.gov.my.
;; Query time: 829 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 22 15:04:55 2010
;; MSG SIZE rcvd: 106
------------------------
From the debug logs, we see the error message as below
gov.my/IN/A at query.c:4650
22-Dec-2010 14:38:52.845 query-errors: client 211.24.220.233#54055: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:38:52.845 query-errors: client 211.24.220.233#54023: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:40:27.940 query-errors: client 203.121.30.35#52679: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:40:27.940 query-errors: client 211.24.220.233#54143: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:43:48.202 query-errors: client 211.24.177.146#62297: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:43:48.202 query-errors: client 211.24.220.233#54459: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:43:48.202 query-errors: client 211.24.220.233#54473: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:43:48.202 query-errors: client 211.24.177.146#62297: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:44:48.290 query-errors: client 211.24.220.233#54530: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:44:48.290 query-errors: client 127.0.0.1#19009: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
22-Dec-2010 14:44:48.290 query-errors: client 211.24.220.233#54547: query failed (SERVFAIL) for www.kwsp.gov.my/IN/A at query.c:4650
On the other hand, we notice that the NS record seem like no DNS service running, could it be client side or server side problem?
--
Paul Ooi
More information about the bind-users
mailing list