IPv6 client and negative cache - some doubts

Michal Wesolowski gmickyw at gmail.com
Tue Feb 23 11:12:53 UTC 2010


Hello Everyone

I have a problem with Bind 9.3.6-P1 (included in Solaris 10) but honestly I
don't even understand if it is wrong Bind behaviour or my ignorance. It does
apply only to some specific cases when external domain delegation is also
somewhat broken. My server is caching only. Let me show it by the example:

Host "www.goleszow.pl" has bad NS delegation on country root servers level
because virtual.sincom.pl is not resolvable:

goleszow.pl.        86400    IN    NS    virtual.sincom.pl.
goleszow.pl.        86400    IN    NS    virtual.jasnet.pl.
;; Received 91 bytes from 149.156.1.6#53(G-DNS.pl) in 19 ms

When dns client asks my server for A record of "www.goleszow.pl" -
everything is fine. But when first query (after cache is flushed) asks for
AAAA record - my server seems to cache negative answer and all subsequent
queries for A record also fails. My server is recursive and I've many IPv6
clients on the network.
I checked what is going on when server receives first query for AAAA:

  1   0.000000 192.168.1.71 -> 192.33.4.12  DNS Standard query TXT
_nfsv4idmapdomain
  2   0.002775 192.168.1.71 -> 192.33.4.12  DNS Standard query NS <Root>
  3   0.028379  192.33.4.12 -> 192.168.1.71 DNS Standard query response, No
such name
  4   0.033050  192.33.4.12 -> 192.168.1.71 DNS Standard query response NS
G.ROOT-SERVERS.NET NS A.ROOT-SERVERS.NET NS D.ROOT-SERVERS.NET NS
F.ROOT-SERVERS.NET NS C.ROOT-SERVERS.NET NS E.ROOT-SERVERS.NET NS
L.ROOT-SERVERS.NET NS B.ROOT-SERVERS.NET NS H.ROOT-SERVERS.NET NS
K.ROOT-SERVERS.NET NS I.ROOT-SERVERS.NET NS J.ROOT-SERVERS.NET NS
M.ROOT-SERVERS.NET
  5   2.801810 192.168.1.71 -> 192.228.79.201 DNS Standard query AAAA
goleszow.pl
  6   2.982864 192.228.79.201 -> 192.168.1.71 DNS Standard query response
  7   2.989858 192.168.1.71 -> 195.47.235.226 DNS Standard query AAAA
goleszow.pl
  8   3.009941 195.47.235.226 -> 192.168.1.71 DNS Standard query response
  9   3.015835 192.168.1.71 -> 195.80.237.162 DNS Standard query A
virtual.jasnet.pl
 10   3.018273 192.168.1.71 -> 195.80.237.162 DNS Standard query AAAA
virtual.jasnet.pl
 11   3.019792 195.80.237.162 -> 192.168.1.71 DNS Standard query response
 12   3.021021 192.168.1.71 -> 195.80.237.162 DNS Standard query A
virtual.sincom.pl
 13   3.022049 195.80.237.162 -> 192.168.1.71 DNS Standard query response
 14   3.023746 192.168.1.71 -> 195.80.237.162 DNS Standard query AAAA
virtual.sincom.pl
 15   3.024858 195.80.237.162 -> 192.168.1.71 DNS Standard query response
 16   3.027626 195.80.237.162 -> 192.168.1.71 DNS Standard query response
 17   3.028502 192.168.1.71 -> 62.146.113.3 DNS Standard query A
virtual.jasnet.pl
 18   3.031538 192.168.1.71 -> 62.146.113.3 DNS Standard query AAAA
virtual.jasnet.pl
 19   3.035423 192.168.1.71 -> 62.146.113.3 DNS Standard query A
virtual.sincom.pl
 20   3.038242 192.168.1.71 -> 62.146.113.3 DNS Standard query AAAA
virtual.sincom.pl
 21   3.057608 62.146.113.3 -> 192.168.1.71 DNS Standard query response A
85.202.208.254
 22   3.061034 192.168.1.71 -> 85.202.208.254 DNS Standard query AAAA
goleszow.pl
 23   3.062109 62.146.113.3 -> 192.168.1.71 DNS Standard query response
CNAME jasnet.pl
 24   3.065739 62.146.113.3 -> 192.168.1.71 DNS Standard query response, No
such name
 25   3.066057 62.146.113.3 -> 192.168.1.71 DNS Standard query response, No
such name
 26   3.080053 85.202.208.254 -> 192.168.1.71 DNS Standard query response

At the end jasnet.pl ( 85.202.208.254 - authoritative NS for goleszow.pl)
answer with empty reply (no error) which is - in my opinion - is correct.

Then when any client asks my server for A record for www.goleszow.pl it gets
NXDOMAIN. My server doesn't even contact external network - so I suppose the
answer comes from cache.

I don't really know why Bind refuses subsequent queries for A of
www.goleszow.pl?

This is what I found in the Bind cache:
# rndc dumpdb -all
# cat /var/named/log/named_dump.db | grep virt
goleszow.pl.            85994   NS      virtual.jasnet.pl.
                        85994   NS      virtual.sincom.pl.
virtual.jasnet.pl.      3194    A       85.202.208.254
virtual.sincom.pl.      3194    \-ANY   ;-$NXDOMAIN
; virtual.jasnet.pl alias jasnet.pl [v4 TTL 3194] [target TTL 3194] [v4
success] [v6 unexpected]
; virtual.sincom.pl [v4 TTL 3194] [v6 TTL 3194] [v4 nxdomain] [v6 nxdomain]

Which for me doesn't explain this behaviour. Please advice.

Regards

Michal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100223/b5956dd5/attachment.html>


More information about the bind-users mailing list