problems resolving domains unser NSxx.DOMAINCONTROL.COM

Kevin Darcy kcd at chrysler.com
Mon Jun 21 16:53:26 UTC 2010 

The outgoing "[1au]" queries aren't getting a response. In tcpdump's 
display format, I believe "[1au]" means 1 record in the Additional 
Section. This would undoubtedly be an OPT record for EDNS0 negotiation.

I'm having no problems querying those same nameservers with EDNS0 by the 
way.

What you show would, I think, be the expected results of a 
recently-restarted nameserver on a network infrastructure that was 
dropping EDNS0 packets. Once named "learns" that particular nameservers 
don't support EDNS0, however, I believe it would stop trying to use 
EDNS0 with them, at least for a while (in case it was just a temporary 
problem), so I don't think this would be a persistent issue.

This is not to say you shouldn't get to the root cause, but I doubt it 
actually causes real outages. EDNS0 support was added to BIND with full 
knowledge that not all network infrastructures were going to support it 
right away...

I believe +dnssec also turns on EDNS0 unconditionally, so your failures 
with +dnssec queries are consistent with my hypothesis.

                                                                         
                                                             - Kevin

On 6/18/2010 10:20 PM, Rok Potočnik wrote:
> I'm using bind 9.7.0-p2 as an authoritive/caching server on a couple 
> of servers and lately I'm noticing that we're having problems 
> resolving domains under *.domaincontrol.com servers. The query itself 
> is sent out (as the tcpdump output down below shows) but only a couple 
> of replies get back. In case I do a manual lookup using dig, the 
> replies get back every time. Any ideas on where to look the problem?
>
> ---
> # tcpdump -nvs0 -ieth1 'host 208.109.255.17 or host 216.69.185.17'
> tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 
> 65535 bytes
> 04:06:00.189351 IP (tos 0x0, ttl  64, id 5848, offset 0, flags [none], 
> length: 83) 11.22.33.44.5520 > 216.69.185.17.53: [bad udp cksum 8d70!] 
> 2246 A? ns2.treasurecoasthandymanservices.com. (55)
> 04:06:00.230958 IP (tos 0x0, ttl  51, id 0, offset 0, flags [DF], 
> length: 151) 216.69.185.17.53 > 11.22.33.44.5520: [udp sum ok]  2246*- 
> 1/2/0 ns2.treasurecoasthandymanservices.com. A 184.73.42.183 (123)
> 04:06:00.305217 IP (tos 0x0, ttl  64, id 58705, offset 0, flags 
> [none], length: 80) 11.22.33.44.20025 > 208.109.255.17.53: [bad udp 
> cksum d552!]  34314% [1au] MX? replacementservices.com. (52)
> 04:06:00.360333 IP (tos 0x0, ttl  64, id 5849, offset 0, flags [none], 
> length: 94) 11.22.33.44.29996 > 216.69.185.17.53: [bad udp cksum 
> 8096!]  62171% [1au] A? ns1.treasurecoasthandymanservices.com. (66)
> 04:06:00.360389 IP (tos 0x0, ttl  64, id 5850, offset 0, flags [none], 
> length: 94) 11.22.33.44.41105 > 216.69.185.17.53: [bad udp cksum 
> 622a!]  13204% [1au] A? ns2.treasurecoasthandymanservices.com. (66)
> 04:06:00.360420 IP (tos 0x0, ttl  64, id 5851, offset 0, flags [none], 
> length: 94) 11.22.33.44.44750 > 216.69.185.17.53: [bad udp cksum 
> 3cf3!]  16765% [1au] AAAA? ns1.treasurecoasthandymanservices.com. (66)
> 04:06:00.360483 IP (tos 0x0, ttl  64, id 5852, offset 0, flags [none], 
> length: 94) 11.22.33.44.60483 > 216.69.185.17.53: [bad udp cksum 
> 8d37!]  49078% [1au] AAAA? ns2.treasurecoasthandymanservices.com. (66)
> 04:06:00.539000 IP (tos 0x0, ttl  64, id 5853, offset 0, flags [none], 
> length: 83) 11.22.33.44.40187 > 216.69.185.17.53: [bad udp cksum 
> 9261!]  36950 A? ns1.treasurecoasthandymanservices.com. (55)
> 04:06:00.572696 IP (tos 0x0, ttl  51, id 0, offset 0, flags [DF], 
> length: 151) 216.69.185.17.53 > 11.22.33.44.40187: [udp sum ok]  
> 36950*- 1/2/0 ns1.treasurecoasthandymanservices.com. A 184.73.99.89 (123)
> 04:06:02.619261 IP (tos 0x0, ttl  64, id 58706, offset 0, flags 
> [none], length: 80) 11.22.33.44.31171 > 208.109.255.17.53: [bad udp 
> cksum 8e06!]  46279% [1au] MX? replacementservices.com. (52)
> 04:06:04.389211 IP (tos 0x0, ttl  64, id 58707, offset 0, flags 
> [none], length: 94) 11.22.33.44.17162 > 208.109.255.17.53: [bad udp 
> cksum 3baf!]  29937% [1au] AAAA? 
> ns2.treasurecoasthandymanservices.com. (66)
> 04:06:04.414944 IP (tos 0x0, ttl  64, id 58708, offset 0, flags 
> [none], length: 94) 11.22.33.44.17486 > 208.109.255.17.53: [bad udp 
> cksum 650e!]  12165% [1au] A? ns1.treasurecoasthandymanservices.com. (66)
> 04:06:04.512114 IP (tos 0x0, ttl  64, id 58709, offset 0, flags 
> [none], length: 94) 11.22.33.44.11845 > 208.109.255.17.53: [bad udp 
> cksum 2460!]  62413% [1au] A? ns2.treasurecoasthandymanservices.com. (66)
> 04:06:04.551371 IP (tos 0x0, ttl  64, id 58710, offset 0, flags 
> [none], length: 94) 11.22.33.44.62132 > 208.109.255.17.53: [bad udp 
> cksum 8e91!]  58100% [1au] AAAA? 
> ns1.treasurecoasthandymanservices.com. (66)
> 04:06:06.594682 IP (tos 0x0, ttl  64, id 5854, offset 0, flags [none], 
> length: 80) 11.22.33.44.29685 > 216.69.185.17.53: [bad udp cksum 
> 6135!]  2067% [1au] MX? replacementservices.com. (52)
> 04:06:08.631924 IP (tos 0x0, ttl  64, id 5855, offset 0, flags [none], 
> length: 69) 11.22.33.44.59535 > 216.69.185.17.53: [bad udp cksum 
> 4a0a!]  16619 MX? replacementservices.com. (41)
> 04:06:08.665270 IP (tos 0x0, ttl  51, id 0, offset 0, flags [DF], 
> length: 180) 216.69.185.17.53 > 11.22.33.44.59535: [udp sum ok]  
> 16619*- 2/2/0 replacementservices.com. MX server24.appriver.com. 10, 
> replacementservices.com. MX server25.appriver.com. 20 (152)
> 04:06:10.664542 IP (tos 0x0, ttl  64, id 5856, offset 0, flags [none], 
> length: 94) 11.22.33.44.27072 > 216.69.185.17.53: [bad udp cksum 
> ddc6!]  49385% [1au] AAAA? ns2.treasurecoasthandymanservices.com. (66)
> 04:06:10.703845 IP (tos 0x0, ttl  64, id 5857, offset 0, flags [none], 
> length: 94) 11.22.33.44.14627 > 216.69.185.17.53: [bad udp cksum 
> b1c6!]  3252% [1au] A? ns1.treasurecoasthandymanservices.com. (66)
> 04:06:10.804055 IP (tos 0x0, ttl  64, id 5858, offset 0, flags [none], 
> length: 94) 11.22.33.44.1134 > 216.69.185.17.53: [bad udp cksum fbb6!] 
> 20766% [1au] A? ns2.treasurecoasthandymanservices.com. (66)
> 04:06:10.841086 IP (tos 0x0, ttl  64, id 5859, offset 0, flags [none], 
> length: 94) 11.22.33.44.12098 > 216.69.185.17.53: [bad udp cksum 
> 35bf!]  785% [1au] AAAA? ns1.treasurecoasthandymanservices.com. (66)
> 04:06:11.251709 IP (tos 0x0, ttl  64, id 58711, offset 0, flags 
> [none], length: 80) 11.22.33.44.40730 > 208.109.255.17.53: [bad udp 
> cksum 5eae!]  59295% [1au] MX? replacementservices.com. (52)
> ---
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100621/de9567be/attachment.html>

More information about the bind-users mailing list