Problem resolving CNAME in BIND 9.8.0 and 9.8.0-P2

Per-Olof Axelsson Per-Olof.Axelsson at hb.se
Fri Jun 10 14:50:25 UTC 2011


When I run the following dig command below I sometimes get different answers, generally 20-30 minutes after restarting BIND.
It doesn't matter if I run dig from a remote host or locally on the problematic DNS server.
The two servers in question run on entirely different hardware and operating systems. One server runs a compiled version of BIND (on Redhat) whilst the other runs an installed package version (SLES11 SP1).

The problem can occur on one DNS server whilst the other remains unaffected, and vice-versa. Incorrect replies often come in small groups mixed with correct replies, generally over a period of a few seconds before returning to returning the correct answer. 

Specifiying localhost (127.0.0.1) as the server however results in the problem never occuring.

I turned on debug level 5 in BIND and searched the logs for any errors but didnt find anything.
I tried tcpdump but that didn't give anything either.

To solve the problem I downgraded BIND to version 9.7.3.

The following are the outputs I'm seeing:

Correct answer.
----------------------------------------------------------------
[root at mayday named]# dig @193.10.166.35 ldap.hb.se

; <<>> DiG 9.8.0-P2 <<>> @193.10.166.35 ldap.hb.se
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12728
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 2

;; QUESTION SECTION:
;ldap.hb.se.			IN	A

;; ANSWER SECTION:
ldap.hb.se.		3600	IN	CNAME	vm-nldap-n1.hb.se.
vm-nldap-n1.hb.se.	3600	IN	A	193.10.166.191

;; AUTHORITY SECTION:
hb.se.			3600	IN	NS	dns2.hb.se.
hb.se.			3600	IN	NS	hb-ns.server.hv.se.
hb.se.			3600	IN	NS	ns2.chalmers.se.
hb.se.			3600	IN	NS	mayday.hb.se.

;; ADDITIONAL SECTION:
dns2.hb.se.		3600	IN	A	193.10.166.35
mayday.hb.se.		3600	IN	A	193.10.166.34

;; Query time: 2 msec
;; SERVER: 193.10.166.35#53(193.10.166.35)
;; WHEN: Thu Jun  9 12:49:17 2011
;; MSG SIZE  rcvd: 199
---------------------------------------------------------------

Wrong answer.
---------------------------------------------------------------
[root at mayday named]# dig @193.10.166.35 ldap.hb.se

; <<>> DiG 9.8.0-P2 <<>> @193.10.166.35 ldap.hb.se
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61784
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ldap.hb.se.			IN	A

;; ANSWER SECTION:
ldap.hb.se.		3600	IN	CNAME	vm-nldap-n1.hb.se.

;; Query time: 1 msec
;; SERVER: 193.10.166.35#53(193.10.166.35)
;; WHEN: Thu Jun  9 12:49:17 2011
;; MSG SIZE  rcvd: 54
---------------------------------------------------------------

Why is ANSWER SECTION, AUTHORITY SECTION and ADDITIONAL SECTION different?

Any ideas??

/Per-Olof Axelsson 





More information about the bind-users mailing list