Problem resolving CNAME in BIND 9.8.0 and 9.8.0-P2

Lyle Giese lyle at lcrcomputer.net
Fri Jun 10 22:57:14 UTC 2011 

On 06/10/11 09:50, Per-Olof Axelsson wrote:
> When I run the following dig command below I sometimes get different answers, generally 20-30 minutes after restarting BIND.
> It doesn't matter if I run dig from a remote host or locally on the problematic DNS server.
> The two servers in question run on entirely different hardware and operating systems. One server runs a compiled version of BIND (on Redhat) whilst the other runs an installed package version (SLES11 SP1).
>
> The problem can occur on one DNS server whilst the other remains unaffected, and vice-versa. Incorrect replies often come in small groups mixed with correct replies, generally over a period of a few seconds before returning to returning the correct answer.
>
> Specifiying localhost (127.0.0.1) as the server however results in the problem never occuring.
>
> I turned on debug level 5 in BIND and searched the logs for any errors but didnt find anything.
> I tried tcpdump but that didn't give anything either.
>
> To solve the problem I downgraded BIND to version 9.7.3.
>
> The following are the outputs I'm seeing:
>
> Correct answer.
> ----------------------------------------------------------------
> [root at mayday named]# dig @193.10.166.35 ldap.hb.se
>
> ;<<>>  DiG 9.8.0-P2<<>>  @193.10.166.35 ldap.hb.se
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12728
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;ldap.hb.se.			IN	A
>
> ;; ANSWER SECTION:
> ldap.hb.se.		3600	IN	CNAME	vm-nldap-n1.hb.se.
> vm-nldap-n1.hb.se.	3600	IN	A	193.10.166.191
>
> ;; AUTHORITY SECTION:
> hb.se.			3600	IN	NS	dns2.hb.se.
> hb.se.			3600	IN	NS	hb-ns.server.hv.se.
> hb.se.			3600	IN	NS	ns2.chalmers.se.
> hb.se.			3600	IN	NS	mayday.hb.se.
>
> ;; ADDITIONAL SECTION:
> dns2.hb.se.		3600	IN	A	193.10.166.35
> mayday.hb.se.		3600	IN	A	193.10.166.34
>
> ;; Query time: 2 msec
> ;; SERVER: 193.10.166.35#53(193.10.166.35)
> ;; WHEN: Thu Jun  9 12:49:17 2011
> ;; MSG SIZE  rcvd: 199
> ---------------------------------------------------------------
>
> Wrong answer.
> ---------------------------------------------------------------
> [root at mayday named]# dig @193.10.166.35 ldap.hb.se
>
> ;<<>>  DiG 9.8.0-P2<<>>  @193.10.166.35 ldap.hb.se
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61784
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ldap.hb.se.			IN	A
>
> ;; ANSWER SECTION:
> ldap.hb.se.		3600	IN	CNAME	vm-nldap-n1.hb.se.
>
> ;; Query time: 1 msec
> ;; SERVER: 193.10.166.35#53(193.10.166.35)
> ;; WHEN: Thu Jun  9 12:49:17 2011
> ;; MSG SIZE  rcvd: 54
> ---------------------------------------------------------------
>
> Why is ANSWER SECTION, AUTHORITY SECTION and ADDITIONAL SECTION different?
>
> Any ideas??
>
> /Per-Olof Axelsson
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

 From here, I can not resolve vm-nldap-nl.hb.se with dig 9.7.3 using the 
+trace option.

Lyle Giese
LCR Computer Services, Inc.

More information about the bind-users mailing list