BIND does not answer

Christian Tardif christian.tardif at servinfo.ca
Wed Oct 24 00:17:50 UTC 2012


Hi,

I have a strange BIND behaviour I don't know how to handle. As I don't 
exactly know how to describe it, I'll rather explain what I did and what 
happens. But not quite easy to follow.

In my tests, I have two servers with BIND installed on them: SiteA (BIND 
9.8.2rc1 on CentOS 6.3), and SiteB (BIND 9.5.0-P2, on Mandriva 2008.1). 
A third environment helps me for diagnostics.

SiteA is a recursive name server. I've been able to prove that it does 
not behave correctly under certain circumstances by hitting it with a 
simple request: asking it to give me NS records for a certain subdomain 
for which it's primary for the base domain (dig @SiteA NS 
sub.domain.tld, SiteA being authoritative for domain.tld). It just times 
out. There are glue records on SiteA for the sub.domain.tld master 
BIND). In order to try to figure out what was going on, I try, directly 
from SiterA, to send a request, as a client, directly to the master of 
sub.domain.tld. Times out again. At this moment, I can't tell which 
server is faulty. But I ge the same behaviour trying to get an answer 
from a completely different server (SiteB). In that case as well, no 
answer. But still starting from SiteA.

I then tried to get a response for the request I made from SiteA to 
SiteB (as I control both), but this time, starting for my third 
environment. Then, SiteB answers to my request. So SiteB looks like it's 
working. But how come it does not answer my request from SiteA?  From 
BIND logs on siteB, there's no trace of SiteA-to-SiteB' request. In 
order to prove that my UDP packets actually reaches their destination, 
and are not modified during transit, I opened a tcpdump session on SiteA 
and on SiteB. Packets come through in good shape, but didn't find their 
way to BIND application, as it seems. In my opinion, SiteB is not part 
of the problem, as it answers normally to every other it receives from 
anywhere else than SiteA. If I try again SiteA-to-SiteB request, I can 
see with TCPDUMP that packets gets out of SiteA, and enters SiteB. But 
BIND doesn't react. Even if I try to enable debugging on SiteB, I don't 
see anything.

What could be wrong, and how do I solve it? What tools are available to 
help out? If I try to ask for recursive request (let's say 
www.google.com) from anywhere, pointing at SiteA, I get a proper answer.

There's no firewall on either side

-- 
Christian Tardif




More information about the bind-users mailing list