BIND does not answer

Chris Buxton chris.p.buxton at gmail.com
Wed Oct 24 15:56:10 UTC 2012


On Oct 23, 2012, at 5:17 PM, Christian Tardif wrote:

> Hi,
> 
> I have a strange BIND behaviour I don't know how to handle. As I don't exactly know how to describe it, I'll rather explain what I did and what happens. But not quite easy to follow.
> 
> In my tests, I have two servers with BIND installed on them: SiteA (BIND 9.8.2rc1 on CentOS 6.3), and SiteB (BIND 9.5.0-P2, on Mandriva 2008.1). A third environment helps me for diagnostics.
> 
> SiteA is a recursive name server. I've been able to prove that it does not behave correctly under certain circumstances by hitting it with a simple request: asking it to give me NS records for a certain subdomain for which it's primary for the base domain (dig @SiteA NS sub.domain.tld, SiteA being authoritative for domain.tld). It just times out. There are glue records on SiteA for the sub.domain.tld master BIND). In order to try to figure out what was going on, I try, directly from SiterA, to send a request, as a client, directly to the master of sub.domain.tld. Times out again. At this moment, I can't tell which server is faulty. But I ge the same behaviour trying to get an answer from a completely different server (SiteB). In that case as well, no answer. But still starting from SiteA.
> 
> I then tried to get a response for the request I made from SiteA to SiteB (as I control both), but this time, starting for my third environment. Then, SiteB answers to my request. So SiteB looks like it's working. But how come it does not answer my request from SiteA?  From BIND logs on siteB, there's no trace of SiteA-to-SiteB' request. In order to prove that my UDP packets actually reaches their destination, and are not modified during transit, I opened a tcpdump session on SiteA and on SiteB. Packets come through in good shape, but didn't find their way to BIND application, as it seems. In my opinion, SiteB is not part of the problem, as it answers normally to every other it receives from anywhere else than SiteA. If I try again SiteA-to-SiteB request, I can see with TCPDUMP that packets gets out of SiteA, and enters SiteB. But BIND doesn't react. Even if I try to enable debugging on SiteB, I don't see anything.
> 
> What could be wrong, and how do I solve it? What tools are available to help out? If I try to ask for recursive request (let's say www.google.com) from anywhere, pointing at SiteA, I get a proper answer.

What happens if you use 'dig +norec' in your tests? That is, use iterative queries. Does that change the behavior you see?

Chris Buxton
BlueCat Networks


More information about the bind-users mailing list