Error Resolving / EDNS

James Tingler James.Tingler at CONTR.NETL.DOE.GOV
Wed Sep 19 11:42:49 UTC 2012


After a BIND server (BIND 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4) rebuild and a thorough review of the ASA firewall configuration (to allow UDP 53 > 512), I continue to get resolution errors and/or extreme resolution delays caused by an unknown factor but as evidence by EDNS disabling for misc external destinations.
 
This symptom appears to occur under load as resolution issues appear to be less after a named restart but gradually gets worse.
 
I reverted to a previous configuration that had no problems so now that I've seemed to rule out both dns server and firewall configuration issues, beyond the circuit itself, I have no idea what is causing this issue.
 
E.g. 
 
Sep 17 15:32:01 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1017::1#53
Sep 17 15:32:08 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2001:502:f3ff::1#53
Sep 17 15:32:08 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1016::1#53
Sep 17 15:32:11 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1015::1#53
Sep 17 15:32:11 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2001:502:4612::1#53
Sep 17 15:32:11 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1014::1#53
Sep 17 15:32:14 PROD55-DNS2 named[27503]: success resolving 'www.amazon.com/A' (in 'www.amazon.com'?) after disabling EDNS
 
Other examples include CNN.com and nationalmap.gov.  My other sites do not have this issue so I'm beginning to believe it could be ISP issues but I have no idea what it could be.
 
Anything you can do to help would be greatly appreciated!  Thank you!
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120919/053b2c3d/attachment.html>


More information about the bind-users mailing list