NOAA.GOV domain not working

Levesque, Ricky (SNB) ricky.levesque at
Mon Sep 18 12:03:38 UTC 2017

Good day,
I've been having an interesting issue with BIND and wondering if anyone has had this before or knows how to fix it.

The issue is,
I have 2 recursive/caching DNS servers running BIND 9.9.4-RedHat-9.9.4-51.el7, which are slow to query for this particular domain. (as well as its sub domains. Specifically -<> )
By slow I mean, it takes approximately 3500ms to query while most other domains take less than 100ms to query.
What's worst, the domains ( becomes unqueriable after a few hours or a day and I need to clear the DNS servers cache to allow it to work again.

The domains have very very low TTL's (30s) and use DNSsec

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52364
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 3, ADDITIONAL: 7

; EDNS: version: 0, flags:; udp: 4096
;              IN      A

Fixes I have attempted so far:
Reboot servers (2 centos servers running on vmware)
Update system
Try a default config file
Updated vmware tools
Clear DNS cache (temporary fix)
Checked firewall for abnormal data
Updated root hints


acl internal {

options {
        listen-on port 53 { *removed*;
        listen-on-v6 port 53 { none;
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;

// Conform to RFC1035
    auth-nxdomain no;

// Allowed Port Ranges
    use-v4-udp-ports { range 32768 65535; };
    use-v6-udp-ports { range 32768 65535; };
    recursive-clients 15000;
    server-id none;
    version none;
    interface-interval 0;
    allow-query { internal;
      allow-recursion { internal;
     max-ncache-ttl 3600;
     allow-query-cache { internal;

logging {
        channel default_debug {
                  syslog local4;
                  severity debug;

zone "." IN {
        type hint;
        file "";

include "/etc/named.rfc1912.zones";
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list