NOAA.GOV domain not working

John Miller johnmill at brandeis.edu
Mon Sep 18 14:03:25 UTC 2017


Hi Ricky,

Try running a "dig +trace www.nhc.noaa.gov," then query each record in
the chain and see which one's slow to respond.  I don't see anything
crazy in your named.conf.  Something you didn't mention: does clearing
cache make a difference?

John
-- 
John Miller
Systems Engineer
Brandeis University
johnmill at brandeis.edu


On Mon, Sep 18, 2017 at 8:03 AM, Levesque, Ricky (SNB)
<ricky.levesque at snb.ca> wrote:
> Good day,
>
> I’ve been having an interesting issue with BIND and wondering if anyone has
> had this before or knows how to fix it.
>
>
>
> The issue is,
>
> I have 2 recursive/caching DNS servers running BIND
> 9.9.4-RedHat-9.9.4-51.el7, which are slow to query for this particular
> domain.
>
> Noaa.gov (as well as its sub domains. Specifically – www.nhc.noaa.gov )
>
> By slow I mean, it takes approximately 3500ms to query while most other
> domains take less than 100ms to query.
>
> What’s worst, the domains (noaa.gov) becomes unqueriable after a few hours
> or a day and I need to clear the DNS servers cache to allow it to work
> again.
>
>
>
> The domains have very very low TTL’s (30s) and use DNSsec
>
>
>
> Error:
>
> ##dig www.nhc.noaa.gov
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52364
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 3, ADDITIONAL: 7
>
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 4096
>
> ;; QUESTION SECTION:
>
> ;www.nhc.noaa.gov.              IN      A
>
>
>
>
>
> Fixes I have attempted so far:
>
> Reboot servers (2 centos servers running on vmware)
>
> Update system
>
> Try a default config file
>
> Updated vmware tools
>
> Clear DNS cache (temporary fix)
>
> Checked firewall for abnormal data
>
> Updated root hints
>
>
>
> Config:
>
>
>
> acl internal {
>
>         *removed*;
>
>        localhost;
>
>         };
>
>
>
> options {
>
>         listen-on port 53 { *removed*;
>
>                             127.0.0.1;
>
> ;
>
>                            };
>
>         listen-on-v6 port 53 { none;
>
>                                #::1;
>
>                               };
>
>         directory       "/var/named";
>
>         dump-file       "/var/named/data/cache_dump.db";
>
>         statistics-file "/var/named/data/named_stats.txt";
>
>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>
>
>
>         dnssec-enable no;
>
>         dnssec-validation no;
>
>         dnssec-lookaside auto;
>
>
>
> // Conform to RFC1035
>
>     auth-nxdomain no;
>
>
>
> // Allowed Port Ranges
>
>     use-v4-udp-ports { range 32768 65535; };
>
>     use-v6-udp-ports { range 32768 65535; };
>
>     recursive-clients 15000;
>
>     server-id none;
>
>     version none;
>
>     interface-interval 0;
>
>     allow-query { internal;
>
>                   };
>
>       allow-recursion { internal;
>
>                       };
>
>      max-ncache-ttl 3600;
>
>      allow-query-cache { internal;
>
>                         };
>
>         };
>
>
>
> logging {
>
>         channel default_debug {
>
>                   syslog local4;
>
>                   severity debug;
>
>         };
>
> };
>


More information about the bind-users mailing list