nested CNAMEs resolution failures?

PGNet Dev pgnet.dev at gmail.com
Mon Jan 29 14:51:17 UTC 2018


On 1/29/18 6:03 AM, Tony Finch wrote:
> Use the script I posted the other day:
> https://lists.isc.org/pipermail/bind-users/2018-January/099481.html
> except amended like this

In a recent post, I bumped into a similar problem with ns[1234].irs.gov

The "no-cookie" solution fixes the problem.

Found your handy script, & added

 ns1.irs.gov.
 ns2.irs.gov.
 ns3.irs.gov.
 ns4.irs.gov.

On exec I notice in logs -- very frequently, but apparently NOT always -- timeouts

	Jan 29 03:38:55 ns003 named[17757]: 29-Jan-2018 03:38:55.313 client: error: query client=0x7f626c03d5a0 thread=0x7f62741b7700 (ns1.irs.gov/A): query_gotanswer: unexpected error: timed out
	Jan 29 03:39:05 ns003 named[17757]: 29-Jan-2018 03:39:05.313 client: error: query client=0x7f626400c5a0 thread=0x7f62741b7700 (ns1.irs.gov/A): query_gotanswer: unexpected error: timed out
	Jan 29 03:39:05 ns003 named[17757]: 29-Jan-2018 03:39:05.315 client: error: query client=0x7f6264042310 thread=0x7f62741b7700 (ns1.irs.gov/AAAA): query_gotanswer: unexpected error: timed out
	Jan 29 03:39:15 ns003 named[17757]: 29-Jan-2018 03:39:15.330 client: error: query client=0x7f626cae54c0 thread=0x7f62741b7700 (ns2.irs.gov/A): query_gotanswer: unexpected error: timed out
	Jan 29 03:39:25 ns003 named[17757]: 29-Jan-2018 03:39:25.332 client: error: query client=0x7f626400c5a0 thread=0x7f62741b7700 (ns2.irs.gov/AAAA): query_gotanswer: unexpected error: timed out
	Jan 29 03:39:35 ns003 named[17757]: 29-Jan-2018 03:39:35.347 client: error: query client=0x7f626c03d5a0 thread=0x7f62749b8700 (ns3.irs.gov/A): query_gotanswer: unexpected error: timed out
	Jan 29 03:39:45 ns003 named[17757]: 29-Jan-2018 03:39:45.348 client: error: query client=0x7f626c0bfc30 thread=0x7f62749b8700 (ns3.irs.gov/AAAA): query_gotanswer: unexpected error: timed out
	Jan 29 03:39:55 ns003 named[17757]: 29-Jan-2018 03:39:55.365 client: error: query client=0x7f626400c5a0 thread=0x7f62741b7700 (ns4.irs.gov/A): query_gotanswer: unexpected error: timed out
	Jan 29 03:40:05 ns003 named[17757]: 29-Jan-2018 03:40:05.365 client: error: query client=0x7f626c03d5a0 thread=0x7f62749b8700 (ns4.irs.gov/A): query_gotanswer: unexpected error: timed out
	Jan 29 03:40:05 ns003 named[17757]: 29-Jan-2018 03:40:05.366 client: error: query client=0x7f6264042310 thread=0x7f62749b8700 (ns4.irs.gov/AAAA): query_gotanswer: unexpected error: timed out

and

	cat ../includes/named.conf.noedns
		server 157.83.102.245 { send-cookie no; }; # ns21.barclays.com.
		server 157.83.102.246 { send-cookie no; }; # ns22.barclays.net.
		server 157.83.126.245 { send-cookie no; }; # ns23.barclays.com.
		server 157.83.126.246 { send-cookie no; }; # ns24.barclays.net.
		server 63.150.72.5 { send-cookie no; }; # sauthns1.qwest.net.
		server 2001:428::7 { send-cookie no; }; # sauthns1.qwest.net.
		server 208.44.130.121 { send-cookie no; }; # sauthns2.qwest.net.
		server 2001:428::8 { send-cookie no; }; # sauthns2.qwest.net.

exec the same script ~30 seconds later, NO timeout errors in logs, and

	cat ../includes/named.conf.noedns
		server 152.216.7.164 { send-cookie no; }; # ns1.irs.gov.
		server 2610:30:4000:53::90 { send-cookie no; }; # ns1.irs.gov.
		server 157.83.102.245 { send-cookie no; }; # ns21.barclays.com.
		server 157.83.102.246 { send-cookie no; }; # ns22.barclays.net.
		server 157.83.126.245 { send-cookie no; }; # ns23.barclays.com.
		server 157.83.126.246 { send-cookie no; }; # ns24.barclays.net.
		server 152.216.7.165 { send-cookie no; }; # ns2.irs.gov.
		server 2610:30:4000:53::91 { send-cookie no; }; # ns2.irs.gov.
		server 152.216.11.132 { send-cookie no; }; # ns3.irs.gov.
		server 2610:30:2000:53::90 { send-cookie no; }; # ns3.irs.gov.
		server 152.216.11.133 { send-cookie no; }; # ns4.irs.gov.
		server 2610:30:2000:53::91 { send-cookie no; }; # ns4.irs.gov.
		server 63.150.72.5 { send-cookie no; }; # sauthns1.qwest.net.
		server 2001:428::7 { send-cookie no; }; # sauthns1.qwest.net.
		server 208.44.130.121 { send-cookie no; }; # sauthns2.qwest.net.
		server 2001:428::8 { send-cookie no; }; # sauthns2.qwest.net.

Can these response timeouts be accommodated directly in the script?  Or only by, perhaps, increasing the global query timeouts from default 10 sec?


More information about the bind-users mailing list