Query CNAME failed

Wilfred Sarmiento wpsarmiento at globe.com.ph
Wed Jul 3 07:48:50 UTC 2019 

Hi Bind Users,

Currently drained my brain troubleshooting where could be the cause of my
issue on one of our Authoritative DNS server.
When querying a CNAME directly to the server, where a CNAME is pointed to
an external domain, results failed with timeout error and no server could
be reached.



*; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> book.cebupacificair.com
<http://book.cebupacificair.com> @dns1.globenet.com.ph
<http://dns1.globenet.com.ph>;; global options: +cmd;; connection timed
out; no servers could be reached*

Server logs produce 3 query log then show a query failed (timed out);




*client @0x7fd9ac0908d0 x.x.x.x#51579 (book.cebupacificair.com
<http://book.cebupacificair.com>): query: book.cebupacificair.com
<http://book.cebupacificair.com> IN A +E(0) (203.177.255.10)client
@0x7fd9a4484080 x.x.x.x#51579 (book.cebupacificair.com
<http://book.cebupacificair.com>): query: book.cebupacificair.com
<http://book.cebupacificair.com> IN A +E(0) (203.177.255.10)client
@0x7fd9a4481cb0 x.x.x.x#51579 (book.cebupacificair.com
<http://book.cebupacificair.com>): query: book.cebupacificair.com
<http://book.cebupacificair.com> IN A +E(0) (203.177.255.10)*
*client @0x7fd9ac0908d0 x.x.x.x#51579 (book.cebupacificair.com
<http://book.cebupacificair.com>): query failed (timed out) for
book.cebupacificair.com/IN/A <http://book.cebupacificair.com/IN/A> at
query.c:6786*

But when i send a query with *+norecurse* option, results is successful.






























*dig +norecurse book.cebupacificair.com <http://book.cebupacificair.com>
@dns1.globenet.com.ph <http://dns1.globenet.com.ph>; <<>> DiG
9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> +norecurse book.cebupacificair.com
<http://book.cebupacificair.com> @dns1.globenet.com.ph
<http://dns1.globenet.com.ph>;; global options: +cmd;; Got answer:;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19755;; flags: qr aa ra;
QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5;; OPT PSEUDOSECTION:;
EDNS: version: 0, flags:; udp: 4096;; QUESTION
SECTION:;book.cebupacificair.com <http://book.cebupacificair.com>.       IN
     A;; ANSWER SECTION:book.cebupacificair.com
<http://book.cebupacificair.com>. 1200   IN      CNAME
book.cebupacair.cust.lldns.net <http://book.cebupacair.cust.lldns.net>.;;
AUTHORITY SECTION:lldns.net <http://lldns.net>.              171335  IN
 NS      ns1.lldns.net <http://ns1.lldns.net>.lldns.net <http://lldns.net>.
             171335  IN      NS      ns2.lldns.net
<http://ns2.lldns.net>.;; ADDITIONAL SECTION:ns1.lldns.net
<http://ns1.lldns.net>.          149880  IN      A
208.111.184.11ns2.lldns.net <http://ns2.lldns.net>.          93416   IN
 A       208.111.184.12ns1.lldns.net <http://ns1.lldns.net>.          93416
  IN      AAAA    2607:f4e8:ac:1::11ns2.lldns.net <http://ns2.lldns.net>.
       93416   IN      AAAA    2607:f4e8:ac:1::12;; Query time: 1 msec;;
SERVER: 203.177.255.10#53(203.177.255.10);; WHEN: Wed Jul 03 03:36:21 EDT
2019;; MSG SIZE  rcvd: 229*

This is the named.conf options;















*options {        directory "/var/namedb";        version "Query Not
Allowed.";        allow-recursion { globenet; };        recursive-clients
1000000;        allow-query-cache { globenet; };        allow-query { any;
};        tcp-clients 5000;        blackhole { bogusnet; };        pid-file
"/var/local/bind/var/run/named.pid";        zone-statistics yes;
statistics-file "/var/namedb/named.stats";};*

Bind version is 9.14.2

The "globenet" group are the list of IPs we allowed for recursion. And this
issue happens only on the CNAME record with external domain.

Thank you in advance.

Regards,
*Wil Sarmiento*

-- 
This e-mail message (including attachments, if any) is intended for the use 
of the individual or the entity to whom it is addressed and may contain 
information that is privileged, proprietary, confidential and exempt from 
disclosure. If you are not the intended recipient, you are notified that 
any dissemination, distribution or copying of this communication is 
strictly prohibited. If you have received this communication in error, 
please notify the sender and delete this E-mail message immediately.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190703/fbafe7ab/attachment.html>

More information about the bind-users mailing list