Bind 9.11 serving up false answers for a single domain.

sami's strat sami.strat at gmail.com
Wed Feb 10 02:25:04 UTC 2021 

I'm running BIND 9.11 on a CentOS 7 VM/  BIND is giving me the wrong answer
for a single domain.  I've cleared cache, restarted BIND, restarted the
server, and ensured that I don't have the referenced domain anywhere in my
configuration hardcoded.

Please note the following query:


[root at myhost ~]# dig dor.state.ma.us mx



; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> dor.state.ma.us mx

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41519

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dor.state.ma.us.               IN      MX



;; Query time: 17 msec

;; SERVER: 192.168.33.12#53(192.168.33.12)

;; WHEN: Tue Feb 09 21:01:28 EST 2021

;; MSG SIZE  rcvd: 44



[root at myhost ~]# dig dor.state.ma.us mx +trace



; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> dor.state.ma.us mx +trace

;; global options: +cmd

.                       517726  IN      NS      d.root-servers.net.

.                       517726  IN      NS      i.root-servers.net.

.                       517726  IN      NS      l.root-servers.net.

.                       517726  IN      NS      g.root-servers.net.

.                       517726  IN      NS      h.root-servers.net.

.                       517726  IN      NS      e.root-servers.net.

.                       517726  IN      NS      b.root-servers.net.

.                       517726  IN      NS      a.root-servers.net.

.                       517726  IN      NS      j.root-servers.net.

.                       517726  IN      NS      m.root-servers.net.

.                       517726  IN      NS      c.root-servers.net.

.                       517726  IN      NS      f.root-servers.net.

.                       517726  IN      NS      k.root-servers.net.

.                       517726  IN      RRSIG   NS 8 0 518400
20210222230000 20210209220000 42351 .
QCzDH8eHlHVbx4SxIIwk8xnk6ky/q+zRh8KAUfI98lqHcIP4NLxzCe6f
mC2sNX1VcthEy6Lwnobm8OyJCRpNEHedYrS01aMhAVzUfM+/PJ9MWn0w
SkmXxyZMJZXF/kl4GDNX0x/GW3+DkeTeZI9+B540Yvj47qJv2bD9nIQG
NtE7bDze7bgMJkIuBlEzPfwp7YW5ud8qdC6HdUoEMqygwZcWAiQu8gpb
q21z8W5hcdci1OouDFytNWrXAvfSsuR635+GzSj+RZjYo+447uP7lKsK
N5aeVQ/BPh5jM32xVO+zwyp7v9Nky1vSP/BchMQ/3cqg3Ee7zobl8OQd CSd/SA==

;; Received 1097 bytes from 192.168.33.12#53(192.168.33.12) in 0 ms



us.                     172800  IN      NS      a.cctld.us.

us.                     172800  IN      NS      b.cctld.us.

us.                     172800  IN      NS      c.cctld.us.

us.                     172800  IN      NS      e.cctld.us.

us.                     172800  IN      NS      f.cctld.us.

us.                     172800  IN      NS      k.cctld.us.

us.                     86400   IN      DS      21364 8 1
260D0461242BCF8F05473A08B05ED01E6FA59B9C

us.                     86400   IN      DS      21364 8 2
B499CFA7B54D25FDE1E6FE93076FB013DAA664DA1F26585324740A1E 6EBDAB26

us.                     86400   IN      RRSIG   DS 8 1 86400 20210222230000
20210209220000 42351 .
rujvGB0s2bsqzBuzRliH6QK9vH84ETZV7gZMEhJyzMFofWhj9ZZaNWE/
VvdA9rC16IOEocvARv2rOqk7G3KTzdkHHZcwcZSQyVqsOIaIywGFuEgd
viSXF6+M5MocUgEMp5dtt6SBLHG+lE/FV/3HylKSHsxdO/F6PeWKgcBZ
D4lZQ6w5asmlbdKJKMhlWPp6UaxBE7ACaxndBQixoNqXQuPrXpXi1Fnj
ntFtTfn57hMyrdTojIJ8X7/HKjCrbm3CL/WJ+VZR051OGCdZVjpUaDXR
x7G9lDhu3K5clar9PGYyUJM7+RBKzrQJep7HrjL2nZdoTyfY4i33S+EZ sTlTOA==

;; Received 697 bytes from 199.9.14.201#53(b.root-servers.net) in 3 ms



state.ma.us.            7200    IN      NS      internet-dns1.state.ma.us.

state.ma.us.            7200    IN      NS      internet-dns3.state.ma.us.

state.ma.us.            7200    IN      NS      internet-dns2.state.ma.us.

state.ma.us.            3600    IN      DS      41388 7 1
36D899932AF794EADD671161515E48FE829BB7FE

state.ma.us.            3600    IN      DS      41388 7 2
BBAB433D3853571F42516E70659AF1F85FA4FBA0FDFCEAD4D092592A 00C78769

state.ma.us.            3600    IN      DS      47628 7 1
485E0EE2F7C08FCE51D1E284321242930274833A

state.ma.us.            3600    IN      DS      47628 7 2
5379F9F747214E5A63416775396BCFF98FA4867AE66E09BCBEBE0DCC 1682C369

state.ma.us.            3600    IN      RRSIG   DS 8 3 3600 20210307200856
20210205191212 53985 us.
O8KqBHzlZsDqrZi0NQO4JEiN0b8j04/Lb8W2uVz5PyrAat1VgZKQ3Ws6
6PNtbZDMv6YX6QA8fWFLxNmeJ1/4L3wLu8EKYXaThA9Zxll7mKFj1iPf
nqiVq5hOo8Ul3inmfM/tjCQ21IHc/v0JZygZNd/h0SxXWlQXi+W3G9LN
+4z/qxtl9dGD1ka54Ln3MAVxB1Tp4pt0ri4qPLmfGKf/HA==

couldn't get address for 'internet-dns1.state.ma.us': not found

couldn't get address for 'internet-dns3.state.ma.us': not found

couldn't get address for 'internet-dns2.state.ma.us': not found

dig: couldn't get address for 'internet-dns1.state.ma.us': no more


It fails on my production DNS system, yet if I run that query on
another host, it works fine, with no issues.

Any idea why BIND would do this?

TIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210209/90acc417/attachment-0001.htm>

More information about the bind-users mailing list