Problem with a certain domain

Thomas Barth tbarth at txbweb.de
Tue Jun 4 17:17:31 UTC 2024 

Hello!

Am 2024-06-04 15:28, schrieb Greg Choules:
> Hi Thomas.
> Firstly, I doubt you actually need to kill and restart `named`.
> Flushing the cache would probably work, either all of it or just
> selected names.
> 
> Secondly, take a packet capture of this happening and analyse what
> BIND is really doing, in Wireshark.
> - If it shows up that certain NS are causing the problem you can avoid
> them, in config.
> - If it's a DNSSEC issue, you can get around that on a per-domain
> basis, if needed.
> - If it turns out that qname minimization is the issue, you can play
> with settings for that, too.
> 
> In short, there are plenty of tools in the kit bag. But understand
> what the problem is first and to do that, gather data (pcaps and logs)
> that can be used to paint a picture of what's really happening.
> 
> Cheers, Greg

The newsletter is only sent out once a day, so I would have to wait 
until tomorrow. I'll record it then. I have already experimented with 
tshark and recorded port 53. What I noticed as a network layman is that 
a certain response takes much longer on server 1 with the problems than 
on server 2.

It's the message:
No such name NS _domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA 
ns1.epi.es

Here is a part of the recording of server 1 with the problem, almost a 
delay of 2 seconds!
(tshark -w dns-mx1-l5.pcap -i eth0 -f "src port 53")

[...]
6 18:35:38,719369034	216.239.32.106	213.136.83.xxx	DNS	141	Standard 
query response 0x69ac A ns3.prensaiberica.net A 34.175.122.60 OPT
7 18:35:40,333128992	34.175.122.60	213.136.83.xxx	DNS	162	Standard query 
response 0xf393 No such name NS 
_domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
8 18:35:40,370838540	194.69.254.1	213.136.83.xxx	DNS	1219	Standard query 
response 0xaadc DS mallorcazeitung.es NSEC3 RRSIG SOA ns1.nic.es RRSIG 
NSEC3 RRSIG OPT
9 18:35:40,402465454	34.175.171.102	213.136.83.xxx	DNS	165	Standard 
query response 0x7bfa A 
s1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es


Here is the part of the recording of server 2
(tshark -w dns-mx2-l5.pcap -i eth0 -f "src port 53")

5 18:32:03,019743724	213.4.119.2	167.86.126.xxx	DNS	139	Standard query 
response 0x36bf A ns4.prensaiberica.net A 34.175.171.102 NS ns1.epi.es 
NS ns2.epi.es
6 18:32:03,052680383	194.69.254.1	167.86.126.xxx	DNS	1219	Standard query 
response 0x5643 DS mallorcazeitung.es NSEC3 RRSIG SOA ns1.nic.es RRSIG 
NSEC3 RRSIG OPT
7 18:32:03,087003657	34.175.122.60	167.86.126.xxx	DNS	162	Standard query 
response 0x3d78 No such name NS 
_domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
8 18:32:03,120746561	34.175.171.102	167.86.126.xxx	DNS	165	Standard 
query response 0x3a41 A 
s1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es


I therefore suspect that the delay will be even greater tomorrow again 
when the newsletter arrives, so that the "communication error" will 
occur again.

More information about the bind-users mailing list