Problem with a certain domain
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Jun 6 16:35:50 UTC 2024
>Am 2024-06-04 15:28, schrieb Greg Choules:
>>Firstly, I doubt you actually need to kill and restart `named`.
>>Flushing the cache would probably work, either all of it or just
>>selected names.
>>
>>Secondly, take a packet capture of this happening and analyse what
>>BIND is really doing, in Wireshark.
>>- If it shows up that certain NS are causing the problem you can avoid
>>them, in config.
>>- If it's a DNSSEC issue, you can get around that on a per-domain
>>basis, if needed.
>>- If it turns out that qname minimization is the issue, you can play
>>with settings for that, too.
>>
>>In short, there are plenty of tools in the kit bag. But understand
>>what the problem is first and to do that, gather data (pcaps and logs)
>>that can be used to paint a picture of what's really happening.
On 04.06.24 19:17, Thomas Barth via bind-users wrote:
>The newsletter is only sent out once a day, so I would have to wait
>until tomorrow. I'll record it then. I have already experimented with
>tshark and recorded port 53. What I noticed as a network layman is
>that a certain response takes much longer on server 1 with the
>problems than on server 2.
if the problem happens again, you can call 'rndc dumpdb' to dump named's
cache and see all records your named remembers about mallorcazeitung.es and
epi.es
perhaps they can help to explain why named can't resolve anything.
>It's the message:
>No such name NS _domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA
>ns1.epi.es
>
>Here is a part of the recording of server 1 with the problem, almost a
>delay of 2 seconds!
>(tshark -w dns-mx1-l5.pcap -i eth0 -f "src port 53")
>
>[...]
>6 18:35:38,719369034 216.239.32.106 213.136.83.xxx DNS 141 Standard
>query response 0x69ac A ns3.prensaiberica.net A 34.175.122.60 OPT
>7 18:35:40,333128992 34.175.122.60 213.136.83.xxx DNS 162 Standard
>query response 0xf393 No such name NS
>_domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
>8 18:35:40,370838540 194.69.254.1 213.136.83.xxx DNS 1219 Standard
>query response 0xaadc DS mallorcazeitung.es NSEC3 RRSIG SOA ns1.nic.es
>RRSIG NSEC3 RRSIG OPT
>9 18:35:40,402465454 34.175.171.102 213.136.83.xxx DNS 165 Standard
>query response 0x7bfa A
>s1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
>
>
>Here is the part of the recording of server 2
>(tshark -w dns-mx2-l5.pcap -i eth0 -f "src port 53")
>
>5 18:32:03,019743724 213.4.119.2 167.86.126.xxx DNS 139 Standard query
>response 0x36bf A ns4.prensaiberica.net A 34.175.171.102 NS ns1.epi.es
>NS ns2.epi.es
>6 18:32:03,052680383 194.69.254.1 167.86.126.xxx DNS 1219 Standard
>query response 0x5643 DS mallorcazeitung.es NSEC3 RRSIG SOA ns1.nic.es
>RRSIG NSEC3 RRSIG OPT
>7 18:32:03,087003657 34.175.122.60 167.86.126.xxx DNS 162 Standard
>query response 0x3d78 No such name NS
>_domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
>8 18:32:03,120746561 34.175.171.102 167.86.126.xxx DNS 165 Standard
>query response 0x3a41 A
>s1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
>
>
>I therefore suspect that the delay will be even greater tomorrow again
>when the newsletter arrives, so that the "communication error" will
>occur again.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
More information about the bind-users
mailing list