Query fails several times in a row then is successful

Mark Andrews marka at isc.org
Tue Nov 26 00:14:34 UTC 2024 

You are running into query limits (max-recursion-queries).  Named prefers IPv6 when both
IPv4 and IPv6 servers are available (see v6-bias) but you don’t have a working IPv6 link
to the rest of the world and those query attempts each uses one of the available queries.

Some ISP’s seem to think that it is still "reasonable" to not provide IPv6 on links by default
20+ years into the deployment of IPv6 despite most/all your equipment supporting IPv6 and
attempting to use it all the time.  Additionally most sites are IPv6 capable this includes
nameservers.  Everything people do on the Internet is happening slower if you use one of
these ISPs because all the equipment is designed to prefer IPv6 so people can determine when
it is safe to turn off IPv4.

Setting v6-bias to 0 will help some as will increasing max-recursion-queries to account for
those failed DNS lookups over IPv6. 'named -4' will also work but you won’t have any IPv6
recursive DNS servers nor be able to reach internal IPv6 servers.  The best thing would be
to get your ISP to turn on IPv6 so that everything you have works faster as it doesn’t have
to try IPv6 then fall back to IPv6.  They have sat on their hands for 20 years while everyone
else has enabled IPv6 on their equipment.

Mark

> On 26 Nov 2024, at 10:24, The Gorf <thegorf+bind9users at gmail.com> wrote:
> 
> On a 9.20 server that is a resolver only, I have a mystery.  This is running out of the official docker. I have a fleet of these and there is nothing special about them. But I have a trouble child that provides no explanation as to why it fails a query every now and then when none of the other instances do. First I discover that a domain is failing, and I check it manually:
> 
> $ host americanautowire.com 192.168.8.12
> Using domain server:
> Name: 192.168.8.12
> Address: 192.168.8.12#53
> Aliases:
> 
> Host americanautowire.com not found: 2(SERVFAIL)
> 
> Yes, that is indeed failing. So this problem child has been running with the following log configuration:
> 
> ########### named.conf:
> http local {
>         endpoints { "/dns-query"; };
> };
> 
> options {
>         directory "/var/cache/bind";
> 
> listen-on { any; };
>         listen-on-v6 { any; };
>         listen-on tls ephemeral { any; };
>         listen-on-v6 tls ephemeral { any; };
>         listen-on tls ephemeral http local { any; };
>         listen-on-v6 tls ephemeral http local { any; };
> };
> 
> logging {
>         channel default_file {
>                 file "/var/log/bind/bind.log" size 10m;
>                 severity debug;
>                 print-time yes;
>                 print-severity yes;
>                 print-category yes;
>         };
>         category default{ default_file; };
> };
> ########### named.conf:
> 
> and the log it produces for the query is simply this:
> 
> 25-Nov-2024 23:01:56.703 resolver: debug 1: fetch: americanautowire.com/A
> 25-Nov-2024 23:01:56.703 resolver: debug 1: fetch: com/NS
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:500:2d::d#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:500:2::c#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2801:1b8:10::b#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:500:a8::e#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:500:2f::f#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:dc3::35#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:7fd::1#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:500:9f::42#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:503:ba3e::2:30#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:7fe::53#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:503:c27::2:30#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:500:12::d0d#53
> 25-Nov-2024 23:01:56.703 lame-servers: info: network unreachable resolving 'com/NS/IN': 2001:500:1::53#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:503:a83e::2:30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:502:8cc::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:502:1ca1::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:502:7094::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:503:d2d::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:503:eea3::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:503:231d::2:30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:500:856e::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:501:b1f9::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:503:39c1::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:503:d414::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:503:83eb::30#53
> 25-Nov-2024 23:01:56.731 lame-servers: info: network unreachable resolving 'americanautowire.com/A/IN': 2001:500:d937::30#53
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: ns1.g02.cfdns.net/A
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: ns1.g02.cfdns.net/AAAA
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: ns2.g02.cfdns.biz/A
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: ns2.g02.cfdns.biz/AAAA
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: ns3.g02.cfdns.info/A
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: ns3.g02.cfdns.info/AAAA
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: ns4.g02.cfdns.co.uk/A
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: ns4.g02.cfdns.co.uk/AAAA
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: net/NS
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: net/NS
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: biz/NS
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: biz/NS
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: info/NS
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: info/NS
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: uk/NS
> 25-Nov-2024 23:01:56.815 resolver: debug 1: fetch: uk/NS
> 25-Nov-2024 23:01:56.815 lame-servers: info: network unreachable resolving 'net/NS/IN': 2001:503:ba3e::2:30#53
> 25-Nov-2024 23:01:56.815 lame-servers: info: network unreachable resolving 'biz/NS/IN': 2001:503:ba3e::2:30#53
> 25-Nov-2024 23:01:56.815 lame-servers: info: network unreachable resolving 'info/NS/IN': 2001:503:ba3e::2:30#53
> 25-Nov-2024 23:01:56.815 query-errors: debug 1: client @0x7fb2d06ea000 172.21.0.10#51271 (americanautowire.com): query failed (failure) for americanautowire.com/IN/A at query.c:7814
> 
> We can ignore all the IPv6 stuff. But what I don't see is anything that explains the failure.  Even more oddly is that if I just make the query several times in a row, it eventually works just fine. 
> 
> Is there anything I can do to produce any more messaging in the logs other than debug? Or has anyone seen anything like this before?  
> 
> Thank you
> -G
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list