Hello Everyone<br><br>I have a problem with Bind 9.3.6-P1 (included in Solaris 10) but honestly I don't even understand if it is wrong Bind behaviour or my ignorance. It does apply only to some specific cases when external domain delegation is also somewhat broken. My server is caching only. Let me show it by the example:<br>
<br>Host "<a href="http://www.goleszow.pl">www.goleszow.pl</a>" has bad NS delegation on country root servers level <br>
because <a href="http://virtual.sincom.pl">virtual.sincom.pl</a> is not resolvable:<br><br><a href="http://goleszow.pl">goleszow.pl</a>. 86400 IN NS <a href="http://virtual.sincom.pl">virtual.sincom.pl</a>.<br>
<a href="http://goleszow.pl">goleszow.pl</a>. 86400 IN NS <a href="http://virtual.jasnet.pl">virtual.jasnet.pl</a>.<br>;; Received 91 bytes from 149.156.1.6#53(G-DNS.pl) in 19 ms<br><br>When dns client asks my server for A record of "<a href="http://www.goleszow.pl">www.goleszow.pl</a>" - everything is fine. But when first query (after cache is flushed) asks for AAAA record - my server seems to cache negative answer and all subsequent queries for A record also fails. My server is recursive and I've many IPv6 clients on the network.<br>
I checked what is going on when server receives first query for AAAA:<br><br> 1 0.000000 192.168.1.71 -> 192.33.4.12 DNS Standard query TXT _nfsv4idmapdomain<br> 2 0.002775 192.168.1.71 -> 192.33.4.12 DNS Standard query NS <Root><br>
3 0.028379 192.33.4.12 -> 192.168.1.71 DNS Standard query response, No such name<br> 4 0.033050 192.33.4.12 -> 192.168.1.71 DNS Standard query response NS <a href="http://G.ROOT-SERVERS.NET">G.ROOT-SERVERS.NET</a> NS <a href="http://A.ROOT-SERVERS.NET">A.ROOT-SERVERS.NET</a> NS <a href="http://D.ROOT-SERVERS.NET">D.ROOT-SERVERS.NET</a> NS <a href="http://F.ROOT-SERVERS.NET">F.ROOT-SERVERS.NET</a> NS <a href="http://C.ROOT-SERVERS.NET">C.ROOT-SERVERS.NET</a> NS <a href="http://E.ROOT-SERVERS.NET">E.ROOT-SERVERS.NET</a> NS <a href="http://L.ROOT-SERVERS.NET">L.ROOT-SERVERS.NET</a> NS <a href="http://B.ROOT-SERVERS.NET">B.ROOT-SERVERS.NET</a> NS <a href="http://H.ROOT-SERVERS.NET">H.ROOT-SERVERS.NET</a> NS <a href="http://K.ROOT-SERVERS.NET">K.ROOT-SERVERS.NET</a> NS <a href="http://I.ROOT-SERVERS.NET">I.ROOT-SERVERS.NET</a> NS <a href="http://J.ROOT-SERVERS.NET">J.ROOT-SERVERS.NET</a> NS <a href="http://M.ROOT-SERVERS.NET">M.ROOT-SERVERS.NET</a><br>
5 2.801810 192.168.1.71 -> 192.228.79.201 DNS Standard query AAAA <a href="http://goleszow.pl">goleszow.pl</a><br> 6 2.982864 192.228.79.201 -> 192.168.1.71 DNS Standard query response<br> 7 2.989858 192.168.1.71 -> 195.47.235.226 DNS Standard query AAAA <a href="http://goleszow.pl">goleszow.pl</a><br>
8 3.009941 195.47.235.226 -> 192.168.1.71 DNS Standard query response<br> 9 3.015835 192.168.1.71 -> 195.80.237.162 DNS Standard query A <a href="http://virtual.jasnet.pl">virtual.jasnet.pl</a><br> 10 3.018273 192.168.1.71 -> 195.80.237.162 DNS Standard query AAAA <a href="http://virtual.jasnet.pl">virtual.jasnet.pl</a><br>
11 3.019792 195.80.237.162 -> 192.168.1.71 DNS Standard query response<br> 12 3.021021 192.168.1.71 -> 195.80.237.162 DNS Standard query A <a href="http://virtual.sincom.pl">virtual.sincom.pl</a><br> 13 3.022049 195.80.237.162 -> 192.168.1.71 DNS Standard query response<br>
14 3.023746 192.168.1.71 -> 195.80.237.162 DNS Standard query AAAA <a href="http://virtual.sincom.pl">virtual.sincom.pl</a><br> 15 3.024858 195.80.237.162 -> 192.168.1.71 DNS Standard query response<br> 16 3.027626 195.80.237.162 -> 192.168.1.71 DNS Standard query response<br>
17 3.028502 192.168.1.71 -> 62.146.113.3 DNS Standard query A <a href="http://virtual.jasnet.pl">virtual.jasnet.pl</a><br> 18 3.031538 192.168.1.71 -> 62.146.113.3 DNS Standard query AAAA <a href="http://virtual.jasnet.pl">virtual.jasnet.pl</a><br>
19 3.035423 192.168.1.71 -> 62.146.113.3 DNS Standard query A <a href="http://virtual.sincom.pl">virtual.sincom.pl</a><br> 20 3.038242 192.168.1.71 -> 62.146.113.3 DNS Standard query AAAA <a href="http://virtual.sincom.pl">virtual.sincom.pl</a><br>
21 3.057608 62.146.113.3 -> 192.168.1.71 DNS Standard query response A 85.202.208.254<br> 22 3.061034 192.168.1.71 -> 85.202.208.254 DNS Standard query AAAA <a href="http://goleszow.pl">goleszow.pl</a><br> 23 3.062109 62.146.113.3 -> 192.168.1.71 DNS Standard query response CNAME <a href="http://jasnet.pl">jasnet.pl</a><br>
24 3.065739 62.146.113.3 -> 192.168.1.71 DNS Standard query response, No such name<br> 25 3.066057 62.146.113.3 -> 192.168.1.71 DNS Standard query response, No such name<br> 26 3.080053 85.202.208.254 -> 192.168.1.71 DNS Standard query response<br>
<br>At the end <a href="http://jasnet.pl">jasnet.pl</a> ( 85.202.208.254 - authoritative NS for <a href="http://goleszow.pl">goleszow.pl</a>) answer with empty reply (no error) which is - in my opinion - is correct.<br><br>
Then when any client asks my server for A record for <a href="http://www.goleszow.pl">www.goleszow.pl</a> it gets NXDOMAIN. My server doesn't even contact external network - so I suppose the answer comes from cache. <br>
<br>I don't really know why Bind refuses subsequent queries for A of <a href="http://www.goleszow.pl">www.goleszow.pl</a>?<br><br>This is what I found in the Bind cache:<br># rndc dumpdb -all
<br># cat /var/named/log/named_dump.db | grep virt
<br><a href="http://goleszow.pl">goleszow.pl</a>. 85994 NS <a href="http://virtual.jasnet.pl">virtual.jasnet.pl</a>.
<br> 85994 NS <a href="http://virtual.sincom.pl">virtual.sincom.pl</a>.
<br><a href="http://virtual.jasnet.pl">virtual.jasnet.pl</a>. 3194 A 85.202.208.254
<br><a href="http://virtual.sincom.pl">virtual.sincom.pl</a>. 3194 \-ANY ;-$NXDOMAIN
<br>; <a href="http://virtual.jasnet.pl">virtual.jasnet.pl</a> alias <a href="http://jasnet.pl">jasnet.pl</a> [v4 TTL 3194] [target TTL 3194] [v4 success]
[v6 unexpected]
<br>; <a href="http://virtual.sincom.pl">virtual.sincom.pl</a> [v4 TTL 3194] [v6 TTL 3194] [v4 nxdomain] [v6 nxdomain]
<br><br>Which for me doesn't explain this behaviour. Please advice.<br><br>Regards<br><br>Michal<br>