okay, just got the answer -- problem with the firewall. our firewall was doing a stateful inspection of dns packets, and botching it somehow. (i didn't hear the details.) the inspection was turned off, and now, the problem i talked about here AND another problem i was having both got fixed.
lucky me. (FWIW i did try this w/ a somewhat later version of bind on solaris, didn't help.) thanks for trying to help. j. ----- Forwarded message from Gregory Hicks <ghi...@hicks-net.net> ----- Date: Tue, 25 May 2010 13:10:10 -0700 (PDT) From: Gregory Hicks <ghi...@hicks-net.net> To: g...@arlut.utexas.edu Cc: ghi...@hicks-net.net Subject: Re: noob; looks like a caching issue? X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.5.7 SunOS 5.9 sun4u sparc > Date: Tue, 25 May 2010 14:45:37 -0500 > From: "Jay G. Scott" <g...@arlut.utexas.edu> > To: bind-users@lists.isc.org > Subject: noob; looks like a caching issue? > > > my setup: > linux/redhat name servers > bind-9.3.6-4.P1.el5_4.2 Jay: I'd advise upgrading to a later version of bind and dig if you can. I've got BIND 9.6.1-P1 w/dig 9.6.1-P1 running. The query dig weather.gov worked for me the first time. (IOW, no errors...) As for your query as to WHY your first query failed but, when followed by another query, that second query succeeded, it could be that the response back to BIND took longer than BIND expected so BIND issued the SERVFAIL to you. However, in the background, the expected response WAS received and cached. Then when you queried again, BIND provided the cached response. Regards, Gregory Hicks > > > beginning yesterday i'm seeing something i haven't seen before. > if i do this (for example): > # dig weather.gov +short > ;; connection timed out; no servers could be reached > and then immediately do this: > # dig weather.gov +short > 140.90.113.200 > > the first line takes a while to fail. i do an up arrow and return, > and the second command responds instantly. > > > MOST THINGS ARE WORKING FINE. i've only found two addresses > w/ this fail-then-work problem. the other is > rs.dns-oarc.net > i'm being told this is a problem with their name servers; > in the specific case of dns-oarc.net i find that > particularly hard to believe. once it works it will continue > to work if i keep doing the command rapidly. if i let it > sit for a while, then i can get the failure again. that's > probably my cache doing the right thing. what i can't figure > out is this fail-then-work behavior. oh, i've checked the > logs. there's zillions of messages about notifies and > transfers. once i clean those out, i don't see anything > interesting at all. > > > > now i'm also getting this: > (the first response doesn't have answers, the second does. > but i'm NOT getting "no servers....") > # dig weather.gov > > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> weather.gov > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35953 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;weather.gov. IN A > > ;; Query time: 834 msec > ;; SERVER: 146.6.211.1#53(146.6.211.1) > ;; WHEN: Tue May 25 14:28:03 2010 > ;; MSG SIZE rcvd: 29 > > > # dig weather.gov > > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> weather.gov > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18861 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 > > ;; QUESTION SECTION: > ;weather.gov. IN A > > ;; ANSWER SECTION: > weather.gov. 490 IN A 140.90.113.200 > > ;; AUTHORITY SECTION: > weather.gov. 33577 IN NS ns-mw.noaa.gov. > weather.gov. 33577 IN NS ns-nw.noaa.gov. > weather.gov. 33577 IN NS ns-e.noaa.gov. > > ;; ADDITIONAL SECTION: > ns-e.noaa.gov. 74082 IN A 140.90.33.237 > ns-nw.noaa.gov. 74082 IN A 161.55.32.2 > ns-mw.noaa.gov. 74082 IN A 140.172.17.237 > > ;; Query time: 7 msec > ;; SERVER: 216.136.95.2#53(216.136.95.2) > ;; WHEN: Tue May 25 14:28:17 2010 > ;; MSG SIZE rcvd: 157 > > i'm relatively new at named/bind. can someone shed some light > on this? > > j. > > -- > Jay Scott 512-835-3553 g...@arlut.utexas.edu > Head of Sun Support, Sr. Operating Systems Specialist > Applied Research Labs, Computer Science Div. S224 > University of Texas at Austin > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users --------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer | Direct: 408.569.7928 People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf -- George Orwell The price of freedom is eternal vigilance. -- Thomas Jefferson "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton ----- End forwarded message ----- -- Jay Scott 512-835-3553 g...@arlut.utexas.edu Head of Sun Support, Sr. Operating Systems Specialist Applied Research Labs, Computer Science Div. S224 University of Texas at Austin _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users