
Still with problems. That setup was running fine for few years.
Bind Server is on DMZ and doing NAT for the local net. Test Server is
behing NAT

Must have another problem

I try this days a lot of things and nothing works, think in try reinstall
but i preferred to know what happened and solve it

I increase logging and give some additional data but i not understand if is

lots of :

adb reached high water mark

network unreachable resolving 'play.google.com/A/IN':
timed out resolving 'google.com/A/IN':
(first unreacheable then timeout)

08-Jan-2022 00:14:21.588 expire_v4 set to MIN(2147483647,1641597271)
08-Jan-2022 00:14:21.588 dns_adb_createfind: found A for name
m.root-servers.net (0x7f901a5e53a0) in db
08-Jan-2022 00:14:21.644 delete_node(): 0x7f901a73b450
static-assets-prod.s3.amazonaws.com (bucket 17)
08-Jan-2022 00:14:21.648 dns_adb_destroyfind on find 0x7f901a5eb110
08-Jan-2022 00:14:21.648 dns_adb_destroyfind on find 0x7f901a5eef10

08-Jan-2022 00:23:40.915 dispatch 0x7f901435e1f0 response 0x7f901a355ca8 attached to task 0x7f901a81f5f8
08-Jan-2022 00:23:41.023 dispatch 0x7f901435e1f0 response 0x7f901a355ca8 detaching from task 0x7f901a81f5f8
08-Jan-2022 00:23:41.023 dispatch 0x7f901435e1f0: detach: refcount 2
08-Jan-2022 00:23:41.039 dispatchmgr 0x7f901e3451c8: destroy_mgr_ok:
shuttingdown=1, listnonempty=1, depool=7, rpool=0, dpool=7
08-Jan-2022 00:23:41.039 dispatch 0x7f901435caf0: shutting down; detaching
from sock (nil), task 0x7f901a626880

08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
attempting insecurity proof
08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
checking existence of DS at 'net'
08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
checking existence of DS at 'whatsapp.net'
08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A:
marking as answer (proveunsecure (4))
08-Jan-2022 00:22:31.479 view internal: validator @0x7f9004034a70:

success/success [domain:ifconfig.me
timed out resolving 'android.l.google.com/A/IN':
broken trust chain resolving '_.clients6.google.com/A/IN':

And the tiemout error:
timed out/success [domain:google.com


ps: sorry list for wrong subject

On Wed, Jan 12, 2022 at 1:15 PM Tony Finch <d...@dotat.at> wrote:

> Diego Garcia <diegar...@gmail.com> wrote:
> >
> > Each 20/30 minutes and lasting about 5 minutes i got 'timeout' in bind
> > querys. After that time everything works fine again.
> >
> > My bind server got response (from 0.1 to 2 seconds) but reply with a ICMP
> > 'port unreachable'.
> >
> > Any idea the problem or what i can check?
> >
> > Firewall is off while testing.
> >
> > My bind server is a NAT router.
> It sounds like the NAT is interfering with BIND's resolver. In general,
> NAT (as well as stateful firewalls) do not work well with the DNS, because
> UDP port randomization uses a lot of (mostly useless) connection-tracking
> state. So it's best to put a full service resolver outside a NAT if
> possible.
> In your case, I guess there are several possible IP addresses that BIND
> can use as the query source address. Try setting the query-source option
> in named.conf to an IP address that's outside the NAT. You will need to
> use tcpdump to verify that the right packets with the right addresses are
> appearing on the wire.
> Tony.
> --
> f.anthony.n.finch  <d...@dotat.at>  https://dotat.at/
> Portland, Plymouth: Northeast, veering east or southeast, 3 or 4.
> Slight or moderate, occasionally rough at first in Plymouth. Fog
> patches at first in south. Moderate or good, occasionally very poor at
> first in south.
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list

Reply via email to