Dnia 2011-01-27 17:38 bangla desh napisał(a): > >Hello all, > >I am running Bind 9.7.1-p2 as recursive dns. I encountered this problem with >the domain hsbc.com.bd. When I dig hsbc.com.bd, it gives me a connection >timed out response. >
[cut] > >I digged further about the problem as to what causes it. I found out that if >I clear the cache and then dig first the ns record(s) of com.bd, before I >dig hsbc.com.bd, I will be able to replicate the problem. can't reproduce it here, works for me when I try stright hsbc.com.bd, or dig ns com.bd beforehand, or dig both ns bd and com.bd. > >What bothered me is what is in com.bd that blocks the response from >hsbc.com.bd? Please I need your inputs. One thing for sure. It has only one nameserver. This is plainly wrong, each domain should have at least 2 (and SLD like this one even more). does it work when you type dig ns hsbc.com.bd @ns.com.bd because that's what fails for me. And there's more: $ dig ns com.bd @dns.bd ; <<>> DiG 9.7.1 <<>> ns com.bd @dns.bd ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57519 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;com.bd. IN NS ;; ANSWER SECTION: com.bd. 86400 IN NS ns.com.bd. ;; ADDITIONAL SECTION: ns.com.bd. 86400 IN A 203.112.194.18 ;; Query time: 368 msec ;; SERVER: 209.58.24.3#53(209.58.24.3) ;; WHEN: Thu Jan 27 11:00:46 2011 ;; MSG SIZE rcvd: 57 $ dig ns hsbc.com.bd @dns.bd ; <<>> DiG 9.7.1 <<>> ns hsbc.com.bd @dns.bd ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2379 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;hsbc.com.bd. IN NS ;; AUTHORITY SECTION: hsbc.com.bd. 86400 IN NS ns11.hsbc.com.hk. hsbc.com.bd. 86400 IN NS ns13.hsbc.com.hk. hsbc.com.bd. 86400 IN NS ns1.hsbc.com.sg. ;; Query time: 368 msec ;; SERVER: 209.58.24.3#53(209.58.24.3) ;; WHEN: Thu Jan 27 11:01:07 2011 ;; MSG SIZE rcvd: 107 Which means that DNS server for .bd domain (at leas one of them) returns answer for ns for .com.bd (ok, it is a delegation probably), but also a (non-authorative) answer for hsbc.com.bd. This is a bit strange, it doesn't provide recursive queries, it has delegation for com.bd, but it's still willing to return deeper answers. Now, what happens when you have clear cache is that it asks dns.bd for reference and gets hsbc records. But if you have NS com.bd in your cache, bind probably assumes (and quite correclty) that it shoud ask com.bd nameservers, not the bd. ones. But com.bd ones don't provide an answer, so you have timeout. Looks like the com.bd zone is broken somewhat. either the delegation should be removed from bd, or the server needs fixing and adding another servers is necessary. Torinthiel _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
