After a BIND server (BIND 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4) rebuild and a thorough review of the ASA firewall configuration (to allow UDP 53 > 512), I continue to get resolution errors and/or extreme resolution delays caused by an unknown factor but as evidence by EDNS disabling for misc external destinations. This symptom appears to occur under load as resolution issues appear to be less after a named restart but gradually gets worse. I reverted to a previous configuration that had no problems so now that I've seemed to rule out both dns server and firewall configuration issues, beyond the circuit itself, I have no idea what is causing this issue. E.g. Sep 17 15:32:01 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1017::1#53 Sep 17 15:32:08 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2001:502:f3ff::1#53 Sep 17 15:32:08 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1016::1#53 Sep 17 15:32:11 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1015::1#53 Sep 17 15:32:11 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2001:502:4612::1#53 Sep 17 15:32:11 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1014::1#53 Sep 17 15:32:14 PROD55-DNS2 named[27503]: success resolving 'www.amazon.com/A' (in 'www.amazon.com'?) after disabling EDNS Other examples include CNN.com and nationalmap.gov. My other sites do not have this issue so I'm beginning to believe it could be ISP issues but I have no idea what it could be. Anything you can do to help would be greatly appreciated! Thank you!
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users