On Oct 23, 2012, at 5:17 PM, Christian Tardif wrote: > Hi, > > I have a strange BIND behaviour I don't know how to handle. As I don't > exactly know how to describe it, I'll rather explain what I did and what > happens. But not quite easy to follow. > > In my tests, I have two servers with BIND installed on them: SiteA (BIND > 9.8.2rc1 on CentOS 6.3), and SiteB (BIND 9.5.0-P2, on Mandriva 2008.1). A > third environment helps me for diagnostics. > > SiteA is a recursive name server. I've been able to prove that it does not > behave correctly under certain circumstances by hitting it with a simple > request: asking it to give me NS records for a certain subdomain for which > it's primary for the base domain (dig @SiteA NS sub.domain.tld, SiteA being > authoritative for domain.tld). It just times out. There are glue records on > SiteA for the sub.domain.tld master BIND). In order to try to figure out what > was going on, I try, directly from SiterA, to send a request, as a client, > directly to the master of sub.domain.tld. Times out again. At this moment, I > can't tell which server is faulty. But I ge the same behaviour trying to get > an answer from a completely different server (SiteB). In that case as well, > no answer. But still starting from SiteA. > > I then tried to get a response for the request I made from SiteA to SiteB (as > I control both), but this time, starting for my third environment. Then, > SiteB answers to my request. So SiteB looks like it's working. But how come > it does not answer my request from SiteA? From BIND logs on siteB, there's > no trace of SiteA-to-SiteB' request. In order to prove that my UDP packets > actually reaches their destination, and are not modified during transit, I > opened a tcpdump session on SiteA and on SiteB. Packets come through in good > shape, but didn't find their way to BIND application, as it seems. In my > opinion, SiteB is not part of the problem, as it answers normally to every > other it receives from anywhere else than SiteA. If I try again > SiteA-to-SiteB request, I can see with TCPDUMP that packets gets out of > SiteA, and enters SiteB. But BIND doesn't react. Even if I try to enable > debugging on SiteB, I don't see anything. > > What could be wrong, and how do I solve it? What tools are available to help > out? If I try to ask for recursive request (let's say www.google.com) from > anywhere, pointing at SiteA, I get a proper answer.
What happens if you use 'dig +norec' in your tests? That is, use iterative queries. Does that change the behavior you see? Chris Buxton BlueCat Networks _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
