NOAA.GOV domain not working

[Levesque, Ricky (SNB)]

Good day,
I've been having an interesting issue with BIND and wondering if anyone has had 
this before or knows how to fix it.

The issue is,
I have 2 recursive/caching DNS servers running BIND 9.9.4-RedHat-9.9.4-51.el7, 
which are slow to query for this particular domain.
Noaa.gov (as well as its sub domains. Specifically - 
www.nhc.noaa.gov<http://www.nhc.noaa.gov> )
By slow I mean, it takes approximately 3500ms to query while most other domains 
take less than 100ms to query.
What's worst, the domains (noaa.gov) becomes unqueriable after a few hours or a 
day and I need to clear the DNS servers cache to allow it to work again.

The domains have very very low TTL's (30s) and use DNSsec

Error:
##dig www.nhc.noaa.gov
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52364
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 3, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.nhc.noaa.gov.              IN      A


Fixes I have attempted so far:
Reboot servers (2 centos servers running on vmware)
Update system
Try a default config file
Updated vmware tools
Clear DNS cache (temporary fix)
Checked firewall for abnormal data
Updated root hints

Config:

acl internal {
        *removed*;
       localhost;
        };

options {
        listen-on port 53 { *removed*;
                            127.0.0.1;
;
                           };
        listen-on-v6 port 53 { none;
                               #::1;
                              };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;

// Conform to RFC1035
    auth-nxdomain no;

// Allowed Port Ranges
    use-v4-udp-ports { range 32768 65535; };
    use-v6-udp-ports { range 32768 65535; };
    recursive-clients 15000;
    server-id none;
    version none;
    interface-interval 0;
    allow-query { internal;
                  };
      allow-recursion { internal;
                      };
     max-ncache-ttl 3600;
     allow-query-cache { internal;
                        };
        };

logging {
        channel default_debug {
                  syslog local4;
                  severity debug;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users