Re: Query CNAME failed

Mark Andrews Wed, 03 Jul 2019 01:20:03 -0700

Try just diagnosing why the lookup of book.cebupacair.cust.lldns.net and/or 
cebupacair-dd.lldns.net is failing which are the target in the CNAME chain.  
You know the lookup of book.cebupacificair.com returns a CNAME record so the 
next step to a lookup of book.cebupacificair.com and 
book.cebupacificair.com/CNAME.


; <<>> DiG 9.15.1 <<>> book.cebupacair.cust.lldns.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5908
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: cbdd8bcfcc962e6a9e1b6a5e5d1c63554cdb8ed4c7c121da (good)
;; QUESTION SECTION:
;book.cebupacair.cust.lldns.net.        IN      A

;; ANSWER SECTION:
book.cebupacair.cust.lldns.net. 300 IN  CNAME   cebupacair-dd.lldns.net.
cebupacair-dd.lldns.net. 60     IN      A       68.142.70.27
cebupacair-dd.lldns.net. 60     IN      A       68.142.68.27

Mark

> On 3 Jul 2019, at 5:48 pm, Wilfred Sarmiento via bind-users 
> <bind-users@lists.isc.org> wrote:
> 
> Hi Bind Users,
> 
> Currently drained my brain troubleshooting where could be the cause of my 
> issue on one of our Authoritative DNS server.
> When querying a CNAME directly to the server, where a CNAME is pointed to an 
> external domain, results failed with timeout error and no server could be 
> reached.
> 
> ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> book.cebupacificair.com 
> @dns1.globenet.com.ph
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> 
> Server logs produce 3 query log then show a query failed (timed out);
> 
> client @0x7fd9ac0908d0 x.x.x.x#51579 (book.cebupacificair.com): query: 
> book.cebupacificair.com IN A +E(0) (203.177.255.10)
> client @0x7fd9a4484080 x.x.x.x#51579 (book.cebupacificair.com): query: 
> book.cebupacificair.com IN A +E(0) (203.177.255.10)
> client @0x7fd9a4481cb0 x.x.x.x#51579 (book.cebupacificair.com): query: 
> book.cebupacificair.com IN A +E(0) (203.177.255.10)
> client @0x7fd9ac0908d0 x.x.x.x#51579 (book.cebupacificair.com): query failed 
> (timed out) for book.cebupacificair.com/IN/A at query.c:6786
> 
> But when i send a query with +norecurse option, results is successful.
> 
> dig +norecurse book.cebupacificair.com @dns1.globenet.com.ph
> 
> ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> +norecurse 
> book.cebupacificair.com @dns1.globenet.com.ph
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19755
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;book.cebupacificair.com.       IN      A
> 
> ;; ANSWER SECTION:
> book.cebupacificair.com. 1200   IN      CNAME   
> book.cebupacair.cust.lldns.net.
> 
> ;; AUTHORITY SECTION:
> lldns.net.              171335  IN      NS      ns1.lldns.net.
> lldns.net.              171335  IN      NS      ns2.lldns.net.
> 
> ;; ADDITIONAL SECTION:
> ns1.lldns.net.          149880  IN      A       208.111.184.11
> ns2.lldns.net.          93416   IN      A       208.111.184.12
> ns1.lldns.net.          93416   IN      AAAA    2607:f4e8:ac:1::11
> ns2.lldns.net.          93416   IN      AAAA    2607:f4e8:ac:1::12
> 
> ;; Query time: 1 msec
> ;; SERVER: 203.177.255.10#53(203.177.255.10)
> ;; WHEN: Wed Jul 03 03:36:21 EDT 2019
> ;; MSG SIZE  rcvd: 229
> 
> This is the named.conf options;
> 
> options {
>         directory "/var/namedb";
>         version "Query Not Allowed.";
>         allow-recursion { globenet; };
>         recursive-clients 1000000;
>         allow-query-cache { globenet; };
>         allow-query { any; };
>         tcp-clients 5000;
> 
>         blackhole { bogusnet; };
> 
>         pid-file "/var/local/bind/var/run/named.pid";
>         zone-statistics yes;
>         statistics-file "/var/namedb/named.stats";
> };
> 
> Bind version is 9.14.2
> 
> The "globenet" group are the list of IPs we allowed for recursion. And this 
> issue happens only on the CNAME record with external domain.
> 
> Thank you in advance.
> 
> Regards,
> Wil Sarmiento
> 
> 
> 
> This e-mail message (including attachments, if any) is intended for the use 
> of the individual or the entity to whom it is addressed and may contain 
> information that is privileged, proprietary, confidential and exempt from 
> disclosure. If you are not the intended recipient, you are notified that any 
> dissemination, distribution or copying of this communication is strictly 
> prohibited. If you have received this communication in error, please notify 
> the sender and delete this E-mail message immediately.
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Query CNAME failed

Reply via email to