Try just diagnosing why the lookup of book.cebupacair.cust.lldns.net and/or cebupacair-dd.lldns.net is failing which are the target in the CNAME chain. You know the lookup of book.cebupacificair.com returns a CNAME record so the next step to a lookup of book.cebupacificair.com and book.cebupacificair.com/CNAME.
; <<>> DiG 9.15.1 <<>> book.cebupacair.cust.lldns.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5908 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: cbdd8bcfcc962e6a9e1b6a5e5d1c63554cdb8ed4c7c121da (good) ;; QUESTION SECTION: ;book.cebupacair.cust.lldns.net. IN A ;; ANSWER SECTION: book.cebupacair.cust.lldns.net. 300 IN CNAME cebupacair-dd.lldns.net. cebupacair-dd.lldns.net. 60 IN A 68.142.70.27 cebupacair-dd.lldns.net. 60 IN A 68.142.68.27 Mark > On 3 Jul 2019, at 5:48 pm, Wilfred Sarmiento via bind-users > <bind-users@lists.isc.org> wrote: > > Hi Bind Users, > > Currently drained my brain troubleshooting where could be the cause of my > issue on one of our Authoritative DNS server. > When querying a CNAME directly to the server, where a CNAME is pointed to an > external domain, results failed with timeout error and no server could be > reached. > > ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> book.cebupacificair.com > @dns1.globenet.com.ph > ;; global options: +cmd > ;; connection timed out; no servers could be reached > > Server logs produce 3 query log then show a query failed (timed out); > > client @0x7fd9ac0908d0 x.x.x.x#51579 (book.cebupacificair.com): query: > book.cebupacificair.com IN A +E(0) (203.177.255.10) > client @0x7fd9a4484080 x.x.x.x#51579 (book.cebupacificair.com): query: > book.cebupacificair.com IN A +E(0) (203.177.255.10) > client @0x7fd9a4481cb0 x.x.x.x#51579 (book.cebupacificair.com): query: > book.cebupacificair.com IN A +E(0) (203.177.255.10) > client @0x7fd9ac0908d0 x.x.x.x#51579 (book.cebupacificair.com): query failed > (timed out) for book.cebupacificair.com/IN/A at query.c:6786 > > But when i send a query with +norecurse option, results is successful. > > dig +norecurse book.cebupacificair.com @dns1.globenet.com.ph > > ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> +norecurse > book.cebupacificair.com @dns1.globenet.com.ph > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19755 > ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;book.cebupacificair.com. IN A > > ;; ANSWER SECTION: > book.cebupacificair.com. 1200 IN CNAME > book.cebupacair.cust.lldns.net. > > ;; AUTHORITY SECTION: > lldns.net. 171335 IN NS ns1.lldns.net. > lldns.net. 171335 IN NS ns2.lldns.net. > > ;; ADDITIONAL SECTION: > ns1.lldns.net. 149880 IN A 208.111.184.11 > ns2.lldns.net. 93416 IN A 208.111.184.12 > ns1.lldns.net. 93416 IN AAAA 2607:f4e8:ac:1::11 > ns2.lldns.net. 93416 IN AAAA 2607:f4e8:ac:1::12 > > ;; Query time: 1 msec > ;; SERVER: 203.177.255.10#53(203.177.255.10) > ;; WHEN: Wed Jul 03 03:36:21 EDT 2019 > ;; MSG SIZE rcvd: 229 > > This is the named.conf options; > > options { > directory "/var/namedb"; > version "Query Not Allowed."; > allow-recursion { globenet; }; > recursive-clients 1000000; > allow-query-cache { globenet; }; > allow-query { any; }; > tcp-clients 5000; > > blackhole { bogusnet; }; > > pid-file "/var/local/bind/var/run/named.pid"; > zone-statistics yes; > statistics-file "/var/namedb/named.stats"; > }; > > Bind version is 9.14.2 > > The "globenet" group are the list of IPs we allowed for recursion. And this > issue happens only on the CNAME record with external domain. > > Thank you in advance. > > Regards, > Wil Sarmiento > > > > This e-mail message (including attachments, if any) is intended for the use > of the individual or the entity to whom it is addressed and may contain > information that is privileged, proprietary, confidential and exempt from > disclosure. If you are not the intended recipient, you are notified that any > dissemination, distribution or copying of this communication is strictly > prohibited. If you have received this communication in error, please notify > the sender and delete this E-mail message immediately. > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users