Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem?
The Bigpond nameserver server would now appear to be returning 'correct' data for the 'authority section'. Dig to my recursor gives: $ dig dreamteam.afl.com.au ; DiG 9.3.4-P1 dreamteam.afl.com.au ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 24819 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dreamteam.afl.com.au. IN A ;; ANSWER SECTION: dreamteam.afl.com.au. 14 IN CNAME afl.virtualsports.com.au. afl.virtualsports.com.au. 2997 IN A 174.120.186.226 afl.virtualsports.com.au. 2997 IN A 174.120.187.106 afl.virtualsports.com.au. 2997 IN A 174.120.186.242 afl.virtualsports.com.au. 2997 IN A 174.120.186.250 afl.virtualsports.com.au. 2997 IN A 174.120.187.114 afl.virtualsports.com.au. 2997 IN A 174.120.187.122 afl.virtualsports.com.au. 2997 IN A 174.120.187.138 afl.virtualsports.com.au. 2997 IN A 174.120.187.146 afl.virtualsports.com.au. 2997 IN A 174.120.186.218 afl.virtualsports.com.au. 2997 IN A 174.120.186.234 afl.virtualsports.com.au. 2997 IN A 174.120.187.10 afl.virtualsports.com.au. 2997 IN A 174.120.187.130 ;; Query time: 1 msec ;; SERVER: 203.161.127.1#53(203.161.127.1) ;; WHEN: Mon Feb 8 09:15:24 2010 ;; MSG SIZE rcvd: 262 Dig off the authoratative nameserver for afl.com.au: $ dig dreamteam.afl.com.au @ns1bpc.bigpond.com ; DiG 9.6.1-P2 dreamteam.afl.com.au @ns2bpc.bigpond.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 33750 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;dreamteam.afl.com.au. IN A ;; ANSWER SECTION: dreamteam.afl.com.au. 30 IN CNAME afl.virtualsports.com.au. ;; AUTHORITY SECTION: . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. ;; Query time: 53 msec ;; SERVER: 61.9.170.18#53(61.9.170.18) ;; WHEN: Mon Feb 8 08:57:31 2010 ;; MSG SIZE rcvd: 281 Ian. --- On Fri, 5/2/10, Mark Andrews ma...@isc.org wrote: From: Mark Andrews ma...@isc.org Subject: Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem? To: Ian B porj...@yahoo.com.au Cc: bind-users@lists.isc.org Received: Friday, 5 February, 2010, 2:47 PM In message 260066.10841...@web63105.mail.re1.yahoo.com, Ian B writes: Hi All, I found a post on this list from July 2009 with the subject: Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNS problem? https://lists.isc.org/pipermail/bind-users/2009-July/077045.html I'm having exactly the same issue but with hostname dreamteam.afl.com.au A sample dig is as follows: $ dig dreamteam.afl.com.au ; DiG 9.3.4-P1 dreamteam.afl.com.au ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 22236 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;dreamteam.afl.com.au. IN A ;; ANSWER SECTION: dreamteam.afl.com.au. 30 IN CNAME afl.virtualsports.com.au. ;; AUTHORITY SECTION: com.au. 60 IN SOA stl-bpc-gslb1500-1.bigp ond.com. hostmaster.stl-bpc-gslb1500-1.bigpond.com. 4 10800 3600 604800 60 ;; Query time: 53 msec ;; SERVER: 203.161.127.1#53(203.161.127.1) ;; WHEN: Fri Feb 5 11:29:24 2010 ;; MSG SIZE rcvd: 147 My understanding of the issue is that the authoritative nameserver for dreamt eam.afl.com.au is returning the incorrect data in the 'AUTHORITY SECTION' cau sing PowerDNS to act unpredictably. Other DNS recursors may not have an issue with this, as they overlook the error. Is that a correct understanding? It looks like the two bigpond servers have been configured to serve a unofficial version of COM.AU. Normal query processing then causes the servers to find the unofficial version of COM.AU and return NXDOMAIN rather than a referral as they should. This is hard to avoid unless
Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem?
Hi All, I found a post on this list from July 2009 with the subject: Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNS problem? https://lists.isc.org/pipermail/bind-users/2009-July/077045.html I'm having exactly the same issue but with hostname dreamteam.afl.com.au A sample dig is as follows: $ dig dreamteam.afl.com.au ; DiG 9.3.4-P1 dreamteam.afl.com.au ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 22236 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;dreamteam.afl.com.au. IN A ;; ANSWER SECTION: dreamteam.afl.com.au. 30 IN CNAME afl.virtualsports.com.au. ;; AUTHORITY SECTION: com.au. 60 IN SOA stl-bpc-gslb1500-1.bigpond.com. hostmaster.stl-bpc-gslb1500-1.bigpond.com. 4 10800 3600 604800 60 ;; Query time: 53 msec ;; SERVER: 203.161.127.1#53(203.161.127.1) ;; WHEN: Fri Feb 5 11:29:24 2010 ;; MSG SIZE rcvd: 147 My understanding of the issue is that the authoritative nameserver for dreamteam.afl.com.au is returning the incorrect data in the 'AUTHORITY SECTION' causing PowerDNS to act unpredictably. Other DNS recursors may not have an issue with this, as they overlook the error. Is that a correct understanding? Thanks, Ian. __ Yahoo!7: Catch-up on your favourite Channel 7 TV shows easily, legally, and for free at PLUS7. www.tv.yahoo.com.au/plus7 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Intermittent NXDOMAIN, (possibly) Bind or PowerDNS problem?
In message 260066.10841...@web63105.mail.re1.yahoo.com, Ian B writes: Hi All, I found a post on this list from July 2009 with the subject: Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNS problem? https://lists.isc.org/pipermail/bind-users/2009-July/077045.html I'm having exactly the same issue but with hostname dreamteam.afl.com.au A sample dig is as follows: $ dig dreamteam.afl.com.au ; DiG 9.3.4-P1 dreamteam.afl.com.au ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 22236 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;dreamteam.afl.com.au.IN A ;; ANSWER SECTION: dreamteam.afl.com.au. 30 IN CNAME afl.virtualsports.com.au. ;; AUTHORITY SECTION: com.au. 60 IN SOA stl-bpc-gslb1500-1.bigp ond.com. hostmaster.stl-bpc-gslb1500-1.bigpond.com. 4 10800 3600 604800 60 ;; Query time: 53 msec ;; SERVER: 203.161.127.1#53(203.161.127.1) ;; WHEN: Fri Feb 5 11:29:24 2010 ;; MSG SIZE rcvd: 147 My understanding of the issue is that the authoritative nameserver for dreamt eam.afl.com.au is returning the incorrect data in the 'AUTHORITY SECTION' cau sing PowerDNS to act unpredictably. Other DNS recursors may not have an issue with this, as they overlook the error. Is that a correct understanding? It looks like the two bigpond servers have been configured to serve a unofficial version of COM.AU. Normal query processing then causes the servers to find the unofficial version of COM.AU and return NXDOMAIN rather than a referral as they should. This is hard to avoid unless the normal query process rules are changed to not re-start the query after following a CNAME for a non-recursive query or only follow a CNAME if the target is in the same zone as the owner of the CNAME. The incorrect answer is then accepted and the cache is poisoned. One would think however that Telstra would have locked COM.AU out in the automatic provisioning systems for these servers as adding it can only be for nefarious purposes. Similarly any other infrastucture zones. Mark Thanks, Ian. ___ ___ Yahoo!7: Catch-up on your favourite Channel 7 TV shows easily, legally, and f or free at PLUS7. www.tv.yahoo.com.au/plus7 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
