Re: Intermittent NXDOMAIN for a name we are forwarding
On Sunday, February 21, 2016 at 8:46:19 PM UTC-8, Mark Andrews wrote: > In message <2f868c2b-d04b-4caf-abd7-8176352cc...@googlegroups.com>, blrmaani > wr > ites: > > On Friday, February 19, 2016 at 5:09:02 PM UTC-8, blrmaani wrote: > > > We have a DNS setup where we forward a name in one domain to 5 external > > > nam > > eservers. We see NXDOMAIN error intermittently (once in couple of weeks). > > How > > do I debug this issue? > > > > > > I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in > > > "Una > > ssociated entries" when the problem happens. > > > > > > Any advice to troubleshoot this issue is greatly appreciated. > > > > > > Thanks > > > Blr > > > > the cache dump also has this entry (myname.mydomain.com is name I am > > interest > > ed in) > > > > myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN > > > > Which probably means if anyone requests for myname.mydomain.com, they will > > be > > handed NXDOMAIN for upto 10324 seconds from now.. > > Correct. > > > Our current work around is to restart named (which cache) or we could do a > > 'r > > ndc flush'. > > > > Question: Is there a BIND option to say 'Don't cache myname.mydomain.com > > for > > NXDOMAIN error code?' > > No. Fix the source of the NXDOMAIN. Ask all the external nameservers > for "myname.mydomain.com type666" and see what they respond with. If > it is NXDOMAIN then you have the source(s) if the NXDOMAIN. > > e.g. > dig @server myname.mydomain.com type666 > > This is a case of Garbage In (NXDOMAIN) - Garbage Out (NXDOMAIN). > > > Alternatively, I can have a local query for this and flush cache if error > > cod > > e is NXDOMAIN, but is hacky.. I would like a config option > > > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe > > from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org Thanks a lot for the responses .. I ran dig several times in a loop querying for the name with type=type666 and see only SERVFAIL. The NXDOMAIN occurs approx once in 2 weeks (per incident report). I guess I have to run several iterations of queries to see NXDOMAIN.. I see this in the cache dump: ... ... ; authauthority myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN ... ... ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Intermittent NXDOMAIN for a name we are forwarding
On 21.02.16 19:07, blrmaani wrote: the cache dump also has this entry (myname.mydomain.com is name I am interested in) myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN Which probably means if anyone requests for myname.mydomain.com, they will be handed NXDOMAIN for upto 10324 seconds from now.. doesn't the log also contain info where did that message come from? Our current work around is to restart named (which cache) or we could do a 'rndc flush'. "rndc flushname myname.mydomain.com" should be enough - not needed to flush whole cache. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Intermittent NXDOMAIN for a name we are forwarding
In message <2f868c2b-d04b-4caf-abd7-8176352cc...@googlegroups.com>, blrmaani wr ites: > On Friday, February 19, 2016 at 5:09:02 PM UTC-8, blrmaani wrote: > > We have a DNS setup where we forward a name in one domain to 5 external nam > eservers. We see NXDOMAIN error intermittently (once in couple of weeks). How > do I debug this issue? > > > > I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Una > ssociated entries" when the problem happens. > > > > Any advice to troubleshoot this issue is greatly appreciated. > > > > Thanks > > Blr > > the cache dump also has this entry (myname.mydomain.com is name I am interest > ed in) > > myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN > > Which probably means if anyone requests for myname.mydomain.com, they will be > handed NXDOMAIN for upto 10324 seconds from now.. Correct. > Our current work around is to restart named (which cache) or we could do a 'r > ndc flush'. > > Question: Is there a BIND option to say 'Don't cache myname.mydomain.com for > NXDOMAIN error code?' No. Fix the source of the NXDOMAIN. Ask all the external nameservers for "myname.mydomain.com type666" and see what they respond with. If it is NXDOMAIN then you have the source(s) if the NXDOMAIN. e.g. dig @server myname.mydomain.com type666 This is a case of Garbage In (NXDOMAIN) - Garbage Out (NXDOMAIN). > Alternatively, I can have a local query for this and flush cache if error cod > e is NXDOMAIN, but is hacky.. I would like a config option > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Intermittent NXDOMAIN for a name we are forwarding
On Friday, February 19, 2016 at 5:09:02 PM UTC-8, blrmaani wrote: > We have a DNS setup where we forward a name in one domain to 5 external > nameservers. We see NXDOMAIN error intermittently (once in couple of weeks). > How do I debug this issue? > > I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in > "Unassociated entries" when the problem happens. > > Any advice to troubleshoot this issue is greatly appreciated. > > Thanks > Blr the cache dump also has this entry (myname.mydomain.com is name I am interested in) myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN Which probably means if anyone requests for myname.mydomain.com, they will be handed NXDOMAIN for upto 10324 seconds from now.. Our current work around is to restart named (which cache) or we could do a 'rndc flush'. Question: Is there a BIND option to say 'Don't cache myname.mydomain.com for NXDOMAIN error code?' Alternatively, I can have a local query for this and flush cache if error code is NXDOMAIN, but is hacky.. I would like a config option ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Intermittent NXDOMAIN for a name we are forwarding
In message <20160220172148.ga26...@fantomas.sk>, Matus UHLAR - fantomas writes: > On 19.02.16 17:08, blrmaani wrote: > >We have a DNS setup where we forward a name in one domain to 5 external > > nameservers. We see NXDOMAIN error intermittently (once in couple of > > weeks). How do I debug this issue? > > tcpdump? > > >I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Unas > sociated entries" when the problem happens. > > anything more isble in the cache? > > last time I have encountered this error, it was problematic Cisco DNS load > balancer, responding NXDOMAIN to a PTR (and possibly other) type queries, > while standard types returned proper answer. Or using "forward first;" rather that "forward only;" and falling back to the Internet and getting NXDOMAIN there. > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > The only substitute for good manners is fast reflexes. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Intermittent NXDOMAIN for a name we are forwarding
On 19.02.16 17:08, blrmaani wrote: We have a DNS setup where we forward a name in one domain to 5 external nameservers. We see NXDOMAIN error intermittently (once in couple of weeks). How do I debug this issue? tcpdump? I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Unassociated entries" when the problem happens. anything more isble in the cache? last time I have encountered this error, it was problematic Cisco DNS load balancer, responding NXDOMAIN to a PTR (and possibly other) type queries, while standard types returned proper answer. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Intermittent NXDOMAIN for a name we are forwarding
We have a DNS setup where we forward a name in one domain to 5 external nameservers. We see NXDOMAIN error intermittently (once in couple of weeks). How do I debug this issue? I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Unassociated entries" when the problem happens. Any advice to troubleshoot this issue is greatly appreciated. Thanks Blr ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
