Re: Frequent timeout
Hi, It was reported there was a permissions problem with my Google Drive link to the pcap file only allowing access to Google users. This should now be public: https://drive.google.com/file/d/1Ui893Lg61psZCR8I_9SJtNqs-Sil_br5/view?usp=sharing Thanks, Alex On Sat, Sep 1, 2018 at 11:45 PM Alex wrote: > > On Sat, Sep 1, 2018 at 11:25 PM Carl Byington wrote: > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > On Fri, 2018-08-31 at 17:18 -0400, Alex wrote: > > > ../../../lib/dns/resolver.c:3927 for support.coxbusiness.com/A in > > > > After 4 seconds, I get SERVFAIL on that name. > > Thank you for your help. Perhaps I picked a bad example? > > I happened to have a grep running against my current named.debug.log, > and as I received your email, what I believe is a much more > representative display of the problem occurred. I also have a packet > capture below. > > It's probably mangled posting it here, so I'll also put it on > pastebin, but it's a rapid-fire display of a series of failed queries > at once. I've cut out much of the info preceding and following to make > it more clear here. These all occurred in less than 20ms of each > other. > > (71.161.85.209.ubl.unsubscore.com): query failed (SERVFAIL) > (71.161.85.209.dnsbl-2.uceprotect.net): query failed (SERVFAIL) > (71.161.85.209.dnsbl.sorbs.net): query failed (SERVFAIL) > (71.161.85.209.bad.psky.me): query failed (SERVFAIL) > (71.161.85.209.score.senderscore.com): query failed (SERVFAIL) > (71.161.85.209.list.dnswl.org): query failed (SERVFAIL) > (71.161.85.209.zz.countries.nerd.dk): query failed (SERVFAIL) > (71.161.85.209.cidr.bl.mcafee.com): query failed (SERVFAIL) > (71.161.85.209.bl.mailspike.net): query failed (SERVFAIL) > (71.161.85.209.wl.mailspike.net): query failed (SERVFAIL) > (71.161.85.209.db.wpbl.info): query failed (SERVFAIL) > (71.161.85.209.sip.helpfulblacklist.xyz): query failed (SERVFAIL) > (71.161.85.209.dnsbl-3.uceprotect.net): query failed (SERVFAIL) > (71.161.85.209.backscatter.spameatingmonkey.net): query failed (SERVFAIL) > (71.161.85.209.hostkarma.junkemailfilter.com): query failed (SERVFAIL) > (71.161.85.209.bl.score.senderscore.com): query failed (SERVFAIL) > > When trying to resolve any of these manually, it just returns NXDOMAIN. > > See the entirety of the log here: > https://pastebin.com/JpHCDdQs > > Each of the lines above also has a corresponding entry like this: > > 01-Sep-2018 23:31:06.701 query-errors: debug 2: fetch completed at > ../../../lib/dns/resolver.c:3927 for 71.161.85.209.bad.psky.me/A in > 10.78: timed out/success > [domain:psky.me,referral:0,restart:4,qrysent:8,timeout:7,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0] > > I also isolated a packet with the "server failure" information, but > I'm unable to figure out what the data means. Would someone be > interested in evaluating it for me? It's a 146-byte pcap file. > https://drive.google.com/open?id=1Ui893Lg61psZCR8I_9SJtNqs-Sil_br > > Thanks for any ideas. > Alex ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Frequent timeout
On Sat, Sep 1, 2018 at 11:25 PM Carl Byington wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Fri, 2018-08-31 at 17:18 -0400, Alex wrote: > > ../../../lib/dns/resolver.c:3927 for support.coxbusiness.com/A in > > After 4 seconds, I get SERVFAIL on that name. Thank you for your help. Perhaps I picked a bad example? I happened to have a grep running against my current named.debug.log, and as I received your email, what I believe is a much more representative display of the problem occurred. I also have a packet capture below. It's probably mangled posting it here, so I'll also put it on pastebin, but it's a rapid-fire display of a series of failed queries at once. I've cut out much of the info preceding and following to make it more clear here. These all occurred in less than 20ms of each other. (71.161.85.209.ubl.unsubscore.com): query failed (SERVFAIL) (71.161.85.209.dnsbl-2.uceprotect.net): query failed (SERVFAIL) (71.161.85.209.dnsbl.sorbs.net): query failed (SERVFAIL) (71.161.85.209.bad.psky.me): query failed (SERVFAIL) (71.161.85.209.score.senderscore.com): query failed (SERVFAIL) (71.161.85.209.list.dnswl.org): query failed (SERVFAIL) (71.161.85.209.zz.countries.nerd.dk): query failed (SERVFAIL) (71.161.85.209.cidr.bl.mcafee.com): query failed (SERVFAIL) (71.161.85.209.bl.mailspike.net): query failed (SERVFAIL) (71.161.85.209.wl.mailspike.net): query failed (SERVFAIL) (71.161.85.209.db.wpbl.info): query failed (SERVFAIL) (71.161.85.209.sip.helpfulblacklist.xyz): query failed (SERVFAIL) (71.161.85.209.dnsbl-3.uceprotect.net): query failed (SERVFAIL) (71.161.85.209.backscatter.spameatingmonkey.net): query failed (SERVFAIL) (71.161.85.209.hostkarma.junkemailfilter.com): query failed (SERVFAIL) (71.161.85.209.bl.score.senderscore.com): query failed (SERVFAIL) When trying to resolve any of these manually, it just returns NXDOMAIN. See the entirety of the log here: https://pastebin.com/JpHCDdQs Each of the lines above also has a corresponding entry like this: 01-Sep-2018 23:31:06.701 query-errors: debug 2: fetch completed at ../../../lib/dns/resolver.c:3927 for 71.161.85.209.bad.psky.me/A in 10.78: timed out/success [domain:psky.me,referral:0,restart:4,qrysent:8,timeout:7,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0] I also isolated a packet with the "server failure" information, but I'm unable to figure out what the data means. Would someone be interested in evaluating it for me? It's a 146-byte pcap file. https://drive.google.com/open?id=1Ui893Lg61psZCR8I_9SJtNqs-Sil_br Thanks for any ideas. Alex ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Frequent timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-08-31 at 17:18 -0400, Alex wrote: > ../../../lib/dns/resolver.c:3927 for support.coxbusiness.com/A in After 4 seconds, I get SERVFAIL on that name. > ../../../lib/dns/resolver.c:3927 for dell.ns.cloudflare.com/A in That name resolves here very quickly. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAluLV+AACgkQL6j7milTFsGAhwCfYmXS+l5XK0dl8oMDniz/eVIn MXcAn0Com++6PPkec7Cb7GS6qvBjai8b =AnFC -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
