subject:"named resolution problem"

named resolution problem

2011-10-05 Thread Roberto Bosticardo


Hi all,

I have a problem with named (both bind9.3 and bind9.7) and resolution of 
www.myspace.fr;
the problem is not present in dnscache (of djbdns suite) or asking 
resolution to google public dns (they run a Google implementation of dns 
protocol).


If you ask a resolver/cache server running named the resolution of name 
www.myspace.fr it returns (SERVFAIL), if you ask the same to a 
dnscache server it correctly resolves to the ip address.


The problem seems related to two CNAME resolution with tools of bind 
suite (the problem is present also with dig, I think it uses the same 
routine of named).


the answer section from a working resolver is something like:


www.myspace.fr. 86395   IN  CNAME   wwwi.myspace.com.
wwwi.myspace.com.   3595IN  CNAME
www-lb.myspaceweb.akadns.net.
www-lb.myspaceweb.akadns.net. 30 IN A   216.178.39.11


asking to a named resolver it seems it cannot resolve the last cname


www.myspace.fr. 86395   IN  CNAME   wwwi.myspace.com.
wwwi.myspace.com.   3595IN  CNAME
www-lb.myspaceweb.akadns.net.


Simulating the recursion, going top down from root nameservers, and 
asking as the last step the resolution of www-lb.myspaceweb.akadns.net 
to ze.akadns.net or one of the other autoritarive akadns server it 
give the correct ip address.


The path seems this:
. - .fr. - .myspace.fr.
autoritative for myspace.fr. are ns1.myspace.com and ns2.myspace.com
asking A records for www.myspace.fr to ns1.myspace.com it gives you the 
two CNAME

Named seems unable to resolve this CNAME.

I tried to deep debug the problem without success.

We have customers affected by this problem and we solved with the 
definition of a zone for myspace.fr that forwards to a djbdns dnscache 
server that correctly resolves; This is intended as workaround till we 
will fix the problem on named/bind.


I also suspected it was something related do EDNS0 but i quite sure this 
is not the problem because google public dns resolver implement EDNS and 
they don't have the problem.


Are your named servers affected by the same problem ?
Can you try this name resolution on your servers ?
Have you any idea on how to solve the problem ?
Have you further tests to suggest us ?

Thanx for you patience and forgive me for my bad english
Hope someone can help

Bye
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named resolution problem

2011-10-05 Thread Hauke Lampe

On 05.10.2011 12:58, Roberto Bosticardo wrote:

 If you ask a resolver/cache server running named the resolution of name
 www.myspace.fr it returns (SERVFAIL), if you ask the same to a
 dnscache server it correctly resolves to the ip address.

BIND doesn't like NS records resolving to CNAMEs:

The domain is delegated to two servers:
myspace.fr. 60  IN  NS  ns1.myspace.com.
myspace.fr. 60  IN  NS  ns2.myspace.com.

Resolving the server names reveals CNAMEs:
ns1.myspace.com.60  IN  CNAME   DNS11.COTDNS.net.
ns2.myspace.com.60  IN  CNAME   DNS12.COTDNS.net.

That is a configuation error at myspace.com and BIND returns SERVFAIL.
Unbound and dnscache are more forgiving in this case.


Hauke.



signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

named resolution problem

Re: named resolution problem

2 matches

Site Navigation

Mail list logo

Footer information