Re: Error Resolving / EDNS
Hello James, James Tingler james.ting...@contr.netl.doe.gov writes: E.g. Sep 17 15:32:01 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1017::1#53 Sep 17 15:32:08 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2001:502:f3ff::1#53 Sep 17 15:32:08 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1016::1#53 Sep 17 15:32:11 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1015::1#53 Sep 17 15:32:11 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2001:502:4612::1#53 Sep 17 15:32:11 PROD55-DNS2 named[27503]: error (network unreachable) resolving 'www.amazon.com/A/IN': 2610:a1:1014::1#53 Sep 17 15:32:14 PROD55-DNS2 named[27503]: success resolving 'www.amazon.com/A' (in 'www.amazon.com'?) after disabling EDNS The issue might be that BIND is trying to use IPv6, but you do not have IPv6 connectivity. Try start named with the -4 parameter to disable IPv6, and see if the problem is solved. -- Carsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Error Resolving / EDNS
On 19/09/12 17:26, James Tingler wrote: Thanks for the reply Carsten. This didn't make a difference but potentially I'm using the parameter incorrectly (no errors though). same problems.. Sep 19 15:25:22 PROD55-DNS2 named[3676]: success resolving 'cnn.com/A' (in 'cnn.com'?) after disabling EDNS Sep 19 15:25:24 PROD55-DNS2 named[3676]: success resolving 'ns3.timewarner.net/' (in 'timewarner.net'?) after disabling EDNS Sep 19 15:25:24 PROD55-DNS2 named[3676]: success resolving 'ns5.timewarner.net/A' (in 'timewarner.net'?) after disabling EDNS Sep 19 15:25:24 PROD55-DNS2 named[3676]: success resolving 'ns3.timewarner.net/A' (in 'timewarner.net'?) after disabling EDNS Sep 19 15:25:24 PROD55-DNS2 named[3676]: success resolving 'ns1.timewarner.net/' (in 'timewarner.net'?) after disabling EDNS Sep 19 15:25:24 PROD55-DNS2 named[3676]: success resolving 'ns1.timewarner.net/A' (in 'timewarner.net'?) after disabling EDNS Sep 19 15:25:24 PROD55-DNS2 named[3676]: success resolving 'ns5.timewarner.net/' (in 'timewarner.net'?) after disabling EDNS Sep 19 15:25:26 PROD55-DNS2 named[3676]: success resolving 'ns1.timewarner.net/' (in 'timewarner.net'?) after disabling EDNS Sep 19 15:25:27 PROD55-DNS2 named[3676]: success resolving 'ns5.timewarner.net/' (in 'timewarner.net'?) after disabling EDNS Sep 19 15:25:27 PROD55-DNS2 named[3676]: success resolving 'ns3.timewarner.net/' (in 'timewarner.net'?) after disabling EDNS So the other possibility is that some firewall/router on the path is being helpful and thinks it knows that DNS can only be 512 bytes, so this weird thing must be illegal and throw it away. This could be anywhere in the path, maybe outside your network, maybe only being used some of the time. -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Error Resolving / EDNS
Hello James, James Tingler james.ting...@contr.netl.doe.gov writes: Thanks for the reply Carsten. This didn't make a difference but potentially I'm using the parameter incorrectly (no errors though). /etc/rc.d/init.d/named start -4 no, it does not work that way. /etc/rc.d/init.d/named is a startscript, and that usually only reads the first parameter (start) and ignores all other arguments. For a quick test (given that you have more than one resolving DNS server for your clients): 1) use ps -ef, look for the named process, write down all commandline arguments that are listed after the process name 2) stop the BIND DNS Server from the start-script: /etc/rc.d/init.d/named stop 3) on the commandline as user root, start the BIND nameserver with named -4 all other arguments from 1) 4) test 5a) if it works, find out how to configure extra parameters for the BIND DNS Server on your operating system, add the the -4 parameter 5b) stop the running BIND process with rndc stop (if RNDC is configured correct [it should!]), else do a hard killall named 6) start the BIND nameserver again from the startscript -- Carsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Error Resolving / EDNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2012 11:26 AM, James Tingler wrote: Thanks for the reply Carsten. This didn't make a difference but potentially I'm using the parameter incorrectly (no errors though). /etc/rc.d/init.d/named start -4 tailing logs during service start: Sep 19 15:22:13 PROD55-DNS2 named[3676]: using default UDP/IPv4 port range: [1024, 65535] Sep 19 15:22:13 PROD55-DNS2 named[3676]: using default UDP/IPv6 port range: [1024, 65535] ^^ Clearly still listening with IPv6, so though there were no errors, it definitely didn't work. Check the init script and see how you might add that to the named command in the script, not passing it to the script. Sep 19 15:22:13 PROD55-DNS2 named[3676]: listening on IPv4 interface lo, 127.0.0.1#53 Sep 19 15:22:13 PROD55-DNS2 named[3676]: listening on IPv4 interface eth0, 10.52.10.127#53 Sep 19 15:22:13 PROD55-DNS2 named[3676]: generating session key for dynamic DNS Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: 0.IN-ADDR.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: 127.IN-ADDR.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: 254.169.IN-ADDR.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: D.F.IP6.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: 8.E.F.IP6.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: 9.E.F.IP6.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: A.E.F.IP6.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: automatic empty zone: B.E.F.IP6.ARPA Sep 19 15:22:13 PROD55-DNS2 named[3676]: command channel listening on 127.0.0.1#953 Sep 19 15:22:13 PROD55-DNS2 named[3676]: command channel listening on ::1#953 Sep 19 15:22:13 PROD55-DNS2 named[3676]: the working directory is not writable - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBaAH4ACgkQmb+gadEcsb6NBQCdEOmtFKDR2rAKHGhkLq6RYbrP kxAAoMP0kX+2y1OLNk+ZueuNPYA/ygWn =MO1E -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Error Resolving / EDNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2012-09-19 at 11:26 -0400, James Tingler wrote: /etc/rc.d/init.d/named start -4 tailing logs during service start: Sep 19 15:22:13 PROD55-DNS2 named[3676]: using default UDP/IPv4 port range: [1024, 65535] Sep 19 15:22:13 PROD55-DNS2 named[3676]: using default UDP/IPv6 port range: [1024, 65535] Fedora/Redhat derived distributions use /etc/sysconfig/named as a helper for the main startup script in /etc/rc.d/init.d/named Add OPTIONS=-4 to /etc/sysconfig/named and then 'service named restart' -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlBan5oACgkQL6j7milTFsGmqQCgic2xGBf1AWRO/LvzXiZlfzbv sg8AoIgsaaWKLVSAhf7pcVYpCxzrngwy =dQnV -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users