patched dnscache resolving problem

To:	dns@list.cr.yp.to
Subject:	patched dnscache resolving problem
From:	Jeremy Kister <djb-dns@jeremykister.com>
Date:	Tue, 19 Dec 2006 16:31:21 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	gmail-djbdns@securepoint.com
Delivered-to:	sp.com.list@gmail.com
Delivered-to:	mailing list dns@list.cr.yp.to
Mailing-list:	contact dns-help@list.cr.yp.to; run by ezmlm
User-agent:	Thunderbird 2.0b1 (Windows/20061206)

I have dnscache patched viahttp://jeremy.kister.net/code/djbdns-1.05.isp.patch:


+ ignoreip2.patch
+ round-robin.patch
+ ignore SIGPIPE patch
+ allow a greater than 1GB memory limit

A customer of mine changed sommerfield.com's authoritative servers from[abc].ns.broadviewnet.net to ns[12].cnchost.com

The problem is that my ns1 (recursive server) cannot provide answers forsommerfield.com, while my ns2 can:


## showing a lookup failure from my ns1:
unix11> dig @ns1.broadviewnet.net sommerfield.com a
; <<>> DiG 9.2.1 <<>> @ns1.broadviewnet.net sommerfield.com a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14800
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sommerfield.com.               IN      A

;; Query time: 1881 msec
;; SERVER: 64.115.0.9#53(ns1.broadviewnet.net)
;; WHEN: Tue Dec 19 16:20:22 2006
;; MSG SIZE  rcvd: 33

I considered that ns[12].cnchost.com could be blocking my ns1 fromtalking dns to them.. but that's debunked:


## showing a successful query from the IP address of my ns1 to their ns1:
unix14> dig @ns1.cnchost.com sommerfield.com a -b 64.115.0.9

; <<>> DiG 9.2.2rc1 <<>> @ns1.cnchost.com sommerfield.com a -b 64.115.0.9
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7909
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sommerfield.com.               IN      A

;; ANSWER SECTION:
sommerfield.com.        900     IN      A       64.115.0.44

;; Query time: 85 msec
;; SERVER: 207.155.248.30#53(ns1.cnchost.com)
;; WHEN: Tue Dec 19 16:21:13 2006
;; MSG SIZE  rcvd: 64

It's interesting to note that accufix.com (a random domain that usesns[12].cnchost.com) is resolvable by my ns1:


unix11> dig @ns1.broadviewnet.net accufix.com a

; <<>> DiG 9.2.1 <<>> @ns1.broadviewnet.net accufix.com a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30601
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;accufix.com.                   IN      A

;; ANSWER SECTION:
accufix.com.            900     IN      A       207.155.252.72
accufix.com.            900     IN      A       207.155.248.47
accufix.com.            900     IN      A       207.155.252.4
accufix.com.            900     IN      A       207.155.252.14

;; Query time: 515 msec
;; SERVER: 64.115.0.9#53(ns1.broadviewnet.net)
;; WHEN: Tue Dec 19 16:22:38 2006
;; MSG SIZE  rcvd: 93


From the dnscache logs:

unix14> tail -f /etc/dnscache-64.115.0.9/log/main/current | dnslog.pl |grep sommerfield'


query 587875666 64.115.0.126 45751 54871 A sommerfield.com.
^C
unix14> grep 587875666 /etc/dnscache-64.115.0.9/log/main/current
query 587875666 4073007e:b2b7:d657 1 sommerfield.com.
sent 587875666 33
unix14>


Any ideas on what to try??



--

Jeremy Kister
http://jeremy.kister.net./

<Prev in Thread]	Current Thread	[Next in Thread>
patched dnscache resolving problem, Jeremy Kister <=

Previous by Date:	Re: migration from BIND to DJBDNS, Larry Weldon
Next by Date:	Minimal DNS answer using Net::DNS, Kelly Jones
Previous by Thread:	migration from BIND to DJBDNS, it
Next by Thread:	Minimal DNS answer using Net::DNS, Kelly Jones
Indexes:	[Date] [Thread] [Top] [All Lists]