[afnog] Resolver issues
Michuki Mwangi
michuki at swiftkenya.com
Mon Apr 10 16:58:26 EAT 2006
Dear All,
This morning we realised that one of our servers that performs a dig
lookup to establish the authoritative status of domains prior to domains
being registered was returning a server timeout error on all queries.
This server has been functioning perfectly well until this past weekend
though no changes have been performed.
Server is running Freebsd 4.11 with Dig 9.3.1. (Bind is installed but
not enabled).
The /etc/resolv.conf of this is pointing to our DNS Caching resolver
Server running BIND 9.3.1 using views.
from the caching server all seems well;
$ dig +norec @ns1.swiftkenya.com kenic.or.ke ns
; <<>> DiG 9.3.1 <<>> +norec @ns1.swiftkenya.com kenic.or.ke ns
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10298
;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;kenic.or.ke. IN NS
;; ANSWER SECTION:
kenic.or.ke. 38400 IN NS ns2.swiftkenya.com.
kenic.or.ke. 38400 IN NS ole.kenic.or.ke.
kenic.or.ke. 38400 IN NS ns1.swiftkenya.com.
;; ADDITIONAL SECTION:
ns1.swiftkenya.com. 86400 IN A 80.240.192.7
ns2.swiftkenya.com. 86400 IN A 193.219.198.10
ole.kenic.or.ke. 38400 IN A 198.32.67.19
;; Query time: 36 msec
;; SERVER: 80.240.192.7#53(80.240.192.7)
;; WHEN: Mon Apr 10 16:36:58 2006
;; MSG SIZE rcvd: 145
$
From the server that performs the dig queries.
www# dig @ns1.swiftkenya.com kenic.or.ke ns
; <<>> DiG 9.3.1 <<>> @ns1.swiftkenya.com kenic.or.ke ns
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
www# dig +norec @ns1.swiftkenya.com kenic.or.ke ns
; <<>> DiG 9.3.1 <<>> +norec @ns1.swiftkenya.com kenic.or.ke ns
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
www#
Both servers are on the same network subnet and share the same gateway.
The www server is reachable from outside my network as it runs Web
Services for domain name registrations.
I have tried to eliminate all issues i could think of for the past
couple of hours to success.
When i use the dig +trace -x to follow the process this is what i get
www# dig +trace -x @ns1.swiftkenya.com kenic.or.ke ns
. 516104 IN NS G.ROOT-SERVERS.NET.
. 516104 IN NS H.ROOT-SERVERS.NET.
. 516104 IN NS I.ROOT-SERVERS.NET.
. 516104 IN NS J.ROOT-SERVERS.NET.
. 516104 IN NS K.ROOT-SERVERS.NET.
. 516104 IN NS L.ROOT-SERVERS.NET.
. 516104 IN NS M.ROOT-SERVERS.NET.
. 516104 IN NS A.ROOT-SERVERS.NET.
. 516104 IN NS B.ROOT-SERVERS.NET.
. 516104 IN NS C.ROOT-SERVERS.NET.
. 516104 IN NS D.ROOT-SERVERS.NET.
. 516104 IN NS E.ROOT-SERVERS.NET.
. 516104 IN NS F.ROOT-SERVERS.NET.
;; Received 420 bytes from 198.32.67.19#53(198.32.67.19) in 2 ms
;; connection timed out; no servers could be reached
; <<>> DiG 9.3.1 <<>> +trace -x @ns1.swiftkenya.com kenic.or.ke ns
;; global options: printcmd
. 516074 IN NS F.ROOT-SERVERS.NET.
. 516074 IN NS G.ROOT-SERVERS.NET.
. 516074 IN NS H.ROOT-SERVERS.NET.
. 516074 IN NS I.ROOT-SERVERS.NET.
. 516074 IN NS J.ROOT-SERVERS.NET.
. 516074 IN NS K.ROOT-SERVERS.NET.
. 516074 IN NS L.ROOT-SERVERS.NET.
. 516074 IN NS M.ROOT-SERVERS.NET.
. 516074 IN NS A.ROOT-SERVERS.NET.
. 516074 IN NS B.ROOT-SERVERS.NET.
. 516074 IN NS C.ROOT-SERVERS.NET.
. 516074 IN NS D.ROOT-SERVERS.NET.
. 516074 IN NS E.ROOT-SERVERS.NET.
;; Received 436 bytes from 198.32.67.19#53(198.32.67.19) in 2 ms
;; connection timed out; no servers could be reached
www#
I have a similar server on the network and when i run the same command i
get a success (again on the same network subnet)
michuki at huduma>$ dig +trace -x @ns1.swiftkenya.com kenic.or.ke ns
; <<>> DiG 9.3.0 <<>> +trace -x @ns1.swiftkenya.com kenic.or.ke ns
;; global options: printcmd
. 515944 IN NS D.ROOT-SERVERS.NET.
. 515944 IN NS E.ROOT-SERVERS.NET.
. 515944 IN NS F.ROOT-SERVERS.NET.
. 515944 IN NS G.ROOT-SERVERS.NET.
. 515944 IN NS H.ROOT-SERVERS.NET.
. 515944 IN NS I.ROOT-SERVERS.NET.
. 515944 IN NS J.ROOT-SERVERS.NET.
. 515944 IN NS K.ROOT-SERVERS.NET.
. 515944 IN NS L.ROOT-SERVERS.NET.
. 515944 IN NS M.ROOT-SERVERS.NET.
. 515944 IN NS A.ROOT-SERVERS.NET.
. 515944 IN NS B.ROOT-SERVERS.NET.
. 515944 IN NS C.ROOT-SERVERS.NET.
;; Received 436 bytes from 198.32.67.19#53(198.32.67.19) in 3 ms
in-addr.arpa. 10800 IN SOA A.ROOT-SERVERS.NET.
bind.ARIN.NET. 2006041004 1800 900 691200 10800
;; Received 114 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 679 ms
. 515943 IN NS C.ROOT-SERVERS.NET.
. 515943 IN NS D.ROOT-SERVERS.NET.
. 515943 IN NS E.ROOT-SERVERS.NET.
. 515943 IN NS F.ROOT-SERVERS.NET.
. 515943 IN NS G.ROOT-SERVERS.NET.
. 515943 IN NS H.ROOT-SERVERS.NET.
. 515943 IN NS I.ROOT-SERVERS.NET.
. 515943 IN NS J.ROOT-SERVERS.NET.
. 515943 IN NS K.ROOT-SERVERS.NET.
. 515943 IN NS L.ROOT-SERVERS.NET.
. 515943 IN NS M.ROOT-SERVERS.NET.
. 515943 IN NS A.ROOT-SERVERS.NET.
. 515943 IN NS B.ROOT-SERVERS.NET.
;; Received 436 bytes from 198.32.67.19#53(198.32.67.19) in 1 ms
ke. 172800 IN NS MZIZI.kenic.or.ke.
ke. 172800 IN NS NS.ANYCAST.kenic.or.ke.
ke. 172800 IN NS NS1.COZA.NET.ZA.
;; Received 151 bytes from 192.33.4.12#53(C.ROOT-SERVERS.NET) in 690 ms
kenic.or.ke. 14400 IN NS NS1.SWIFTKENYA.COM.
kenic.or.ke. 14400 IN NS NS2.SWIFTKENYA.COM.
kenic.or.ke. 14400 IN NS OLE.kenic.or.ke.
;; Received 113 bytes from 198.32.67.9#53(MZIZI.kenic.or.ke) in 1 ms
kenic.or.ke. 38400 IN NS ns1.swiftkenya.com.
kenic.or.ke. 38400 IN NS ns2.swiftkenya.com.
kenic.or.ke. 38400 IN NS ole.kenic.or.ke.
;; Received 145 bytes from 80.240.192.7#53(NS1.SWIFTKENYA.COM) in 48 ms
michuki at huduma>$
However, when i use dig to query for authoritative status from my
Caching Server which also acts/servers as authoritative for some
sponsored zones, i get a positive response.
www# dig +norec @ole.kenic.or.ke csirt.or.ke ns
; <<>> DiG 9.3.1 <<>> +norec @ole.kenic.or.ke csirt.or.ke ns
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47126
;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;csirt.or.ke. IN NS
;; ANSWER SECTION:
csirt.or.ke. 3600 IN NS ole.kenic.or.ke.
csirt.or.ke. 3600 IN NS puck.nether.net.
;; ADDITIONAL SECTION:
ole.kenic.or.ke. 38400 IN A 198.32.67.19
puck.nether.net. 169961 IN A 204.42.254.5
;; Query time: 1 msec
;; SERVER: 198.32.67.19#53(198.32.67.19)
;; WHEN: Mon Apr 10 16:51:32 2006
;; MSG SIZE rcvd: 114
However when i use the +trace -x option it fails.
On using TCP Dump on the Web Server to establish the ongoing results i
get the following.
www# tcpdump -v net 198.32.67.19
tcpdump: listening on em0
16:53:50.888504 www.2064 > ole.domain: [bad udp cksum 8384!] 19195 NS?
. (17) (ttl 64, id 4065, len 45)
16:53:50.889378 ole.domain > www.2064: 19195 13/0/13 . NS
F.ROOT-SERVERS.NET., .[|domain] (ttl 64, id 41430, len 464)
16:53:50.892459 www.4510 > ole.domain: [bad udp cksum 8068!] 52686+
AAAA? F.ROOT-SERVERS.NET. (36) (ttl 64, id 4081, len 64)
16:53:50.892773 ole.domain > www.4510: 52686 0/1/0 (96) (ttl 64, id
41431, len 124)
16:53:50.892869 www.3875 > ole.domain: [bad udp cksum 156b!] 52687+ A?
F.ROOT-SERVERS.NET. (36) (ttl 64, id 4082, len 64)
16:53:50.893302 ole.domain > www.3875: 52687 1/4/3 F.ROOT-SERVERS.NET.
A f.root-servers.net (162) (ttl 64, id 41432, len 190)
16:53:50.945839 www.4249 > ole.domain: [bad udp cksum c004!] 14958+
PTR? 241.5.5.192.in-addr.arpa. (42) (ttl 64, id 4089, len 70)
16:53:51.894865 www.3012 > ole.domain: [bad udp cksum 576e!] 52688+
AAAA? G.ROOT-SERVERS.NET. (36) (ttl 64, id 4090, len 64)
16:53:51.895263 ole.domain > www.3012: 52688 0/1/0 (96) (ttl 64, id
41460, len 124)
16:53:51.895328 www.4237 > ole.domain: [bad udp cksum a869!] 52689+ A?
G.ROOT-SERVERS.NET. (36) (ttl 64, id 4091, len 64)
16:53:51.895791 ole.domain > www.4237: 52689 1/4/4 G.ROOT-SERVERS.NET.
A G.ROOT-SERVERS.NET (180) (ttl 64, id 41461, len 208)
16:53:52.904882 www.2230 > ole.domain: [bad udp cksum 6271!] 52690+
AAAA? H.ROOT-SERVERS.NET. (36) (ttl 64, id 4093, len 64)
16:53:52.905216 ole.domain > www.2230: 52690 0/1/0 (96) (ttl 64, id
41474, len 124)
16:53:52.905281 www.1679 > ole.domain: [bad udp cksum a373!] 52691+ A?
H.ROOT-SERVERS.NET. (36) (ttl 64, id 4094, len 64)
16:53:52.905734 ole.domain > www.1679: 52691 1/4/4 H.ROOT-SERVERS.NET.
A h.root-servers.net (180) (ttl 64, id 41475, len 208)
16:53:52.931382 ole.domain > www.4249: 14958 1/4/3
241.5.5.192.in-addr.arpa. PTR[|domain] (ttl 64, id 41476, len 256)
16:53:53.914895 www.3929 > ole.domain: [bad udp cksum bc6a!] 52692+
AAAA? I.ROOT-SERVERS.NET. (36) (ttl 64, id 4097, len 64)
16:53:53.915259 ole.domain > www.3929: 52692 0/1/0 (96) (ttl 64, id
41477, len 124)
16:53:53.915322 www.1655 > ole.domain: [bad udp cksum b873!] 52693+ A?
I.ROOT-SERVERS.NET. (36) (ttl 64, id 4098, len 64)
16:53:53.915780 ole.domain > www.1655: 52693 1/4/4 I.ROOT-SERVERS.NET.
A i.root-servers.net (180) (ttl 64, id 41478, len 208)
16:53:53.925286 www.2522 > ole.domain: [bad udp cksum c49!] 14959+ PTR?
4.36.112.192.in-addr.arpa. (43) (ttl 64, id 4104, len 71)
16:53:54.924914 www.2910 > ole.domain: [bad udp cksum b46e!] 52694+
AAAA? J.ROOT-SERVERS.NET. (36) (ttl 64, id 4105, len 64)
16:53:54.926089 ole.domain > www.2910: 52694 0/1/0 (96) (ttl 64, id
43554, len 124)
16:53:54.926154 www.1737 > ole.domain: [bad udp cksum 6373!] 52695+ A?
J.ROOT-SERVERS.NET. (36) (ttl 64, id 4106, len 64)
16:53:54.927441 ole.domain > www.1737: 52695 1/4/3 J.ROOT-SERVERS.NET.
A j.root-servers.net (162) (ttl 64, id 43564, len 190)
16:53:55.934906 www.3470 > ole.domain: [bad udp cksum 816c!] 52696+
AAAA? K.ROOT-SERVERS.NET. (36) (ttl 64, id 4108, len 64)
16:53:55.935267 ole.domain > www.3470: 52696 0/1/0 (96) (ttl 64, id
46927, len 124)
16:53:55.935332 www.2580 > ole.domain: [bad udp cksum 1570!] 52697+ A?
K.ROOT-SERVERS.NET. (36) (ttl 64, id 4109, len 64)
16:53:55.935779 ole.domain > www.2580: 52697 1/4/3 K.ROOT-SERVERS.NET.
A k.root-servers.net (162) (ttl 64, id 46928, len 190)
16:53:58.934800 www.4387 > ole.domain: [bad udp cksum c341!] 14959+
PTR? 4.36.112.192.in-addr.arpa. (43) (ttl 64, id 4111, len 71)
16:54:01.069636 ole.domain > www.2522: 14959 1/6/3
4.36.112.192.in-addr.arpa. (251) (ttl 64, id 47002, len 279)
16:54:01.069657 www > ole: icmp: www udp port 2522 unreachable (ttl 64,
id 4113, len 56)
16:54:01.069934 ole.domain > www.4387: 14959 1/6/3
4.36.112.192.in-addr.arpa. (251) (ttl 64, id 47003, len 279)
16:54:01.070646 www.4170 > ole.domain: [bad udp cksum 68a8!] 14960+
PTR? 53.2.63.128.in-addr.arpa. (42) (ttl 64, id 4118, len 70)
16:54:04.916713 ole.domain > www.4170: 14960 1/3/3
53.2.63.128.in-addr.arpa. PTR[|domain] (ttl 64, id 47115, len 215)
16:54:04.917530 www.3955 > ole.domain: [bad udp cksum 96a!] 14961+ PTR?
17.148.36.192.in-addr.arpa. (44) (ttl 64, id 4127, len 72)
16:54:07.539991 ole.domain > www.3955: 14961 1/4/3
17.148.36.192.in-addr.arpa. (228) (ttl 64, id 47203, len 256)
16:54:08.535672 www.3688 > ole.domain: [bad udp cksum 1170!] 14962+
PTR? 30.128.58.192.in-addr.arpa. (44) (ttl 64, id 4135, len 72)
16:54:13.545000 www.oceansoft-lm > ole.domain: [bad udp cksum bf78!]
14962+ PTR? 30.128.58.192.in-addr.arpa. (44) (ttl 64, id 4139, len 72)
16:54:14.064237 ole.domain > www.3688: 14962 1/7/0
30.128.58.192.in-addr.arpa. (204) (ttl 64, id 47506, len 232)
16:54:14.064260 www > ole: icmp: www udp port 3688 unreachable (ttl 64,
id 4141, len 56)
16:54:14.064534 ole.domain > www.oceansoft-lm: 14962 1/7/0
30.128.58.192.in-addr.arpa. (204) (ttl 64, id 47507, len 232)
16:54:14.065240 www.3060 > ole.domain: [bad udp cksum ed46!] 14963+
PTR? 129.14.0.193.in-addr.arpa. (43) (ttl 64, id 4146, len 71)
16:54:15.621959 ole.domain > www.3060: 14963 1/2/4
129.14.0.193.in-addr.arpa. (210) (ttl 64, id 47771, len 238)
16:54:21.065624 www.4430 > ole.domain: [bad udp cksum 6dbe!] 2003 NS? .
(17) (ttl 64, id 4166, len 45)
16:54:21.066477 ole.domain > www.4430: 2003 13/0/13 . NS
B.ROOT-SERVERS.NET., .[|domain] (ttl 64, id 48142, len 464)
16:54:21.068477 www.1844 > ole.domain: [bad udp cksum e272!] 52698+
AAAA? B.ROOT-SERVERS.NET. (36) (ttl 64, id 4185, len 64)
16:54:21.068797 ole.domain > www.1844: 52698 0/1/0 (96) (ttl 64, id
48143, len 124)
16:54:21.068861 www.1200 > ole.domain: [bad udp cksum 8075!] 52699+ A?
B.ROOT-SERVERS.NET. (36) (ttl 64, id 4186, len 64)
16:54:21.069306 ole.domain > www.1200: 52699 1/4/4 B.ROOT-SERVERS.NET.
A b.root-servers.net (180) (ttl 64, id 48144, len 208)
16:54:21.615832 www.2961 > ole.domain: [bad udp cksum 160b!] 14964+
PTR? 201.79.228.192.in-addr.arpa. (45) (ttl 64, id 4193, len 73)
16:54:22.075268 www.2789 > ole.domain: [bad udp cksum 2e6f!] 52700+
AAAA? C.ROOT-SERVERS.NET. (36) (ttl 64, id 4194, len 64)
16:54:22.075690 ole.domain > www.2789: 52700 0/1/0 (96) (ttl 64, id
48386, len 124)
16:54:22.075751 www.4638 > ole.domain: [bad udp cksum f68!] 52701+ A?
C.ROOT-SERVERS.NET. (36) (ttl 64, id 4195, len 64)
16:54:22.076209 ole.domain > www.4638: 52701 1/4/4 C.ROOT-SERVERS.NET.
A c.root-servers.net (180) (ttl 64, id 48387, len 208)
16:54:23.070593 ole.domain > www.2961: 14964 1/3/1
201.79.228.192.in-addr.arpa. (171) (ttl 64, id 49038, len 199)
16:54:23.085307 www.2003 > ole.domain: [bad udp cksum 3d72!] 52702+
AAAA? D.ROOT-SERVERS.NET. (36) (ttl 64, id 4198, len 64)
16:54:23.085656 ole.domain > www.2003: 52702 0/1/0 (96) (ttl 64, id
49039, len 124)
16:54:23.085715 www.4492 > ole.domain: [bad udp cksum 9e68!] 52703+ A?
D.ROOT-SERVERS.NET. (36) (ttl 64, id 4199, len 64)
16:54:23.086165 ole.domain > www.4492: 52703 1/4/4 D.ROOT-SERVERS.NET.
A d.root-servers.net (180) (ttl 64, id 49040, len 208)
16:54:24.065776 www.2200 > ole.domain: [bad udp cksum 1fab!] 14965+
PTR? 12.4.33.192.in-addr.arpa. (42) (ttl 64, id 4205, len 70)
16:54:24.095286 www.2985 > ole.domain: [bad udp cksum 646e!] 52704+
AAAA? E.ROOT-SERVERS.NET. (36) (ttl 64, id 4206, len 64)
16:54:24.095681 ole.domain > www.2985: 52704 0/1/0 (96) (ttl 64, id
49117, len 124)
etc......
I cant seem to figure out what is the problem with this machine.
External connectivity is fine as using lynx i can browse sites.
Any help/pointers will be highly appreciated.
Regards,
More information about the afnog
mailing list