[OT] Bonehead DNS question

Bill Hacker wbh at conducive.org
Thu Oct 19 06:00:35 PDT 2006 

JB wrote:

This got a bit long.  My apologies to those not interested.

In <4536e79f$0$788$415eb37d at xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
walt  <wa1ter at xxxxxxxxxxxxx> shouted to everyone in earshot,
Using a packet sniffer, I can see that my server fetches the
names of at least four backup servers at BBC -- but then my
server insists on resolving those names by using the primary
server which is *down*, and so the whole effort fails.


What's your nameserver software and version?  Care to post (or e-mail
to me) your named.conf if it's BIND?  (Just the global settings and
such probably don't need any zones you have configured, unless one of
them is bbc.co.uk or bbc.net.uk. =) )  Is your nameserver reachable
from the Internet?  If so, do I have your permission to run some
queries against it?  You can e-mail me its IP address if you'd rather
not post it.
I have a virtually identical problem, no doubt for the same reason, almost eery 
day, as I relay on 'news.bbc.co.uk'.

Likewise I can help (from HKG or Zurich) if it is MaraDNS (which, AFAIK uses the 
same record-types as the perhaps more common djbdns).

I'm seeing some sort of weird stuff, too.  I used to consider myself
quite knowledgable in DNS matters, but the dwindling of my youthful
conceit combined with my decreasing effort to keep up with more than
basic DNS practises has me wondering if what I'm seeing is truly odd
or sort of normal.  So I'll post it here in case anyone more clueful
than me can see what's going on.
Try the '-v' flag

(FreeBSD 4.11, Zurich)

su-2.05b# host -v www.bbc.co.uk
Trying null domain
rcode = 0 (Success), ancount=2
The following answer is not authoritative:
The following answer is not verified as authentic by the server:
www.bbc.co.uk   900 IN  CNAME   www.bbc.net.uk
www.bbc.net.uk  300 IN  A       212.58.224.36
rcode = 0 (Success), ancount=1
The following answer is not authoritative:
The following answer is not verified as authentic by the server:
www.bbc.net.uk  300 IN  A       212.58.224.36
(newer - FreeBSD 6.2 Hong Kong)

triligon# host -v www.bbc.co.uk
Trying "www.bbc.co.uk"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32519
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.bbc.co.uk.                 IN      A
;; ANSWER SECTION:
www.bbc.co.uk.          257     IN      CNAME   www.bbc.net.uk.
www.bbc.net.uk.         300     IN      A       212.58.227.74
;; AUTHORITY SECTION:
bbc.net.uk.             161127  IN      NS      ns0.thny.bbc.co.uk.
bbc.net.uk.             161127  IN      NS      ns0.thdo.bbc.co.uk.
;; ADDITIONAL SECTION:
ns0.thdo.bbc.co.uk.     74727   IN      A       212.58.224.20
ns0.thny.bbc.co.uk.     74729   IN      A       212.58.240.20
Received 151 bytes from 203.194.239.32#53 in 234 ms
Trying "www.bbc.co.uk"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6150
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.bbc.co.uk.                 IN      AAAA
;; ANSWER SECTION:
www.bbc.co.uk.          257     IN      CNAME   www.bbc.net.uk.
Received 57 bytes from 203.194.239.32#53 in 235 ms
Trying "www.bbc.co.uk"
Host www.bbc.co.uk not found: 2(SERVFAIL)
Received 31 bytes from 203.194.239.32#53 in 547 ms
-------
triligon# host -v news.bbc.co.uk
Trying "news.bbc.co.uk"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1616
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;news.bbc.co.uk.                        IN      A
;; ANSWER SECTION:
news.bbc.co.uk.         900     IN      CNAME   newswww.bbc.net.uk.
newswww.bbc.net.uk.     300     IN      A       212.58.226.33
;; AUTHORITY SECTION:
bbc.net.uk.             161862  IN      NS      ns0.thny.bbc.co.uk.
bbc.net.uk.             161862  IN      NS      ns0.thdo.bbc.co.uk.
;; ADDITIONAL SECTION:
ns0.thdo.bbc.co.uk.     75462   IN      A       212.58.224.20
ns0.thny.bbc.co.uk.     75464   IN      A       212.58.240.20
Received 156 bytes from 203.194.239.32#53 in 462 ms
Trying "news.bbc.co.uk"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22344
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;news.bbc.co.uk.                        IN      AAAA
;; ANSWER SECTION:
news.bbc.co.uk.         899     IN      CNAME   newswww.bbc.net.uk.
Received 62 bytes from 203.194.239.32#53 in 229 ms
Trying "news.bbc.co.uk"
Host news.bbc.co.uk not found: 2(SERVFAIL)
Received 32 bytes from 203.194.239.32#53 in 545 ms
------
triligon# host -v bbc.net.uk
Trying "bbc.net.uk"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50727
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;bbc.net.uk.                    IN      A
;; ANSWER SECTION:
bbc.net.uk.             300     IN      A       212.58.226.232
;; AUTHORITY SECTION:
bbc.net.uk.             160971  IN      NS      ns0.thdo.bbc.co.uk.
bbc.net.uk.             160971  IN      NS      ns0.thny.bbc.co.uk.
;; ADDITIONAL SECTION:
ns0.thdo.bbc.co.uk.     74571   IN      A       212.58.224.20
ns0.thny.bbc.co.uk.     74573   IN      A       212.58.240.20
Received 129 bytes from 203.194.239.32#53 in 235 ms
Trying "bbc.net.uk"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29543
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bbc.net.uk.                    IN      AAAA
Received 28 bytes from 203.194.239.32#53 in 229 ms
Trying "bbc.net.uk"
Host bbc.net.uk not found: 2(SERVFAIL)
Received 28 bytes from 203.194.239.32#53 in 554 ms

$ host www.bbc.co.uk
www.bbc.co.uk is an alias for www.bbc.net.uk.
www.bbc.net.uk has address 212.58.224.87
www.bbc.co.uk is an alias for www.bbc.net.uk.
Host www.bbc.co.uk not found: 2(SERVFAIL)
Output is identical every time I run that command.  I'm guessing
'host' is sending out four queries and hitting the down nameserver for
one of them.
$ host www.bbc.net.uk
www.bbc.net.uk has address 212.58.224.124
Host www.bbc.net.uk not found: 2(SERVFAIL)
That seems a little stranger, because I clearly *do* get an answer.
Using 'dig', I get an answer and no error.  This is 'host' from BIND
9.3.2-p1, built as part of recent FreeBSD 6-STABLE (6.2-PRERELEASE).
named is running under OpenBSD 3.4, BIND 9.2.2.  Same general
behaviour from BIND 9.3.1 host/named under FreeBSD 5.4-RELEASE.
$ dig in ns bbc.co.uk
[...]
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bbc.net.uk.                    IN      NS
If I try that a few times, I eventually get an answer, which is then
cached by my nameserver.
$ dig in ns bbc.net.uk
[...]
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bbc.net.uk.                    IN      NS
Haven't gotten an answer for this one yet.  I assume both of these are
also related to the down nameserver.
$ dig in a www.bbc.net.uk
[...]
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.bbc.net.uk.                        IN      A
;; ANSWER SECTION:
www.bbc.net.uk.         296     IN      A       212.58.224.125
;; AUTHORITY SECTION:
bbc.net.uk.             172796  IN      NS      ns0.thdo.bbc.co.uk.
bbc.net.uk.             172796  IN      NS      ns0.thny.bbc.co.uk.
;; ADDITIONAL SECTION:
ns0.thdo.bbc.co.uk.     84601   IN      A       212.58.224.20
ns0.thny.bbc.co.uk.     84601   IN      A       212.58.240.20
...Despite the fact that I can't dig my local nameserver for the
bbc.net.uk nameservers, I still get the list as glue.  And that
situation is reproducible with any combination of nameserver and unix
tools on machines I operate.
Ex HKG:

triligon# host -v bbc.net.uk
Trying "bbc.net.uk"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50727
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;bbc.net.uk.                    IN      A
;; ANSWER SECTION:
bbc.net.uk.             300     IN      A       212.58.226.232
;; AUTHORITY SECTION:
bbc.net.uk.             160971  IN      NS      ns0.thdo.bbc.co.uk.
bbc.net.uk.             160971  IN      NS      ns0.thny.bbc.co.uk.
;; ADDITIONAL SECTION:
ns0.thdo.bbc.co.uk.     74571   IN      A       212.58.224.20
ns0.thny.bbc.co.uk.     74573   IN      A       212.58.240.20
Received 129 bytes from 203.194.239.32#53 in 235 ms
Trying "bbc.net.uk"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29543
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bbc.net.uk.                    IN      AAAA
Received 28 bytes from 203.194.239.32#53 in 229 ms
Trying "bbc.net.uk"
Host bbc.net.uk not found: 2(SERVFAIL)
Received 28 bytes from 203.194.239.32#53 in 554 ms
'SERVFAIL'

Of course, digging at the nameservers in the NS records for both those
domains results in an immediate answer unless it's the one down
nameserver, ns1.bbc.co.uk.  bbc.net.uk's two nameservers are also two
of the operational nameservers for bbc.co.uk.
Anyway, I have no clear idea of your problem, but if you're not
running BIND named, perhaps what you're running has a quirk or bug of
some sort.  I would think that most nameservers' caching behaviour is
sane out-of-the-box, but I have little experience outside of BIND.  I
can load up the web site in question as well, even though ns1 is
apparently down.
I hope this at least sheds some light on the problem for someone here
who knows more about this sort of thing.
Jeff

More information about the Users mailing list