Hi Bind Users, Currently drained my brain troubleshooting where could be the cause of my issue on one of our Authoritative DNS server. When querying a CNAME directly to the server, where a CNAME is pointed to an external domain, results failed with timeout error and no server could be reached.
*; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> book.cebupacificair.com <http://book.cebupacificair.com> @dns1.globenet.com.ph <http://dns1.globenet.com.ph>;; global options: +cmd;; connection timed out; no servers could be reached* Server logs produce 3 query log then show a query failed (timed out); *client @0x7fd9ac0908d0 x.x.x.x#51579 (book.cebupacificair.com <http://book.cebupacificair.com>): query: book.cebupacificair.com <http://book.cebupacificair.com> IN A +E(0) (203.177.255.10)client @0x7fd9a4484080 x.x.x.x#51579 (book.cebupacificair.com <http://book.cebupacificair.com>): query: book.cebupacificair.com <http://book.cebupacificair.com> IN A +E(0) (203.177.255.10)client @0x7fd9a4481cb0 x.x.x.x#51579 (book.cebupacificair.com <http://book.cebupacificair.com>): query: book.cebupacificair.com <http://book.cebupacificair.com> IN A +E(0) (203.177.255.10)* *client @0x7fd9ac0908d0 x.x.x.x#51579 (book.cebupacificair.com <http://book.cebupacificair.com>): query failed (timed out) for book.cebupacificair.com/IN/A <http://book.cebupacificair.com/IN/A> at query.c:6786* But when i send a query with *+norecurse* option, results is successful. *dig +norecurse book.cebupacificair.com <http://book.cebupacificair.com> @dns1.globenet.com.ph <http://dns1.globenet.com.ph>; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> +norecurse book.cebupacificair.com <http://book.cebupacificair.com> @dns1.globenet.com.ph <http://dns1.globenet.com.ph>;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19755;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;book.cebupacificair.com <http://book.cebupacificair.com>. IN A;; ANSWER SECTION:book.cebupacificair.com <http://book.cebupacificair.com>. 1200 IN CNAME book.cebupacair.cust.lldns.net <http://book.cebupacair.cust.lldns.net>.;; AUTHORITY SECTION:lldns.net <http://lldns.net>. 171335 IN NS ns1.lldns.net <http://ns1.lldns.net>.lldns.net <http://lldns.net>. 171335 IN NS ns2.lldns.net <http://ns2.lldns.net>.;; ADDITIONAL SECTION:ns1.lldns.net <http://ns1.lldns.net>. 149880 IN A 208.111.184.11ns2.lldns.net <http://ns2.lldns.net>. 93416 IN A 208.111.184.12ns1.lldns.net <http://ns1.lldns.net>. 93416 IN AAAA 2607:f4e8:ac:1::11ns2.lldns.net <http://ns2.lldns.net>. 93416 IN AAAA 2607:f4e8:ac:1::12;; Query time: 1 msec;; SERVER: 203.177.255.10#53(203.177.255.10);; WHEN: Wed Jul 03 03:36:21 EDT 2019;; MSG SIZE rcvd: 229* This is the named.conf options; *options { directory "/var/namedb"; version "Query Not Allowed."; allow-recursion { globenet; }; recursive-clients 1000000; allow-query-cache { globenet; }; allow-query { any; }; tcp-clients 5000; blackhole { bogusnet; }; pid-file "/var/local/bind/var/run/named.pid"; zone-statistics yes; statistics-file "/var/namedb/named.stats";};* Bind version is 9.14.2 The "globenet" group are the list of IPs we allowed for recursion. And this issue happens only on the CNAME record with external domain. Thank you in advance. Regards, *Wil Sarmiento* -- This e-mail message (including attachments, if any) is intended for the use of the individual or the entity to whom it is addressed and may contain information that is privileged, proprietary, confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender and delete this E-mail message immediately.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
