Re: Occasional problems resolving from capitalone.com

[Mark Andrews]

In message <d08daa78-9f6c-40be-894d-7d388cd51...@gronkulator.com>, Rich Goodson
 writes:
> Hi all,
> 
> I have some caching resolvers that are running BIND 9.4.3.  They  
> answer about 30k-ish recursive queries per second at peak hours.
> 
> Every couple of weeks or so, we get calls to customer support with  
> complaints that the www.capitalone.com web site is unavailable.

        Complain to capitalone.com.  wpex.capitalone.com is badly
        delegated.  The namesevers wpex.capitalone.com are delegated
        to are not configured to serve the zone wpex.capitalone.com,
        instead they are serving capitalone.com but not the version
        of the zone served by ns[123].capitalone.com.  Additionally
        the servers for wpex.capitalone.com don't have the address
        records for the nameservers for wpex.capitalone.com.

        Note the SOA record below is for capitalone.com not
        wpex.capitalone.com like it should be.

        Mark

; <<>> DiG 9.6.0-P1 <<>> +norec ns1-cardinal.wpex.capitalone.com. @208.80.48.74
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60944
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1-cardinal.wpex.capitalone.com. IN   A

;; AUTHORITY SECTION:
capitalone.com.         60      IN      SOA     cardinal01p.capitalone.com. 
hostmaster.cardinal01p.capitalone.com. 17 10800 3600 604800 60

;; Query time: 231 msec
;; SERVER: 208.80.48.74#53(208.80.48.74)
;; WHEN: Wed Jan 14 13:59:20 2009
;; MSG SIZE  rcvd: 109


> The CNAME for www.capitalone.com points to www.wpex.capitalone.com,  
> which is served out by a different set of name servers:
> wpex.capitalone.com.  3600    IN      NS      ns2-mockingbird.wpex.capitalone
> .com.
> wpex.capitalone.com.  3600    IN      NS      ns1-cardinal.wpex.capitalone.co
> m.
> those name servers are, apparently, occasionally unavailable, at least  
> from our network, and we end up with a negative cached record that I  
> suspect lasts 48 hours.
> 
> right now, I am doing a workaround with a shell script that looks  
> something like this (this is just a snippet, btw, not the full script):
> rndc dumpdb
> if [ `grep capitalone.com /var/dump/named_dump.db | grep -q  
> NXDOMAIN` ]; then
>       rndc flushname `grep capitalone.com | grep NXDOMAIN | awk '{print $1}'`
> 
> This may not be the only host/domain that we have occasional  
> difficulty with, but it's certainly the only one that has calls from  
> CS that get filtered down to me.  Is this something broken in our  
> resolvers, or is this (as I suspect) just a really wonky and somewhat  
> broken implementation on the part of capitalone.com?  Is anyone else  
> having difficulty with resolution of this domain?
> 
> Here's a dig from one of our name servers. (the dig is from my  
> workstation which has 9.4.2-P2 on it).
> 
> ; <<>> DiG 9.4.2-P2 <<>> +trace @wdmdc-dns1 www.capitalone.com
> ; (1 server found)
> ;; global options:  printcmd
> .                     242071  IN      NS      K.ROOT-SERVERS.NET.
> .                     242071  IN      NS      H.ROOT-SERVERS.NET.
> .                     242071  IN      NS      J.ROOT-SERVERS.NET.
> .                     242071  IN      NS      L.ROOT-SERVERS.NET.
> .                     242071  IN      NS      B.ROOT-SERVERS.NET.
> .                     242071  IN      NS      D.ROOT-SERVERS.NET.
> .                     242071  IN      NS      M.ROOT-SERVERS.NET.
> .                     242071  IN      NS      I.ROOT-SERVERS.NET.
> .                     242071  IN      NS      E.ROOT-SERVERS.NET.
> .                     242071  IN      NS      F.ROOT-SERVERS.NET.
> .                     242071  IN      NS      A.ROOT-SERVERS.NET.
> .                     242071  IN      NS      C.ROOT-SERVERS.NET.
> .                     242071  IN      NS      G.ROOT-SERVERS.NET.
> ;; Received 512 bytes from 12.207.232.47#53(12.207.232.47) in 17 ms
> 
> com.                  172800  IN      NS      K.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      C.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      A.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      M.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      L.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      J.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      D.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      I.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      F.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      G.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      B.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      E.GTLD-SERVERS.NET.
> com.                  172800  IN      NS      H.GTLD-SERVERS.NET.
> ;; Received 508 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 68  
> ms
> 
> capitalone.com.               172800  IN      NS      ns1.capitalone.com.
> capitalone.com.               172800  IN      NS      ns2.capitalone.com.
> capitalone.com.               172800  IN      NS      ns3.capitalone.com.
> ;; Received 138 bytes from 192.52.178.30#53(K.GTLD-SERVERS.NET) in 130  
> ms
> 
> www.capitalone.com.   120     IN      CNAME   www.wpex.capitalone.com.
> wpex.capitalone.com.  3600    IN      NS      ns2-mockingbird.wpex.capitalone
> .com.
> wpex.capitalone.com.  3600    IN      NS      ns1-cardinal.wpex.capitalone.co
> m.
> ;; Received 148 bytes from 199.244.214.107#53(ns3.capitalone.com) in  
> 42 ms
> 
>   -rich goodson
> 
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: mark_andr...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users