seren wrote:
Hi, I've run into some strange issues with BIND and CNAMES.

        The examples you show indicate strange issues only with
        whatever name server code is running on your localhost.
        Nothing in your examples actually identify this as BIND.

We're using BIND9 (on Ubuntu)
internally and have our external DNS hosted by NetworkSolutions. Occasionally 
I'll be able
to create a CNAME in NetworkSolutions that BIND is unable to resolve.

Using dig I notice it's doing a query for an A record,

        This is the record type use by dig in default of a specific
        type on the command line.

and in most cases this works even
if the entry is a CNAME. In the cases where it fails, I see either a timeout 
error or a
SERVFAIL.

        Your local instance of named is respectively either not
        responding, or reporting an error.

        Have you looked in your logs for more information?
        Have you tried 'dig +trace'?

If I then do a dig query specifying a CNAME, I get a quick successful result
and subsequent queries to BIND succeed, until the record expires from the cache.

The records that fail don't seem to have anything in common besides them all 
being
CNAMES and longer names seeming to fail more. Both BIND9 and two windows-based 
DNS
servers fail with the exact same records, however Google (8.8.8.8) and several 
other
public DNS services resolve them fine.

        I think you need to ask what's different between (on the one
        hand) your "BIND9" and windows-based name servers and (on the
        other) name servers which you tell us work: if not in the
        configuration, then in the environment.

        Are all of your "failing" name servers behind the same firewall?
        If so, does the firewall allow DNS queries and responses over
        TCP as well as UDP?  Does the firewall perhaps break "long"
        responses?  I ask because I've noticed some truncation
        and fallback to TCP when I use 'dig +trace' to query for one of
        the names you've mentioned as failing.


        Best regards,

        Niall O'Reilly
        University College Dublin IT Services

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to