Jared Empson Systems Administrator Zito Media 814.260.9450
On Aug 6, 2014, at 7:28 PM, Mark Andrews <ma...@isc.org> wrote: > > In message <3a1ebfdb-a033-4e07-be61-9f6ba6916...@zitomedia.com>, Jared Empson > w > rites: >> >> I manage a small group of cache only servers for an ISP. We run Bind 9.7 > > You run BIND 9.7.0 and haven't applied any of the maintainence releases > to BIND 9.7. I just updated the bind instance with the Ubuntu Lucid packages so I’m running version BIND 9.7.0-P1. > >> and have noticed that several domains our customers would like to access >> are unavailable from our cache servers. These same domains work on other >> provider networks such as Verizon or Google. > > In BIND 9.7.0 we restored the code to skip to non authorative answers > from supposedly authorative servers having fixed a bug in named. > Unfortunately there are some zones for which all the servers are > broken and don't return authorative (aa=1) answers. > > BIND 9.7.1 reversed the change to skip non authorative answers > despite it being technically correct. Do you suggest we upgrade to bind version 9.7.1? > >> What I have found is that these domains all have misconfigured glue >> records. This could be cause by a recent change of registrar or a >> misconfigured zone file pointing to NS records that no longer exist as >> glue records. Because of this any query of a host from these domains >> receive a non-authoratative response and are dropped by our cache servers. >> >> How do I configure the cache server to accept the non-authoritative >> response to provide our customers access to these domains with out >> forwarding to Google's caching servers? > > >> An example domain is losscontrol360.com. >> What our customers receive: >> ; <<>> DiG 9.8.3-P1 <<>> losscontrol360.com >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31462 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;losscontrol360.com. IN A >> >> ;; Query time: 1380 msec >> ;; SERVER: 10.100.2.11#53(10.100.2.11) >> ;; WHEN: Wed Aug 6 16:00:55 2014 >> ;; MSG SIZE rcvd: 36 >> >> What our cache server receives: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38342 >> ;; flags: qr ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags: do; udp: 1280 >> ;; QUESTION SECTION: >> ;losscontrol360.com. IN A >> >> ;; ANSWER SECTION: >> losscontrol360.com. 173 IN A 74.208.98.80 >> >> What Google provides: >> ; <<>> DiG 9.8.3-P1 <<>> losscontrol360.com @8.8.8.8 >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17193 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;losscontrol360.com. IN A >> >> ;; ANSWER SECTION: >> losscontrol360.com. 586 IN A 74.208.98.80 >> >> ;; Query time: 174 msec >> ;; SERVER: 8.8.8.8#53(8.8.8.8) >> ;; WHEN: Wed Aug 6 16:01:07 2014 >> ;; MSG SIZE rcvd: 52 >> >> Jared Empson >> Systems Administrator >> Zito Media > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users