Re: when i check resolver.log just now , i found some error info about AAAA ( ipv6)
Just another broken nameserver that doesn't handle queries correctly. It answers authoritatively for dlb.g5.letvlb.com/A but returns a referral for dlb.g5.letvlb.com/ with unrelated additional records. Mark % dig dlb.g5.letvlb.com @106.38.226.245 ; <<>> DiG 9.11.0a1 <<>> dlb.g5.letvlb.com @106.38.226.245 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61581 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;dlb.g5.letvlb.com. IN A ;; ANSWER SECTION: dlb.g5.letvlb.com. 600 IN A 123.59.122.228 ;; Query time: 359 msec ;; SERVER: 106.38.226.245#53(106.38.226.245) ;; WHEN: Wed Apr 13 14:16:20 EST 2016 ;; MSG SIZE rcvd: 68 % dig dlb.g5.letvlb.com @106.38.226.245 ; <<>> DiG 9.11.0a1 <<>> dlb.g5.letvlb.com @106.38.226.245 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;dlb.g5.letvlb.com. IN ;; AUTHORITY SECTION: dlb.g5.letvlb.com. 600 IN NS ns1.letvlb.com. dlb.g5.letvlb.com. 600 IN NS ns2.letvlb.com. dlb.g5.letvlb.com. 600 IN NS ns3.letvlb.com. ;; ADDITIONAL SECTION: au.ns1.letvlb.com. 600 IN A 111.206.208.224 au.ns2.letvlb.com. 600 IN A 106.38.226.245 au.ns3.letvlb.com. 600 IN A 117.121.2.237 ;; Query time: 492 msec ;; SERVER: 106.38.226.245#53(106.38.226.245) ;; WHEN: Wed Apr 13 14:16:25 EST 2016 ;; MSG SIZE rcvd: 269 % In message <570dc310.1060...@yahoo.com>, johnzeng writes: > > Hello Dear Sir : > > when i check resolver.log just now , i found some error info about > ( ipv6) > > although i search some helpful info from ask.com , but i can't find the > config file , maybe the reason is i compiled via source file ( > ./configure --prefix=/mydic ). > > Whether i need build the config file ? > > > > This of course won't stop bind from blindly trying to use ipv6 though, > so you also need to alter |/etc/default/bind9| like so: > > |# run resolvconf? > RESOLVCONF=yes > # startup options for the server > OPTIONS="-4 -u bind" > | > > > > > 13-Apr-2016 11:49:11.858 DNS format error from 106.38.226.245#53 > resolving dlb.g5.letvlb.com/ for client 127.0.0.1#53325: > non-improving referral > 13-Apr-2016 11:49:11.898 DNS format error from 111.206.208.224#53 > resolving dlb.g5.letvlb.com/ for client 127.0.0.1#53325: > non-improving referral > 13-Apr-2016 11:49:11.939 DNS format error from 117.121.2.237#53 > resolving dlb.g5.letvlb.com/ for client 127.0.0.1#53325: > non-improving referral > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
when i check resolver.log just now , i found some error info about AAAA ( ipv6)
Hello Dear Sir : when i check resolver.log just now , i found some error info about ( ipv6) although i search some helpful info from ask.com , but i can't find the config file , maybe the reason is i compiled via source file ( ./configure --prefix=/mydic ). Whether i need build the config file ? This of course won't stop bind from blindly trying to use ipv6 though, so you also need to alter |/etc/default/bind9| like so: |# run resolvconf? RESOLVCONF=yes # startup options for the server OPTIONS="-4 -u bind" | 13-Apr-2016 11:49:11.858 DNS format error from 106.38.226.245#53 resolving dlb.g5.letvlb.com/ for client 127.0.0.1#53325: non-improving referral 13-Apr-2016 11:49:11.898 DNS format error from 111.206.208.224#53 resolving dlb.g5.letvlb.com/ for client 127.0.0.1#53325: non-improving referral 13-Apr-2016 11:49:11.939 DNS format error from 117.121.2.237#53 resolving dlb.g5.letvlb.com/ for client 127.0.0.1#53325: non-improving referral ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind response to query's very small edns udp payload size
In article, John Wobus wrote: > What does bind try to do if the client specifies a udp size of less than 512? > Iâve been trying queries and here is what Iâve seen: >From RFC 6891: Values lower than 512 MUST be treated as equal to 512. https://tools.ietf.org/html/rfc6891#section-6.2.3 So I expect BIND obeys this. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind response to query's very small edns udp payload size
What does bind try to do if the client specifies a udp size of less than 512? I’ve been trying queries and here is what I’ve seen: I have a query that ordinarily receives a response with an answer section and an authority section, the response length being ~ 500. If I specify a udp size of 200, then I receive the same answer section, but minus the authority section. But the received length is greater than 200, and the tc flag is not set. (In contrast to this, if I try a different query that gets a truly long answer, specifying a udp size of 512, then I do get a response with the tc flag set and with no answer-section lines.) I’ve been looking at a customer's reported problem, testing scenarios and behavior that might explain it, so this is a bit of an academic question just to know what to expect from bind. The actual problem is likely (in my mind) to be a firewall or client configuration. FYI: $ ./named -v BIND 9.9.8-P4 (Extended Support Version) John Wobus Cornell University IT ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: whether squid application of the machine and the client will get different Name Resolution ( A records)at cdn ( balance or random ) environment .
Hello Graham: Thanks for your advisement , you are right , and i search full choice at options part again . and sortlist will be suitable way . but i have to write long config at sortlist Thanks again Have a good day with you . : > Hello Dear Sir : > > i have a question , i have run squid ( tproxy mode ) and bind9 at a same > machine , and dns server ip of full client is the machine ip too > > and when a client try to send dns request to the same machine and squid > application of the machine send same request to local machine ( same > > machine ) , i hope A record will be same . but maybe squid application > of the machine and the client will get different Name Resolution ( A > records) > > at cdn ( balance or random ) environment . > > > whether we can force BIND to realize same Name Resolution ( A records) , > i search named.conf detail and *found the command ***rrset-order fixed ) > *will be suitable *, but fixed will be support by BIND 8 , > > and i use BIND 9 now , if possible , please give me some advisement > > > Thanks > > John > > > > > root@linux:~# nslookup n.sinaimg.cn > ;; Truncated, retrying in TCP mode. > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Non-authoritative answer: > n.sinaimg.cn canonical name = nsinaimg.gslb.sinaedge.com. > nsinaimg.gslb.sinaedge.com canonical name = weibo.grid.sinaedge.com. > weibo.grid.sinaedge.com canonical name = sinaedge.lxdns.com. > sinaedge.lxdns.com canonical name = sinajs.xdwscache.ourglb0.com. > Name: sinajs.xdwscache.ourglb0.com > Address: 183.61.26.199 > Name: sinajs.xdwscache.ourglb0.com > Address: 14.215.100.95 > Name: sinajs.xdwscache.ourglb0.com > Address: 125.90.204.122 > Name: sinajs.xdwscache.ourglb0.com > Address: 183.58.18.36 > Name: sinajs.xdwscache.ourglb0.com > Address: 219.128.78.106 > Name: sinajs.xdwscache.ourglb0.com > Address: 183.57.28.209 > Name: sinajs.xdwscache.ourglb0.com > Address: 125.90.206.144 > Name: sinajs.xdwscache.ourglb0.com > Address: 183.6.245.177 > Name: sinajs.xdwscache.ourglb0.com > Address: 183.131.119.93 > Name: sinajs.xdwscache.ourglb0.com > Address: 116.211.251.76 > Name: sinajs.xdwscache.ourglb0.com > Address: 59.56.30.221 > Name: sinajs.xdwscache.ourglb0.com > Address: 14.215.100.94 > Name: sinajs.xdwscache.ourglb0.com > Address: 125.90.204.117 > Name: sinajs.xdwscache.ourglb0.com > Address: 183.6.245.191 > Name: sinajs.xdwscache.ourglb0.com > Address: 183.57.28.61 > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: whether squid application of the machine and the client will get different Name Resolution ( A records)at cdn ( balance or random ) environment .
Hi John, > whether we can force BIND to realize same Name Resolution ( A records) , > i search named.conf detail and *found the command ***rrset-order fixed ) > *will be suitable *, but fixed will be support by BIND 8 , > > and i use BIND 9 now , if possible , please give me some advisement Checking section 6.2.16.14 of the BIND 9.10 Administrators Reference Manual (https://www.isc.org/downloads/bind/doc/): -=- In this release of BIND 9, the rrset-order statement does not support ”fixed” ordering by default. Fixed ordering can be enabled at compile time by specifying ”–enable-fixed-rrset” on the ”configure” command line. -=- However, my reading of fixed ordering ('the order they are defined in the zone file') implies it can only work on an authoritative server that has a full copy of the zone. A server that is iterating will receive records in the order that the authoritative sorts them, and I don't see how the iterating server can reorder them against the zone file. sortlist (section 6.2.16.13 of 9.10) might be more appropriate, but it's scaled more towards continent-sized address blocks rather than reordering all answers lexicographically. Graham ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users