BIND incompatibility
Yar Tikhiy
yar at comp.chem.msu.su
Sun Mar 5 11:19:49 UTC 2006
On Sun, Mar 05, 2006 at 12:10:51AM -0800, Doug Barton wrote:
> Yar Tikhiy wrote:
> > Hi there,
> >
> > Just want to remind about a problem I've finally run into myself.
> > There has been a lot of gossip on it, but next to no tech details.
> > Namely, BIND8 will go nuts and spit out tons of error messages per
> > second if its forwarder happens to be BIND9 and "forwarders only"
> > is not in effect. The error message reads:
> >
> > sysquery: no addrs found for root NS
> >
> > I saw that after two my DNS servers had been upgraded today along
> > their respective branches, 4-STABLE and 6-STABLE, which had involved
> > no changes to named.conf or named.root.
> >
> > Has anybody got links to tech details why the trouble happens?
> > Sorry, today I had little time for debugging and tcpdumping, just
> > had to make sure it all worked by the end of the day :-)
>
> Not 100% sure from your description, but it's possible that you're falling
> victim to the problem described here:
>
> http://www.isc.org/index.pl?/sw/bind/bind8.php
My case was exactly opposite: BIND8 was trying to forward its
requests to BIND9. In other words, my BIND8 was an originator while
my BIND9 was acting as a proxy. I think this case was also mentioned
in numerous discussions about the plague of "sysquery: no addrs found".
As soon as the BIND8 started at system boot and apparently tried
to get up-to-date data on root nameservers through its forwarder,
it immediately began to overflow the console and /var/log/messages
with the said messages, looping very fast over the list of root
nameservers, but mentioning them in a different order each time.
By now, I have just noticed that my BIND8 and BIND9 will return
rather different authority and additional sections in their replies
when asked about, e.g., b.root-servers.net. That is, they must
have quite different notions of the root zone. Now they both are
running in stand-alone mode, i.e., with no forwarders configured
at all. The output from dig(1) is attached below for illustration.
--
Yar
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
yar at bsd:~$dig version.bind. chaos txt @158.250.32.97
; <<>> DiG 8.3 <<>> version.bind. chaos txt @158.250.32.97
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; version.bind, type = TXT, class = CHAOS
;; ANSWER SECTION:
VERSION.BIND. 0S CHAOS TXT "8.3.7-REL"
;; Total query time: 1 msec
;; FROM: bsd.chem.msu.ru to SERVER: 158.250.32.97
;; WHEN: Sun Mar 5 13:54:15 2006
;; MSG SIZE sent: 30 rcvd: 64
yar at bsd:~$dig b.root-servers.net. @158.250.32.97
; <<>> DiG 8.3 <<>> b.root-servers.net. @158.250.32.97
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54593
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
;; QUERY SECTION:
;; b.root-servers.net, type = A, class = IN
;; ANSWER SECTION:
b.root-servers.net. 6d7h23m28s IN A 192.228.79.201
;; AUTHORITY SECTION:
net. 1d7h23m29s IN NS A.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS G.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS H.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS C.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS I.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS B.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS D.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS L.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS F.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS J.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS K.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS E.GTLD-SERVERS.net.
net. 1d7h23m29s IN NS M.GTLD-SERVERS.net.
;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net. 1d7h23m29s IN A 192.5.6.30
A.GTLD-SERVERS.net. 1d7h23m29s IN AAAA 2001:503:a83e::2:30
G.GTLD-SERVERS.net. 1d7h23m29s IN A 192.42.93.30
H.GTLD-SERVERS.net. 1d7h23m29s IN A 192.54.112.30
C.GTLD-SERVERS.net. 1d7h23m29s IN A 192.26.92.30
I.GTLD-SERVERS.net. 1d7h23m29s IN A 192.43.172.30
B.GTLD-SERVERS.net. 1d7h23m29s IN A 192.33.14.30
B.GTLD-SERVERS.net. 1d7h23m29s IN AAAA 2001:503:231d::2:30
D.GTLD-SERVERS.net. 1d7h23m29s IN A 192.31.80.30
L.GTLD-SERVERS.net. 1d7h23m29s IN A 192.41.162.30
F.GTLD-SERVERS.net. 1d7h23m29s IN A 192.35.51.30
J.GTLD-SERVERS.net. 1d7h23m29s IN A 192.48.79.30
K.GTLD-SERVERS.net. 1d7h23m29s IN A 192.52.178.30
;; Total query time: 22 msec
;; FROM: bsd.chem.msu.ru to SERVER: 158.250.32.97
;; WHEN: Sun Mar 5 13:52:58 2006
;; MSG SIZE sent: 36 rcvd: 505
yar at bsd:~$dig version.bind. chaos txt @195.208.208.18
; <<>> DiG 8.3 <<>> version.bind. chaos txt @195.208.208.18
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51891
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; version.bind, type = TXT, class = CHAOS
;; ANSWER SECTION:
version.bind. 0S CHAOS TXT "9.3.2"
;; AUTHORITY SECTION:
version.bind. 0S CHAOS NS version.bind.
;; Total query time: 1 msec
;; FROM: bsd.chem.msu.ru to SERVER: 195.208.208.18
;; WHEN: Sun Mar 5 13:55:22 2006
;; MSG SIZE sent: 30 rcvd: 62
yar at bsd:~$dig b.root-servers.net. @195.208.208.18
; <<>> DiG 8.3 <<>> b.root-servers.net. @195.208.208.18
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20927
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; QUERY SECTION:
;; b.root-servers.net, type = A, class = IN
;; ANSWER SECTION:
b.root-servers.net. 6d9h46m6s IN A 192.228.79.201
;; AUTHORITY SECTION:
root-servers.net. 6d9h45m30s IN NS f.root-servers.net.
root-servers.net. 6d9h45m30s IN NS j.root-servers.net.
root-servers.net. 6d9h45m30s IN NS k.root-servers.net.
root-servers.net. 6d9h45m30s IN NS A.root-servers.net.
;; ADDITIONAL SECTION:
A.root-servers.net. 6d9h45m30s IN A 198.41.0.4
;; Total query time: 1 msec
;; FROM: bsd.chem.msu.ru to SERVER: 195.208.208.18
;; WHEN: Sun Mar 5 13:55:44 2006
;; MSG SIZE sent: 36 rcvd: 132
More information about the freebsd-net
mailing list