From owner-freebsd-current@FreeBSD.ORG Sun Oct 29 15:00:44 2006 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85C6116A40F; Sun, 29 Oct 2006 15:00:44 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6195B43D5D; Sun, 29 Oct 2006 15:00:43 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 26A3D386C67; Sun, 29 Oct 2006 15:00:13 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 18B1D1141D; Sun, 29 Oct 2006 16:00:42 +0100 (CET) Date: Sun, 29 Oct 2006 16:00:42 +0100 From: "Simon L. Nielsen" To: Hiroki Sato Message-ID: <20061029150041.GB1039@zaphod.nitro.dk> References: <20061027.025600.59733168.hrs@allbsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061027.025600.59733168.hrs@allbsd.org> User-Agent: Mutt/1.5.11 Cc: dougb@FreeBSD.org, ume@FreeBSD.org, kris@obsecurity.org, nork@FreeBSD.org, freebsd-current@FreeBSD.org, Joel@FreeBSD.org, itetcu@FreeBSD.org, leafy7382@gmail.com Subject: Re: Resolver not always resolving hostnames X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Oct 2006 15:00:44 -0000 On 2006.10.27 02:56:00 +0900, Hiroki Sato wrote: > "Jiawei Ye" wrote > in : > > le> On 10/24/06, Hajimu UMEMOTO wrote: > le> > leafy7382> This is much better. It would be great if this is commited. > le> > > le> > I've committed it into 7-CURRENT, and I'll MFC it into RELENG_6 after > le> > 3 days. > le> > > le> > The fix should help in certain case. However, it seems doesn't help > le> > for nork-san's case. He could reproduce it, and sent me his ktrace > le> > output. As far as I can see his output, his local name server (BIND > le> > 9.3.2-P1) returned the response with no answer record. As a result, > le> > his csup ended up with following error: > le> > > le> > Name lookup failure for "cvsup.jp.freebsd.org": hostname nor > le> > servname provided, or not known > le> > > le> > I suspect that the BIND9's named have some problem. > le> > > le> > "Name lookup failure for "cvsup.jp.freebsd.org": hostname nor servname \ > le> > provided, or not known > le> > " > le> You are correct, I just ran into that a few times in the last hour. > le> But it is a lot less frequent than before. I also run a local BIND9 > le> for our company. I think some commits happening after between Sept 30 > le> and Oct 15th caused it, because I did not see such symptom before late > le> Sept and I rebuilt my system around mid Oct. > > According to log files on my public cvsup server which is suffering > from this problem, this happened on 22 September at least. I have > not looked into the source files closely yet, but is it possible that > the 9.3.2-P1 patch has a bug that can return 0/0/0 with NOERROR > answer packet? I confirmed that behaviors of 4.x's resolver and > 6.x's against such a malformed packet are the same, so I think it is > not likely a bug in the resolver. After I upgraded my development server to include the fix I started a tcpdump of all my DNS traffic in case the resolving issue happened again, and it did :-/. So, the above fix does not fix the issue and as hrs@ notes it actually seems to be a a bug in the nameserver and not resolver. When my latest cvsup failed this is the DNS packets captured: 15:06:45.036710 IP eddie.54684 > ns.nitro.dk.domain: 51917+ A? cvsup3.dk.freebsd.org. (39) 15:06:45.224002 IP ns.nitro.dk.domain > eddie.54684: 51917 0/0/0 (39) 15:06:45.224796 IP eddie.50804 > ns.nitro.dk.domain: 51918+ A? cvsup3.dk.freebsd.org.nitro.dk. (48) 15:06:45.226255 IP ns.nitro.dk.domain > eddie.50804: 51918 NXDomain* 0/1/0 (98) I still have the pcap file around if it's needed. The nameserver in question is running BIND 9.3.2 from 6.1-SECURITY base. -- Simon L. Nielsen