Date: Sun, 29 Oct 2006 16:00:42 +0100 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Hiroki Sato <hrs@FreeBSD.org> Cc: dougb@FreeBSD.org, ume@FreeBSD.org, kris@obsecurity.org, nork@FreeBSD.org, freebsd-current@FreeBSD.org, Joel@FreeBSD.org, itetcu@FreeBSD.org, leafy7382@gmail.com Subject: Re: Resolver not always resolving hostnames Message-ID: <20061029150041.GB1039@zaphod.nitro.dk> In-Reply-To: <20061027.025600.59733168.hrs@allbsd.org> References: <c21e92e20610240641k417dd148q333dd75d8478c459@mail.gmail.com> <ygehcxtkaig.wl%ume@mahoroba.org> <c21e92e20610240824n7e94e4c1jf454697cab4120a9@mail.gmail.com> <20061027.025600.59733168.hrs@allbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006.10.27 02:56:00 +0900, Hiroki Sato wrote: > "Jiawei Ye" <leafy7382@gmail.com> wrote > in <c21e92e20610240824n7e94e4c1jf454697cab4120a9@mail.gmail.com>: > > le> On 10/24/06, Hajimu UMEMOTO <ume@freebsd.org> wrote: > le> > leafy7382> This is much better. It would be great if this is commited. > le> > > le> > I've committed it into 7-CURRENT, and I'll MFC it into RELENG_6 after > le> > 3 days. > le> > > le> > The fix should help in certain case. However, it seems doesn't help > le> > for nork-san's case. He could reproduce it, and sent me his ktrace > le> > output. As far as I can see his output, his local name server (BIND > le> > 9.3.2-P1) returned the response with no answer record. As a result, > le> > his csup ended up with following error: > le> > > le> > Name lookup failure for "cvsup.jp.freebsd.org": hostname nor > le> > servname provided, or not known > le> > > le> > I suspect that the BIND9's named have some problem. > le> > > le> > "Name lookup failure for "cvsup.jp.freebsd.org": hostname nor servname \ > le> > provided, or not known > le> > " > le> You are correct, I just ran into that a few times in the last hour. > le> But it is a lot less frequent than before. I also run a local BIND9 > le> for our company. I think some commits happening after between Sept 30 > le> and Oct 15th caused it, because I did not see such symptom before late > le> Sept and I rebuilt my system around mid Oct. > > According to log files on my public cvsup server which is suffering > from this problem, this happened on 22 September at least. I have > not looked into the source files closely yet, but is it possible that > the 9.3.2-P1 patch has a bug that can return 0/0/0 with NOERROR > answer packet? I confirmed that behaviors of 4.x's resolver and > 6.x's against such a malformed packet are the same, so I think it is > not likely a bug in the resolver. After I upgraded my development server to include the fix I started a tcpdump of all my DNS traffic in case the resolving issue happened again, and it did :-/. So, the above fix does not fix the issue and as hrs@ notes it actually seems to be a a bug in the nameserver and not resolver. When my latest cvsup failed this is the DNS packets captured: 15:06:45.036710 IP eddie.54684 > ns.nitro.dk.domain: 51917+ A? cvsup3.dk.freebsd.org. (39) 15:06:45.224002 IP ns.nitro.dk.domain > eddie.54684: 51917 0/0/0 (39) 15:06:45.224796 IP eddie.50804 > ns.nitro.dk.domain: 51918+ A? cvsup3.dk.freebsd.org.nitro.dk. (48) 15:06:45.226255 IP ns.nitro.dk.domain > eddie.50804: 51918 NXDomain* 0/1/0 (98) I still have the pcap file around if it's needed. The nameserver in question is running BIND 9.3.2 from 6.1-SECURITY base. -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061029150041.GB1039>