Re: Problem with DNS-CACHE

"Josep M." wrote:

> Hello.
>
> I'm using Redhat 9 and the packages  bind  and caching-nameserver inclosed in
> the release for have a dns-cache  for my home computers,not high traffic(with
> Redhat 8 I had the same problem).
>
> If I do a "dig ns" about one or two hours after star computer ,first is
> "missing" in the additional section a.root-servers.net ,after
> b.root-servers.net
> ,and the last is j.root-servers.net,this last survive many hours or days,but
> after goes down too,and when this goes down bind goes down too.
>
> This is the screen of a "dig ns"
>
> ; <<>> DiG 9.2.2 <<>> ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35049
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;.                              IN      NS
>
> ;; ANSWER SECTION:
> ..                       513028  IN      NS      A.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      B.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      C.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      D.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      E.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      F.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      G.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      H.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      I.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      J.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      K.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      L.ROOT-SERVERS.NET.
> ..                       513028  IN      NS      M.ROOT-SERVERS.NET.
>
> ;; ADDITIONAL SECTION:
> J.ROOT-SERVERS.NET.     599428  IN      A       192.58.128.30
>
> ;; Query time: 6 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Sun May 18 00:17:42 2003
> ;; MSG SIZE  rcvd: 244
>
> At this point I only have  J.ROOT-SERVERS.NET. in the additioal
> section,restarting machine the problem is solved,but I would like
> find the problem.
>
> If I do a "service named stop" bind continue running,at least if I do a
> "dig ns" after the dig ns answer me well from my machine,not use second or
> third dns because first not stopped.
>
> If I do "service named stop" and after "service named start" config is not
> reloaded,the service never stopped and never reloaded the data,only
> J.ROOT-SERVERS.NET.  is found in the addtional section.
>
> If Anyone had any idea of what can I do,any suggestion will be appreciated.

This one has me somewhat stumped. Are you sure there isn't some firewall or
network device somewhere munging your packets to try and "hide" the root servers
from you? J.ROOT-SERVERS.NET is the only root nameserver which has recently (in
the last year or two) changed its IP address, and it seems like more than a
coincidence that its A record is the only one that's getting through to you.

Try some non-recursive queries from the command line and see what you can get.
That's about all I can think of, unless someone else has a suggestion...


- Kevin