bind 9.11 resolving PTR record only after a few tries, +trace always, no CNAME involved?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

bind 9.11 resolving PTR record only after a few tries, +trace always, no CNAME involved?

Bind-Users forum mailing list
Hi everyone!

I am having issues with my bind server setup. When I try to resolve the
PTR for 130.248.154.166 or 172.82.233.25, I will get the proper result
only after a few tries so. After that, resolving will work. Resolving
with 'dig +trace' will yield the proper result on the first try. I can
replicate the behaviour by restarting bind (flushing caches I assume).

I thought that one or more of the NS involved was a CNAME instead of an
A record, but I could't find one. So what am I missing here?

This is my bind:
BIND 9.11.3-1ubuntu1.12-Ubuntu (Extended Support Version) <id:a375815>

This is a trace for 172.82.233.25:

$ dig +trace @127.0.0.1 -x 172.82.233.25

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> +trace @127.0.0.1 -x
172.82.233.25
; (1 server found)
;; global options: +cmd
.            300    IN    NS    b.root-servers.net.
.            300    IN    NS    d.root-servers.net.
.            300    IN    NS    h.root-servers.net.
.            300    IN    NS    a.root-servers.net.
.            300    IN    NS    j.root-servers.net.
.            300    IN    NS    l.root-servers.net.
.            300    IN    NS    c.root-servers.net.
.            300    IN    NS    f.root-servers.net.
.            300    IN    NS    i.root-servers.net.
.            300    IN    NS    e.root-servers.net.
.            300    IN    NS    g.root-servers.net.
.            300    IN    NS    k.root-servers.net.
.            300    IN    NS    m.root-servers.net.
.            300    IN    RRSIG    NS 8 0 518400 20200626050000
20200613040000 48903 .
Ya/P7uuUcAdf+0N7r4GmESWtKAAdRjvYSimGp/d/gGR+6EQpSRbJBHtW
cY8uA3l32dmDDlZfBwpDtqy1uHFqnBDiYJeabDU+77IUfil9pVvu03ru
O0DrKF55scgQiu8Y7LqKEywIZbC0Y1C3mrQnhw74E65bhHPg8sj8ReBQ
I4xMUvEjtbKhjgBT0Wj0fDaLyKlXqyGoiM2yl20CTJKWR+PUo8HHX9gD
s/eT7XmGy0d2+lYYMedekvGwAVn2uznQFzDpE7ZaSf8pAXRHYLJ1Nxiq
rCaBTkjA2B3JBx97UvSBYKsfTRX+w1MZqTh1LofcIka3J4zrQy+9gJ+a BUKHgQ==
;; Received 553 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

in-addr.arpa.        172800    IN    NS    a.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    b.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    f.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    c.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    e.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    d.in-addr-servers.arpa.
in-addr.arpa.        86400    IN    DS    47054 8 2
5CAFCCEC201D1933B4C9F6A9C8F51E51F3B39979058AC21B8DF1B1F2 81CBC6F2
in-addr.arpa.        86400    IN    DS    53696 8 2
13E5501C56B20394DA921B51412D48B7089C5EB6957A7C58553C4D4D 424F04DF
in-addr.arpa.        86400    IN    DS    63982 8 2
AAF4FB5D213EF25AE44679032EBE3514C487D7ABD99D7F5FEC3383D0 30733C73
in-addr.arpa.        86400    IN    RRSIG    DS 8 2 86400 20200626000000
20200612230000 21985 arpa.
g1DYHGwJ5lb39Y0msdvZ66/NXHVJ6YhDTPiuIfCfqMSGYWBuARblLX1H
yNCcsqVZ9gp+QUQvJd6XTJgkOI/ugfMTf77ehuSEQKvC1NB/CC/66LNc
BmAkgZ9uDWga6oRCwDdzAgpDiqIQFEk8gbU/4T4GCWBDWpDOEorzWukx
8SajDvFReBTACiKOxFidVsyUraarbIOT60YajyxFa4MVSsSzz2l84gs7
VKRet73LUUjSAXcaDFtVlbb14GF0CZdjERcYsXFHDKz2RPHDKt5NGQ97
kZO+lgrd5e6OYno2W/YUoG1w1YQGC+2VLIv7gQJOtVX9bNagEiW+D9J3 EYJY7g==
;; Received 895 bytes from 199.9.14.201#53(b.root-servers.net) in 6 ms

172.in-addr.arpa.    86400    IN    NS    y.arin.net.
172.in-addr.arpa.    86400    IN    NS    x.arin.net.
172.in-addr.arpa.    86400    IN    NS    r.arin.net.
172.in-addr.arpa.    86400    IN    NS    u.arin.net.
172.in-addr.arpa.    86400    IN    NS    arin.authdns.ripe.net.
172.in-addr.arpa.    86400    IN    NS    z.arin.net.
172.in-addr.arpa.    86400    IN    DS    4776 5 1
895440971C8A8CDB6BDE7E2E348ECAD2F5A5695E
172.in-addr.arpa.    86400    IN    RRSIG    DS 8 3 86400 20200702131016
20200611190003 22879 in-addr.arpa.
OXV/+hcdh/Z64jw3lmpq1nSHXFW6AevnwTJLz+zO8fjU9LX/qRCD+Xnm
RWQIiWS+JtXkRAdENR/VxGGsCNGclEBpCmeB4xWaZYpY7eupYemqdtrO
uzfb2e2OIMimElblNkayyymEbCIR6F99Uan4AJoc/fayhD56oilC4eKg w2k=
;; Received 411 bytes from 2620:37:e000::53#53(a.in-addr-servers.arpa)
in 133 ms

233.82.172.in-addr.arpa. 86400    IN    NS    d.ns.campaign.adobe.com.
233.82.172.in-addr.arpa. 86400    IN    NS    b.ns.campaign.adobe.com.
233.82.172.in-addr.arpa. 86400    IN    NS    a.ns.campaign.adobe.com.
233.82.172.in-addr.arpa. 86400    IN    NS    c.ns.campaign.adobe.com.
233.82.172.in-addr.arpa. 10800    IN    NSEC    234.82.172.in-addr.arpa.
NS RRSIG NSEC
233.82.172.in-addr.arpa. 10800    IN    RRSIG    NSEC 5 5 10800
20200627083545 20200613073545 40857 172.in-addr.arpa.
SVCsarlcKuu7D5HIFIuL0qRn/DT3joihkjsIWV/3jpp6UsIKuTVkYed4
AszzQ6lD3gPLfoZv6vNfh6vY2pDGU61VMmNGqrJ3B+ZarBcpV6yJGtwX
X2FWcAKyEv8+jl1WFhcTQLwav/UFaoObISKIhqLQTUzHusY61VeU6Ww0 jcQ=
;; Received 389 bytes from 199.212.0.63#53(z.arin.net) in 86 ms

25.233.82.172.in-addr.arpa. 10800 IN    PTR    r25.dm.allianz.de.
233.82.172.in-addr.arpa. 172800    IN    NS    ns-1527.awsdns-62.org.
233.82.172.in-addr.arpa. 172800    IN    NS    ns-1856.awsdns-40.co.uk.
233.82.172.in-addr.arpa. 172800    IN    NS    ns-261.awsdns-32.com.
233.82.172.in-addr.arpa. 172800    IN    NS    ns-653.awsdns-17.net.
;; Received 226 bytes from 205.251.199.64#53(b.ns.campaign.adobe.com) in
1 ms

Thanks

Cheers
   Steffen
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: bind 9.11 resolving PTR record only after a few tries, +trace always, no CNAME involved?

Tony Finch
Steffen Breitbach via bind-users <[hidden email]> wrote:
>
> I am having issues with my bind server setup. When I try to resolve the PTR
> for 130.248.154.166 or 172.82.233.25, I will get the proper result only after
> a few tries so. After that, resolving will work.

Looks like there are some discrepancies with the delegations which might
be the cause of the problems:

https://dnsviz.net/d/25.233.82.172.in-addr.arpa/dnssec/

    172.in-addr.arpa to 233.82.172.in-addr.arpa: The following NS name(s)
were found in the authoritative NS RRset, but not in the delegation NS
RRset (i.e., in the 172.in-addr.arpa zone): ns-261.awsdns-32.com,
ns-653.awsdns-17.net, ns-1527.awsdns-62.org, ns-1856.awsdns-40.co.uk

    172.in-addr.arpa to 233.82.172.in-addr.arpa: The following NS name(s)
were found in the delegation NS RRset (i.e., in the 172.in-addr.arpa
zone), but not in the authoritative NS RRset: a.ns.campaign.adobe.com,
b.ns.campaign.adobe.com, c.ns.campaign.adobe.com, d.ns.campaign.adobe.com

https://dnsviz.net/d/166.154.248.130.in-addr.arpa/dnssec/

    130.in-addr.arpa to 154.248.130.in-addr.arpa: The following NS name(s)
were found in the authoritative NS RRset, but not in the delegation NS
RRset (i.e., in the 130.in-addr.arpa zone): ns-653.awsdns-17.net,
ns-261.awsdns-32.com, ns-1527.awsdns-62.org, ns-1856.awsdns-40.co.uk

    130.in-addr.arpa to 154.248.130.in-addr.arpa: The following NS name(s)
were found in the delegation NS RRset (i.e., in the 130.in-addr.arpa
zone), but not in the authoritative NS RRset: a.ns.campaign.adobe.com,
b.ns.campaign.adobe.com, c.ns.campaign.adobe.com, d.ns.campaign.adobe.com

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/
Lands End to St Davids Head including the Bristol Channel: Variable 2 to 4.
Slight in west, smooth in east. Showers, thundery at times. Good, occasionally
poor.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users