Discussion:
Intermittent NXDOMAIN for a name we are forwarding
(too old to reply)
blrmaani
2016-02-20 01:08:56 UTC
Permalink
We have a DNS setup where we forward a name in one domain to 5 external nameservers. We see NXDOMAIN error intermittently (once in couple of weeks). How do I debug this issue?

I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Unassociated entries" when the problem happens.

Any advice to troubleshoot this issue is greatly appreciated.

Thanks
Blr
Matus UHLAR - fantomas
2016-02-20 17:21:48 UTC
Permalink
Post by blrmaani
We have a DNS setup where we forward a name in one domain to 5 external
nameservers. We see NXDOMAIN error intermittently (once in couple of
weeks). How do I debug this issue?
tcpdump?
Post by blrmaani
I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Unassociated entries" when the problem happens.
anything more isble in the cache?

last time I have encountered this error, it was problematic Cisco DNS load
balancer, responding NXDOMAIN to a PTR (and possibly other) type queries,
while standard types returned proper answer.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.
Mark Andrews
2016-02-20 22:21:36 UTC
Permalink
Post by Matus UHLAR - fantomas
Post by blrmaani
We have a DNS setup where we forward a name in one domain to 5 external
nameservers. We see NXDOMAIN error intermittently (once in couple of
weeks). How do I debug this issue?
tcpdump?
Post by blrmaani
I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Unas
sociated entries" when the problem happens.
anything more isble in the cache?
last time I have encountered this error, it was problematic Cisco DNS load
balancer, responding NXDOMAIN to a PTR (and possibly other) type queries,
while standard types returned proper answer.
Or using "forward first;" rather that "forward only;" and falling back to
the Internet and getting NXDOMAIN there.
Post by Matus UHLAR - fantomas
--
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ***@isc.org
blrmaani
2016-02-22 03:07:04 UTC
Permalink
Post by blrmaani
We have a DNS setup where we forward a name in one domain to 5 external nameservers. We see NXDOMAIN error intermittently (once in couple of weeks). How do I debug this issue?
I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Unassociated entries" when the problem happens.
Any advice to troubleshoot this issue is greatly appreciated.
Thanks
Blr
the cache dump also has this entry (myname.mydomain.com is name I am interested in)

myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN

Which probably means if anyone requests for myname.mydomain.com, they will be handed NXDOMAIN for upto 10324 seconds from now..

Our current work around is to restart named (which cache) or we could do a 'rndc flush'.

Question: Is there a BIND option to say 'Don't cache myname.mydomain.com for NXDOMAIN error code?'

Alternatively, I can have a local query for this and flush cache if error code is NXDOMAIN, but is hacky.. I would like a config option
Mark Andrews
2016-02-22 04:46:10 UTC
Permalink
Post by blrmaani
Post by blrmaani
We have a DNS setup where we forward a name in one domain to 5 external nam
eservers. We see NXDOMAIN error intermittently (once in couple of weeks). How
do I debug this issue?
Post by blrmaani
I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Una
ssociated entries" when the problem happens.
Post by blrmaani
Any advice to troubleshoot this issue is greatly appreciated.
Thanks
Blr
the cache dump also has this entry (myname.mydomain.com is name I am interest
ed in)
myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN
Which probably means if anyone requests for myname.mydomain.com, they will be
handed NXDOMAIN for upto 10324 seconds from now..
Correct.
Post by blrmaani
Our current work around is to restart named (which cache) or we could do a 'r
ndc flush'.
Question: Is there a BIND option to say 'Don't cache myname.mydomain.com for
NXDOMAIN error code?'
No. Fix the source of the NXDOMAIN. Ask all the external nameservers
for "myname.mydomain.com type666" and see what they respond with. If
it is NXDOMAIN then you have the source(s) if the NXDOMAIN.

e.g.
dig @server myname.mydomain.com type666

This is a case of Garbage In (NXDOMAIN) - Garbage Out (NXDOMAIN).
Post by blrmaani
Alternatively, I can have a local query for this and flush cache if error cod
e is NXDOMAIN, but is hacky.. I would like a config option
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ***@isc.org
blrmaani
2016-02-29 05:25:09 UTC
Permalink
Post by Mark Andrews
Post by blrmaani
Post by blrmaani
We have a DNS setup where we forward a name in one domain to 5 external nam
eservers. We see NXDOMAIN error intermittently (once in couple of weeks). How
do I debug this issue?
Post by blrmaani
I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Una
ssociated entries" when the problem happens.
Post by blrmaani
Any advice to troubleshoot this issue is greatly appreciated.
Thanks
Blr
the cache dump also has this entry (myname.mydomain.com is name I am interest
ed in)
myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN
Which probably means if anyone requests for myname.mydomain.com, they will be
handed NXDOMAIN for upto 10324 seconds from now..
Correct.
Post by blrmaani
Our current work around is to restart named (which cache) or we could do a 'r
ndc flush'.
Question: Is there a BIND option to say 'Don't cache myname.mydomain.com for
NXDOMAIN error code?'
No. Fix the source of the NXDOMAIN. Ask all the external nameservers
for "myname.mydomain.com type666" and see what they respond with. If
it is NXDOMAIN then you have the source(s) if the NXDOMAIN.
e.g.
This is a case of Garbage In (NXDOMAIN) - Garbage Out (NXDOMAIN).
Post by blrmaani
Alternatively, I can have a local query for this and flush cache if error cod
e is NXDOMAIN, but is hacky.. I would like a config option
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
Thanks a lot for the responses ..

I ran dig several times in a loop querying for the name with type=type666 and see only SERVFAIL. The NXDOMAIN occurs approx once in 2 weeks (per incident report). I guess I have to run several iterations of queries to see NXDOMAIN..


I see this in the cache dump:
...
...
; authauthority
myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN
<SOA line for the above domain here>
...
...

Matus UHLAR - fantomas
2016-02-22 11:41:35 UTC
Permalink
Post by blrmaani
the cache dump also has this entry (myname.mydomain.com is name I am interested in)
myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN
Which probably means if anyone requests for myname.mydomain.com, they will be handed NXDOMAIN for upto 10324 seconds from now..
doesn't the log also contain info where did that message come from?
Post by blrmaani
Our current work around is to restart named (which cache) or we could do a 'rndc flush'.
"rndc flushname myname.mydomain.com" should be enough - not needed to flush
whole cache.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
Loading...