Discussion:
bind 9.11 resolving PTR record only after a few tries, +trace always, no CNAME involved?
(too old to reply)
Steffen Breitbach
2020-06-13 10:14:14 UTC
Permalink
Hi everyone!

I am having issues with my bind server setup. When I try to resolve the
PTR for 130.248.154.166 or 172.82.233.25, I will get the proper result
only after a few tries so. After that, resolving will work. Resolving
with 'dig +trace' will yield the proper result on the first try. I can
replicate the behaviour by restarting bind (flushing caches I assume).

I thought that one or more of the NS involved was a CNAME instead of an
A record, but I could't find one. So what am I missing here?

This is my bind:
BIND 9.11.3-1ubuntu1.12-Ubuntu (Extended Support Version) <id:a375815>

This is a trace for 172.82.233.25:

$ dig +trace @127.0.0.1 -x 172.82.233.25

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> +trace @127.0.0.1 -x
172.82.233.25
; (1 server found)
;; global options: +cmd
. 300 IN NS b.root-servers.net.
. 300 IN NS d.root-servers.net.
. 300 IN NS h.root-servers.net.
. 300 IN NS a.root-servers.net.
. 300 IN NS j.root-servers.net.
. 300 IN NS l.root-servers.net.
. 300 IN NS c.root-servers.net.
. 300 IN NS f.root-servers.net.
. 300 IN NS i.root-servers.net.
. 300 IN NS e.root-servers.net.
. 300 IN NS g.root-servers.net.
. 300 IN NS k.root-servers.net.
. 300 IN NS m.root-servers.net.
. 300 IN RRSIG NS 8 0 518400 20200626050000
20200613040000 48903 .
Ya/P7uuUcAdf+0N7r4GmESWtKAAdRjvYSimGp/d/gGR+6EQpSRbJBHtW
cY8uA3l32dmDDlZfBwpDtqy1uHFqnBDiYJeabDU+77IUfil9pVvu03ru
O0DrKF55scgQiu8Y7LqKEywIZbC0Y1C3mrQnhw74E65bhHPg8sj8ReBQ
I4xMUvEjtbKhjgBT0Wj0fDaLyKlXqyGoiM2yl20CTJKWR+PUo8HHX9gD
s/eT7XmGy0d2+lYYMedekvGwAVn2uznQFzDpE7ZaSf8pAXRHYLJ1Nxiq
rCaBTkjA2B3JBx97UvSBYKsfTRX+w1MZqTh1LofcIka3J4zrQy+9gJ+a BUKHgQ==
;; Received 553 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

in-addr.arpa. 172800 IN NS a.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS b.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS f.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS c.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS e.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS d.in-addr-servers.arpa.
in-addr.arpa. 86400 IN DS 47054 8 2
5CAFCCEC201D1933B4C9F6A9C8F51E51F3B39979058AC21B8DF1B1F2 81CBC6F2
in-addr.arpa. 86400 IN DS 53696 8 2
13E5501C56B20394DA921B51412D48B7089C5EB6957A7C58553C4D4D 424F04DF
in-addr.arpa. 86400 IN DS 63982 8 2
AAF4FB5D213EF25AE44679032EBE3514C487D7ABD99D7F5FEC3383D0 30733C73
in-addr.arpa. 86400 IN RRSIG DS 8 2 86400 20200626000000
20200612230000 21985 arpa.
g1DYHGwJ5lb39Y0msdvZ66/NXHVJ6YhDTPiuIfCfqMSGYWBuARblLX1H
yNCcsqVZ9gp+QUQvJd6XTJgkOI/ugfMTf77ehuSEQKvC1NB/CC/66LNc
BmAkgZ9uDWga6oRCwDdzAgpDiqIQFEk8gbU/4T4GCWBDWpDOEorzWukx
8SajDvFReBTACiKOxFidVsyUraarbIOT60YajyxFa4MVSsSzz2l84gs7
VKRet73LUUjSAXcaDFtVlbb14GF0CZdjERcYsXFHDKz2RPHDKt5NGQ97
kZO+lgrd5e6OYno2W/YUoG1w1YQGC+2VLIv7gQJOtVX9bNagEiW+D9J3 EYJY7g==
;; Received 895 bytes from 199.9.14.201#53(b.root-servers.net) in 6 ms

172.in-addr.arpa. 86400 IN NS y.arin.net.
172.in-addr.arpa. 86400 IN NS x.arin.net.
172.in-addr.arpa. 86400 IN NS r.arin.net.
172.in-addr.arpa. 86400 IN NS u.arin.net.
172.in-addr.arpa. 86400 IN NS arin.authdns.ripe.net.
172.in-addr.arpa. 86400 IN NS z.arin.net.
172.in-addr.arpa. 86400 IN DS 4776 5 1
895440971C8A8CDB6BDE7E2E348ECAD2F5A5695E
172.in-addr.arpa. 86400 IN RRSIG DS 8 3 86400 20200702131016
20200611190003 22879 in-addr.arpa.
OXV/+hcdh/Z64jw3lmpq1nSHXFW6AevnwTJLz+zO8fjU9LX/qRCD+Xnm
RWQIiWS+JtXkRAdENR/VxGGsCNGclEBpCmeB4xWaZYpY7eupYemqdtrO
uzfb2e2OIMimElblNkayyymEbCIR6F99Uan4AJoc/fayhD56oilC4eKg w2k=
;; Received 411 bytes from 2620:37:e000::53#53(a.in-addr-servers.arpa)
in 133 ms

233.82.172.in-addr.arpa. 86400 IN NS d.ns.campaign.adobe.com.
233.82.172.in-addr.arpa. 86400 IN NS b.ns.campaign.adobe.com.
233.82.172.in-addr.arpa. 86400 IN NS a.ns.campaign.adobe.com.
233.82.172.in-addr.arpa. 86400 IN NS c.ns.campaign.adobe.com.
233.82.172.in-addr.arpa. 10800 IN NSEC 234.82.172.in-addr.arpa.
NS RRSIG NSEC
233.82.172.in-addr.arpa. 10800 IN RRSIG NSEC 5 5 10800
20200627083545 20200613073545 40857 172.in-addr.arpa.
SVCsarlcKuu7D5HIFIuL0qRn/DT3joihkjsIWV/3jpp6UsIKuTVkYed4
AszzQ6lD3gPLfoZv6vNfh6vY2pDGU61VMmNGqrJ3B+ZarBcpV6yJGtwX
X2FWcAKyEv8+jl1WFhcTQLwav/UFaoObISKIhqLQTUzHusY61VeU6Ww0 jcQ=
;; Received 389 bytes from 199.212.0.63#53(z.arin.net) in 86 ms

25.233.82.172.in-addr.arpa. 10800 IN PTR r25.dm.allianz.de.
233.82.172.in-addr.arpa. 172800 IN NS ns-1527.awsdns-62.org.
233.82.172.in-addr.arpa. 172800 IN NS ns-1856.awsdns-40.co.uk.
233.82.172.in-addr.arpa. 172800 IN NS ns-261.awsdns-32.com.
233.82.172.in-addr.arpa. 172800 IN NS ns-653.awsdns-17.net.
;; Received 226 bytes from 205.251.199.64#53(b.ns.campaign.adobe.com) in
1 ms

Thanks

Cheers
Steffen
Tony Finch
2020-06-15 14:22:01 UTC
Permalink
I am having issues with my bind server setup. When I try to resolve the PTR
for 130.248.154.166 or 172.82.233.25, I will get the proper result only after
a few tries so. After that, resolving will work.
Looks like there are some discrepancies with the delegations which might
be the cause of the problems:

https://dnsviz.net/d/25.233.82.172.in-addr.arpa/dnssec/

172.in-addr.arpa to 233.82.172.in-addr.arpa: The following NS name(s)
were found in the authoritative NS RRset, but not in the delegation NS
RRset (i.e., in the 172.in-addr.arpa zone): ns-261.awsdns-32.com,
ns-653.awsdns-17.net, ns-1527.awsdns-62.org, ns-1856.awsdns-40.co.uk

172.in-addr.arpa to 233.82.172.in-addr.arpa: The following NS name(s)
were found in the delegation NS RRset (i.e., in the 172.in-addr.arpa
zone), but not in the authoritative NS RRset: a.ns.campaign.adobe.com,
b.ns.campaign.adobe.com, c.ns.campaign.adobe.com, d.ns.campaign.adobe.com

https://dnsviz.net/d/166.154.248.130.in-addr.arpa/dnssec/

130.in-addr.arpa to 154.248.130.in-addr.arpa: The following NS name(s)
were found in the authoritative NS RRset, but not in the delegation NS
RRset (i.e., in the 130.in-addr.arpa zone): ns-653.awsdns-17.net,
ns-261.awsdns-32.com, ns-1527.awsdns-62.org, ns-1856.awsdns-40.co.uk

130.in-addr.arpa to 154.248.130.in-addr.arpa: The following NS name(s)
were found in the delegation NS RRset (i.e., in the 130.in-addr.arpa
zone), but not in the authoritative NS RRset: a.ns.campaign.adobe.com,
b.ns.campaign.adobe.com, c.ns.campaign.adobe.com, d.ns.campaign.adobe.com

Tony.
--
f.anthony.n.finch <***@dotat.at> http://dotat.at/
Lands End to St Davids Head including the Bristol Channel: Variable 2 to 4.
Slight in west, smooth in east. Showers, thundery at times. Good, occasionally
poor.
Loading...