problem with recursive configuration and CNAMEs

Leonardo Rodrigues Magalhães leolistas at solutti.com.br
Mon Dec 22 12:33:27 EST 2008 

    yet on this CNAME queries problem .......

    i have noticed a HUGE difference on some CNAME replies from maradns 
and bind. I dont know if this is right, but let's see .....


MARADNS: note that i made a type A query, and got CNAME as reply. I dont 
know if this is wrong or it's right. I was expecting to see some A 
answer, as I made a type A query.
i'm using dig from bind package, but server running on 127.0.0.1 is maradns


root at sede:/etc# dig @127.0.0.1 liveupdate.symantecliveupdate.com a

; <<>> DiG 9.5.0-P2 <<>> @127.0.0.1 liveupdate.symantecliveupdate.com a
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50741
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;liveupdate.symantecliveupdate.com. IN  A

;; ANSWER SECTION:
liveupdate.symantecliveupdate.com. 895 IN CNAME liveupdate.symantec.d4p.net.

;; Query time: 156 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 22 15:20:51 2008
;; MSG SIZE  rcvd: 92

root at sede:/etc#



doing that again gives me the A answer i was expecting:




root at sede:/etc# dig @127.0.0.1 liveupdate.symantecliveupdate.com a

; <<>> DiG 9.5.0-P2 <<>> @127.0.0.1 liveupdate.symantecliveupdate.com a
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31340
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;liveupdate.symantecliveupdate.com. IN  A

;; ANSWER SECTION:
liveupdate.symantecliveupdate.com. 883 IN CNAME liveupdate.symantec.d4p.net.
liveupdate.symantec.d4p.net. 883 IN     A       96.17.147.16

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 22 15:21:04 2008
;; MSG SIZE  rcvd: 108

root at sede:/etc#



doing the same query on bind gives me a VERY different answer:


;; QUESTION SECTION:
;liveupdate.symantecliveupdate.com. IN  A

;; ANSWER SECTION:
liveupdate.symantecliveupdate.com. 1492 IN CNAME 
liveupdate.symantec.d4p.net.
liveupdate.symantec.d4p.net. 1445 IN    CNAME   
symantec.georedirector.akadns.net.
symantec.georedirector.akadns.net. 13653 IN CNAME a568.d.akamai.net.
a568.d.akamai.net.      7       IN      A       96.17.147.8
a568.d.akamai.net.      7       IN      A       96.17.147.25
a568.d.akamai.net.      7       IN      A       96.17.147.51
a568.d.akamai.net.      7       IN      A       96.17.147.73
a568.d.akamai.net.      7       IN      A       96.17.147.80
a568.d.akamai.net.      7       IN      A       96.17.147.82




    i was thinking ........ can this A query returning only CNAME 
records, as i showed above, be the problem that i'm facing in squid 
logs: No address records in response ........





Leonardo Rodrigues Magalhães escreveu:
>
>
>    not a clue on the problem i related last week guys ??
>
>    sorry for sending it again, but this problem is really giving me 
> some good headaches and i couldnt find how to get this inconsistency 
> away when using maradns .....
>
>
>
> Leonardo Rodrigues Magalhães escreveu:
>>
>>    Hi,
>>
>>    i got maradns running as a simple recursive server, but i'm having 
>> some problems resolving CNAME records.
>>
>>    maradns has no authoritative zone, it's only resolving the network 
>> requests recursively.
>>
>>    i have tried enabled error logging (verbose_level=2) and also 
>> raising timeout (timeout_seconds=6) but i keep having problems 
>> resolving CNAME records.
>>
>>    as i couldnt get any useful logs from maradns, the only thing i 
>> can see are my squid logs, which points nameserver resolutions failures:
>>
>> 2008/12/11 11:44:35| ipcacheParse: No Address records in response to 
>> 'id.google.com.br'
>> 2008/12/11 11:44:35| ipcacheParse: No Address records in response to 
>> 'id.google.com.br'
>> 2008/12/11 11:44:41| ipcacheParse: No Address records in response to 
>> 'br.busca.yahoo.com'
>> 2008/12/11 11:44:41| ipcacheParse: No Address records in response to 
>> 'br.busca.yahoo.com'
>> 2008/12/11 11:45:14| ipcacheParse: No Address records in response to 
>> 'liveupdate.symantecliveupdate.com'
>> 2008/12/11 11:45:14| ipcacheParse: No Address records in response to 
>> 'liveupdate.symantecliveupdate.com'
>> 2008/12/11 11:45:20| ipcacheParse: No Address records in response to 
>> 'clients1.google.com'
>> 2008/12/11 11:45:20| ipcacheParse: No Address records in response to 
>> 'clients1.google.com'
>> 2008/12/11 11:46:27| ipcacheParse: No Address records in response to 
>> 'crl.verisign.com'
>> 2008/12/11 11:46:27| ipcacheParse: No Address records in response to 
>> 'crl.verisign.com'
>>
>>
>>    i have absolutely NO problems resolving names which are A records. 
>> The problem seems to be only with CNAME records.
>>
>>    sometimes those CNAME records are correctly resolved, but other 
>> times they fail to resolve. A records, as stated, ALWAYS resolves fine.
>>
>>    i'm running latest maradns stable: 1.3.07.09
>>
>>
>> my /etc/mararc is:
>>
>> root at sede:/etc# cat mararc
>> hide_disclaimer="YES"
>> chroot_dir="/etc/maradns"
>> no_fingerprint = 0
>> bind_address="0.0.0.0"
>> maradns_uid=65534
>> maxprocs=10
>> random_seed_file="/dev/urandom"
>> max_mem=4194304
>> maximum_cache_elements=8192
>> recursive_acl="192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 127.0.0.0/8"
>> timeout_seconds=6
>> verbose_level=2
>>
>> root_servers={}
>> root_servers["."]  = "198.41.0.4,     192.228.79.201, 192.33.4.12,  
>> 128.8.10.90,"
>> root_servers["."] += "192.203.230.10, 192.5.5.241,    192.112.36.4, 
>> 128.63.2.53,"
>> root_servers["."] += "192.36.148.17,  192.58.128.30,  193.0.14.129, 
>> 199.7.83.42,"
>> root_servers["."] += "202.12.27.33"
>>
>> root at sede:/etc#
>>
>>
>

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes at solutti.com.br
	My SPAMTRAP, do not email it

More information about the list mailing list