Re: Problema Bind 9.6.1 CentOS 5.3

Luiz Ricardo Olicio wrote:
Hi guys!

We have some DNS servers with BIND version 9.6.1-P1 and we have some problems to resolve domain addresses. But to clear the cache (rndc-flush) they return to settle for some time.

When the resolution gives error, we have the following message:
;; Connection timed out, the servers could be reached
The fact that a flush clears that error implies a mismatch between the delegating NS records for a zone (which are used when the resolver doesn't have anything cached), and the NS records at the apex of the zone (which are cached and used on subsequent queries for anything in the zone).

The apex NS records are either invalid, or you simply can't get to any of those nameservers, due to routing issues, firewall rules, something of that nature. If you would provide the name of a DNS name that's exhibiting the problem, maybe we could check further.

By clearing the cache, you're forcing your resolver to use the delegating NS records, which may get it working temporarily, but you should try to figure out the real problem, since obviously you can't be flushing your cache constantly to work around this.

But in another moment had the following message:
dig: isc_socket_create: address family not supported
I'm not sure what causes that; I don't think I've ever seen it in the wild. A quick Google search indicates that on some OSes (you didn't say what you're running this on) EAFNOSUPPORT may be given erroneously as a "generic" error for certain kinds of socket-level failures.

Use the barefruit, it would be something related to it? Has anyone had this same problem.

Do you mean http://www.barefruit.co.uk/?

If they're doing what I think they're doing -- NXDOMAIN redirection -- then, yeah, that will break things, and if you chose to deliberately get your NXDOMAINs redirected, frankly you deserve whatever you get.

- Kevin

.

Relevant Pages

  • Re: DNS Cache Corrupt for individual zone
    ... for authoritative DNS of external hosts). ... We have a frustrating issue where the zone for one particular zone ... when the cache is in this state. ... DNS servers are only accessible in our internal DNS network. ...
    (microsoft.public.windows.server.dns)
  • DNS Cache Corrupt for individual zone
    ... We have Windows 2003 DNS servers in our internal network (behind ... We have a frustrating issue where the zone for one particular zone ... when the cache is in this state. ...
    (microsoft.public.windows.server.dns)
  • Re: Domain Controller demotion failed (DC=ForestDnsZones...)
    ... If so, create a primary, AD integrated (all DNS servers in the domain) ... zone named 'business.auburn.edu', ... configure its preferred resolver to point to the IP ... > The application directory partition ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cannot delete the root zone
    ... B is forwarding all requests it ... B has only forward and reverse lookup zone entries. ... domain names to other DNS servers sitting not in our domain nor tree ... That's because you're looking at it in Advanced View and viewing the cache. ...
    (microsoft.public.windows.server.dns)
  • NS Cache
    ... When a user types the URL www.example.com into a Web browser, the browser program contacts a type of resolver called a stub resolver that then contacts a local name server. ... The resolving name server will check its cache to determine whether it has valid information (the information is determined to be valid ... the resolving name server checks the cache to determine whether it has the information regarding the name server for the zone marketing.example.com. ...
    (comp.protocols.dns.bind)