LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-08-2012, 03:30 PM   #1
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Rep: Reputation: Disabled
Question DNS issues BIND 9.7.3


I am wondering if anyone can maybe be of assistance, I am creating a new DNS server (going virtual)and am having issues with external queries. For some reason it times out when doing external address lookup and web browsing and gives me this error in messages.

“success resolving xxx.com/A' (in 'xxx.com'?) after reducing the advertised EDNS UDP packet size to 512 octets.”

When doing a dig +trace, the root servers are taking a long time to respond. Firewall is currently disabled as well.

Running BIND v9.7.3
 
Old 03-08-2012, 04:58 PM   #2
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Hi,

maybe if you can post some of your /etc/named.conf or zones config file(s) might get a better picture to understand what's going on your server, for that to help you with.
 
Old 03-08-2012, 05:05 PM   #3
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

It's almost definitely a firewall (or maybe a router?) somewhere between you and the outside that doesn't like large UDP packets.
Try adding:
Code:
server 0.0.0.0/0 {
       edns no;
};
to named.conf

Dave
 
Old 03-09-2012, 08:06 AM   #4
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Original Poster
Rep: Reputation: Disabled
Here is my named.conf. I also disabled IPV6. I've disabled my firewall for testing this DNS, so that may be irrelevant.


options {
#
# named.conf for NEW DNS
# March 7, 2012
# type domain source administrator file or host
#
directory "/etc/nsdata";
allow-query { any; };
version"[SECURED]";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "ptrprimary/db.127.0.0";
};

zone "something.something.edu" {
type master;
file "domain/something.something.edu";
allow-transfer {
IP; IP; IP; IP; IP; IP;
};
};


zone "." {
type hint;
file "db.cache";
};

key "rndckey" {
algorithm hmac-md5;
secret "KEY";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};

logging {
category lame-servers { null; };
#category edns-disabled { null; };
};
 
Old 03-09-2012, 08:08 AM   #5
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Original Poster
Rep: Reputation: Disabled
Put the below in the top of the named.conf?


Quote:
Originally Posted by ilikejam View Post
Hi.

It's almost definitely a firewall (or maybe a router?) somewhere between you and the outside that doesn't like large UDP packets.
Try adding:
Code:
server 0.0.0.0/0 {
       edns no;
};
to named.conf

Dave
 
Old 03-09-2012, 08:34 AM   #6
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Top, bottom, your call.
 
Old 03-09-2012, 09:16 AM   #7
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Original Poster
Rep: Reputation: Disabled
Update when i do a dig on a domain it takes forever to resolve the root servers see below:


; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> nasioc.com +trace
;; global options: +cmd
. 517390 IN NS g.root-servers.net.
. 517390 IN NS b.root-servers.net.
. 517390 IN NS f.root-servers.net.
. 517390 IN NS e.root-servers.net.
. 517390 IN NS i.root-servers.net.
. 517390 IN NS c.root-servers.net.
. 517390 IN NS j.root-servers.net.
. 517390 IN NS l.root-servers.net.
. 517390 IN NS d.root-servers.net.
. 517390 IN NS k.root-servers.net.
. 517390 IN NS h.root-servers.net.
. 517390 IN NS m.root-servers.net.
. 517390 IN NS a.root-servers.net.
;; Received 500 bytes from 142.150.1.189#53(142.150.1.189) in 0 ms

com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
;; Received 488 bytes from 192.228.79.201#53(b.root-servers.net) in 13731 ms

nasioc.com. 172800 IN NS ns1.easydns.com.
nasioc.com. 172800 IN NS ns1.fusionsolutions.com.
nasioc.com. 172800 IN NS ns2.fusionsolutions.com.
;; Received 182 bytes from 192.48.79.30#53(j.gtld-servers.net) in 246 ms

nasioc.com. 21600 IN A 64.135.19.21
nasioc.com. 21600 IN NS NS1.Fusionsolutions.com.
nasioc.com. 21600 IN NS ns1.easyDNS.com.
nasioc.com. 21600 IN NS NS2.Fusionsolutions.com.
;; Received 154 bytes from 64.135.19.6#53(ns1.fusionsolutions.com) in 193 ms
 
Old 03-09-2012, 09:57 AM   #8
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Is it any faster if you add '+noedns +bufsize=0' to the dig command?
 
Old 03-09-2012, 10:04 AM   #9
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Original Poster
Rep: Reputation: Disabled
I do

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> nasioc.com +trace +noedns +bufsize=0
;; global options: +cmd
. 518002 IN NS l.root-servers.net.
. 518002 IN NS e.root-servers.net.
. 518002 IN NS j.root-servers.net.
. 518002 IN NS c.root-servers.net.
. 518002 IN NS d.root-servers.net.
. 518002 IN NS i.root-servers.net.
. 518002 IN NS k.root-servers.net.
. 518002 IN NS b.root-servers.net.
. 518002 IN NS h.root-servers.net.
. 518002 IN NS g.root-servers.net.
. 518002 IN NS f.root-servers.net.
. 518002 IN NS a.root-servers.net.
. 518002 IN NS m.root-servers.net.
;; Received 512 bytes from 142.150.1.189#53(142.150.1.189) in 0 ms

com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
;; Received 488 bytes from 128.8.10.90#53(d.root-servers.net) in 33 ms

nasioc.com. 172800 IN NS ns1.easydns.com.
nasioc.com. 172800 IN NS ns1.fusionsolutions.com.
nasioc.com. 172800 IN NS ns2.fusionsolutions.com.
;; Received 182 bytes from 192.43.172.30#53(i.gtld-servers.net) in 82 ms

nasioc.com. 21600 IN A 64.135.19.21
nasioc.com. 21600 IN NS NS2.Fusionsolutions.com.
nasioc.com. 21600 IN NS NS1.Fusionsolutions.com.
nasioc.com. 21600 IN NS ns1.easyDNS.com.
;; Received 154 bytes from 64.135.19.6#53(ns1.fusionsolutions.com) in 67 ms
 
Old 03-09-2012, 10:18 AM   #10
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
That's better. Looks like there's some piece of network kit between you and the root servers that doesn't like large UPD packets.

Switch off edns in named.conf as described above and all should be well.

DAve
 
Old 03-09-2012, 10:34 AM   #11
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Original Poster
Rep: Reputation: Disabled
I'll try that out and let y'all know

Thanks!
 
Old 03-13-2012, 02:16 PM   #12
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Original Poster
Rep: Reputation: Disabled
EDNS disabled seemed to fix the problem. Thanks ALL!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
CentOS 6 + DNS Bind issues..please help mkind Linux - Newbie 1 08-06-2011 03:30 AM
Fedora 13: Issues with DNS/Bind Plaethos Fedora 2 10-04-2010 05:57 PM
LXer: DNS: The Bind Leading the Bind LXer Syndicated Linux News 0 06-15-2006 10:33 PM
BIND DNS issues joel112 Linux - Software 3 05-31-2006 04:03 AM
DNS issues with BIND xemous Linux - Networking 6 01-12-2005 11:18 AM


All times are GMT -5. The time now is 02:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration