[dns-operations] EDNS issue
Frank Bulk
frnkblk at iname.com
Fri Feb 25 00:27:49 UTC 2011
Our ISP helpdesk has been receiving a lot of complaints about their
inability to check the weather weather.gov, specifically,
forecast.weather.gov. Some digs showed that queries were failing, and my
BIND logs show the same:
Feb 24 18:25:12 10.20.0.100 named[2603]: too many timeouts resolving
'forecast.weather.gov/A' (in 'weather.gov'?): disabling EDNS
Feb 24 18:25:36 199.120.69.22 named[5289]: success resolving
'forecast.weather.gov/A' (in 'weather.gov'?) after reducing the advertised
EDNS UDP packet size to 512 octets
Feb 24 18:25:37 10.20.0.200 named[2583]: success resolving
'forecast.weather.gov/A' (in 'weather.gov'?) after reducing the advertised
EDNS UDP packet size to 512 octets
Feb 24 18:25:38 10.20.0.100 named[2603]: too many timeouts resolving
'forecast.weather.gov/A' (in 'weather.gov'?): disabling EDNS
Feb 24 18:25:39 199.120.69.22 named[5289]: success resolving
'radar.weather.gov/A' (in 'weather.gov'?) after reducing the advertised EDNS
UDP packet size to 512 octets
Feb 24 18:25:40 199.120.69.22 named[5289]: success resolving
'www.weather.gov/A' (in 'weather.gov'?) after reducing the advertised EDNS
UDP packet size to 512 octets
Feb 24 18:25:42 10.20.0.200 named[2583]: success resolving
'radar.weather.gov/A' (in 'weather.gov'?) after reducing the advertised EDNS
UDP packet size to 512 octets
Feb 24 18:25:42 10.20.0.100 named[2603]: too many timeouts resolving
'radar.weather.gov/A' (in 'weather.gov'?): disabling EDNS
A quick check showed the following:
mail1:~# dig -4 +short rs.dns-oarc.net txt
rst.x1002.rs.dns-oarc.net.
rst.x1994.x1002.rs.dns-oarc.net.
rst.x2495.x1994.x1002.rs.dns-oarc.net.
"Tested at 2011-02-25 00:20:31 UTC"
"2607:fe28:0:1003:223:7dff:fe9c:4aa5 sent EDNS buffer size 4096"
"2607:fe28:0:1003:223:7dff:fe9c:4aa5 DNS reply size limit is at
least 2495"
mail1:~#
mail1:~# dig forecast.weather.gov
; <<>> DiG 9.3.4-P1.1 <<>> forecast.weather.gov
;; global options: printcmd
;; connection timed out; no servers could be reached
Does this make sense? EDNS of size 512 shouldn't be an issue, yet all 7
*nix DNS servers (the first one is above) running BIND complain. The first
four of the DNS servers are behind an old F5 BigIP, the others aren't.
root at nagios:/var/log# dig -4 +short rs.dns-oarc.net txt
rst.x1002.rs.dns-oarc.net.
rst.x1222.x1002.rs.dns-oarc.net.
rst.x1403.x1222.x1002.rs.dns-oarc.net.
"96.31.0.5 DNS reply size limit is at least 1403"
"Tested at 2011-02-25 00:24:38 UTC"
"96.31.0.5 sent EDNS buffer size 4096"
root at nagios:/var/log#
root at nagios:/var/log# dig forecast.weather.gov
; <<>> DiG 9.5.1-P3 <<>> forecast.weather.gov
;; global options: printcmd
;; connection timed out; no servers could be reached
root at nagios:/var/log#
Any ideas? Querying our corporate Microsoft DNS server, behind a Cisco ASA,
works fine!
Frank Bulk
More information about the dns-operations
mailing list