Search squid archive

Re: Very strange DNS problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/23/2013 05:04 AM, Amos Jeffries wrote:
On 23/08/2013 4:43 a.m., johnh@xxxxxxxxxxxxxxxxx wrote:
Greetings List,

This is a really strange problem, that I can't tell if it's squid or bind
causing it.  Here's the summary:

For only ONE address, whenever I attempt to access it through the proxy,
the record disappears from DNS, and the retry time changes too.
Essentially, accessing www.thisdomain.com works, but a link to a portal on that page to the subdomain login.thisdomain.com causes the problem. Here's
a the output of dig from before accessing the page:

; <<>> DiG 9.4.1-P1 <<>> login.thisdomain.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45037
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;login.thisdomain.com.            IN      A

;; ANSWER SECTION:
login.thisdomain.com.     17      IN      A 111.222.333.123

;; AUTHORITY SECTION:
thisdomain.com.         168319  IN      NS ns1.thisdomain.com.
thisdomain.com.         168319  IN      NS ns2.thisdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 22 12:29:57 2013
;; MSG SIZE  rcvd: 88

You can do anything to request the address from bind and it works,
*except* try to access it through squid.  Bypassing squid and going
directly through the firewall works fine.

Now, immediately after you try to access it through squid:

; <<>> DiG 9.4.1-P1 <<>> login.thisdomain.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43943
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;login.thisdomain.com.            IN      A

;; AUTHORITY SECTION:
thisdomain.com.         298     IN      SOA ns1.thisdomain.com.
serv.anotherdomain.com. 2006062510 3600 3600 2592000 300

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 22 12:30:06 2013
;; MSG SIZE  rcvd: 95

After the 5-minute retry shown above expires, the original record
reappears.

Ideas?  Should I be looking at squid, or bind for the issue? Has anyone
seen anything similar before?  All other proxy and dns operations work
perfectly, and it's a pretty heavily utilized proxy. I'm stumped.

Keep in mind that Squid is no just performing a standard A record lookup. It is performing both AAAA and A record lookups with EDNS advertisement on each.

I've seen similar issues when testing the EDNS extensions and >16KB jumbogram packets through a consumer retail ADSL device. The EDNS extension on A record would crash the devices DNS relay or something to that effect.

I've also heard about some older versions of bind having strange issues when AAAA record lookups were combined with certain SERVFAIL responses from upstream. If you have anything less than bind 9, please upgrade.

Amos

Thanks Amos. I'll give upgrading a try - I'm on bind 9, but I'll upgrade to a newer release and see how that goes.

-John


--
	Please consider the environment before printing this e-mail.

	This e-mail is intended only for the named person or entity to which it
	is addressed and contains valuable business information that is
	privileged, confidential and/or otherwise protected from disclosure.
	Dissemination, distribution or copying of this e-mail or the information
	herein by anyone other than the intended recipient, or an employee, or
	agent responsible for delivering the message to the intended recipient,
	is strictly prohibited.  All contents are the copyright property of the
	sender.  If you are not the intended recipient, you are nevertheless
	bound to respect the sender's worldwide legal rights.  We require that
	unintended recipients delete the e-mail and destroy all electronic
	copies in their system, retaining no copies in any media.  If you have
	received this e-mail in error, please immediately notify us by calling
	our Help Desk at (603) 433-1143, or e-mail to it@xxxxxxxxxxxxxxxxx.
	We appreciate your cooperation.
	




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux