On 08/23/2013 05:04 AM, Amos Jeffries wrote:
On 23/08/2013 4:43 a.m., johnh@xxxxxxxxxxxxxxxxx wrote:
Greetings List,
This is a really strange problem, that I can't tell if it's squid or
bind
causing it. Here's the summary:
For only ONE address, whenever I attempt to access it through the proxy,
the record disappears from DNS, and the retry time changes too.
Essentially, accessing www.thisdomain.com works, but a link to a
portal on
that page to the subdomain login.thisdomain.com causes the problem.
Here's
a the output of dig from before accessing the page:
; <<>> DiG 9.4.1-P1 <<>> login.thisdomain.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45037
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;login.thisdomain.com. IN A
;; ANSWER SECTION:
login.thisdomain.com. 17 IN A 111.222.333.123
;; AUTHORITY SECTION:
thisdomain.com. 168319 IN NS ns1.thisdomain.com.
thisdomain.com. 168319 IN NS ns2.thisdomain.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 22 12:29:57 2013
;; MSG SIZE rcvd: 88
You can do anything to request the address from bind and it works,
*except* try to access it through squid. Bypassing squid and going
directly through the firewall works fine.
Now, immediately after you try to access it through squid:
; <<>> DiG 9.4.1-P1 <<>> login.thisdomain.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43943
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;login.thisdomain.com. IN A
;; AUTHORITY SECTION:
thisdomain.com. 298 IN SOA ns1.thisdomain.com.
serv.anotherdomain.com. 2006062510 3600 3600 2592000 300
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 22 12:30:06 2013
;; MSG SIZE rcvd: 95
After the 5-minute retry shown above expires, the original record
reappears.
Ideas? Should I be looking at squid, or bind for the issue? Has anyone
seen anything similar before? All other proxy and dns operations work
perfectly, and it's a pretty heavily utilized proxy. I'm stumped.
Keep in mind that Squid is no just performing a standard A record
lookup. It is performing both AAAA and A record lookups with EDNS
advertisement on each.
I've seen similar issues when testing the EDNS extensions and >16KB
jumbogram packets through a consumer retail ADSL device. The EDNS
extension on A record would crash the devices DNS relay or something
to that effect.
I've also heard about some older versions of bind having strange
issues when AAAA record lookups were combined with certain SERVFAIL
responses from upstream. If you have anything less than bind 9, please
upgrade.
Amos
Thanks Amos. I'll give upgrading a try - I'm on bind 9, but I'll
upgrade to a newer release and see how that goes.
-John
--
Please consider the environment before printing this e-mail.
This e-mail is intended only for the named person or entity to which it
is addressed and contains valuable business information that is
privileged, confidential and/or otherwise protected from disclosure.
Dissemination, distribution or copying of this e-mail or the information
herein by anyone other than the intended recipient, or an employee, or
agent responsible for delivering the message to the intended recipient,
is strictly prohibited. All contents are the copyright property of the
sender. If you are not the intended recipient, you are nevertheless
bound to respect the sender's worldwide legal rights. We require that
unintended recipients delete the e-mail and destroy all electronic
copies in their system, retaining no copies in any media. If you have
received this e-mail in error, please immediately notify us by calling
our Help Desk at (603) 433-1143, or e-mail to it@xxxxxxxxxxxxxxxxx.
We appreciate your cooperation.