From owner-freebsd-net@FreeBSD.ORG Sun Mar 5 11:19:49 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 942BC16A420; Sun, 5 Mar 2006 11:19:49 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0DFD43D48; Sun, 5 Mar 2006 11:19:47 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.13.4/8.13.3) with ESMTP id k25BJif1019612; Sun, 5 Mar 2006 14:19:44 +0300 (MSK) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.13.4/8.13.3/Submit) id k25BJiYl019611; Sun, 5 Mar 2006 14:19:44 +0300 (MSK) (envelope-from yar) Date: Sun, 5 Mar 2006 14:19:43 +0300 From: Yar Tikhiy To: Doug Barton Message-ID: <20060305111943.GC18983@comp.chem.msu.su> References: <20060304191306.GA600@comp.chem.msu.su> <440A9D0B.7020703@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <440A9D0B.7020703@FreeBSD.org> User-Agent: Mutt/1.5.9i Cc: freebsd-net@FreeBSD.org Subject: Re: BIND incompatibility X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Mar 2006 11:19:49 -0000 On Sun, Mar 05, 2006 at 12:10:51AM -0800, Doug Barton wrote: > Yar Tikhiy wrote: > > Hi there, > > > > Just want to remind about a problem I've finally run into myself. > > There has been a lot of gossip on it, but next to no tech details. > > Namely, BIND8 will go nuts and spit out tons of error messages per > > second if its forwarder happens to be BIND9 and "forwarders only" > > is not in effect. The error message reads: > > > > sysquery: no addrs found for root NS > > > > I saw that after two my DNS servers had been upgraded today along > > their respective branches, 4-STABLE and 6-STABLE, which had involved > > no changes to named.conf or named.root. > > > > Has anybody got links to tech details why the trouble happens? > > Sorry, today I had little time for debugging and tcpdumping, just > > had to make sure it all worked by the end of the day :-) > > Not 100% sure from your description, but it's possible that you're falling > victim to the problem described here: > > http://www.isc.org/index.pl?/sw/bind/bind8.php My case was exactly opposite: BIND8 was trying to forward its requests to BIND9. In other words, my BIND8 was an originator while my BIND9 was acting as a proxy. I think this case was also mentioned in numerous discussions about the plague of "sysquery: no addrs found". As soon as the BIND8 started at system boot and apparently tried to get up-to-date data on root nameservers through its forwarder, it immediately began to overflow the console and /var/log/messages with the said messages, looping very fast over the list of root nameservers, but mentioning them in a different order each time. By now, I have just noticed that my BIND8 and BIND9 will return rather different authority and additional sections in their replies when asked about, e.g., b.root-servers.net. That is, they must have quite different notions of the root zone. Now they both are running in stand-alone mode, i.e., with no forwarders configured at all. The output from dig(1) is attached below for illustration. -- Yar %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% yar@bsd:~$dig version.bind. chaos txt @158.250.32.97 ; <<>> DiG 8.3 <<>> version.bind. chaos txt @158.250.32.97 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61634 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; version.bind, type = TXT, class = CHAOS ;; ANSWER SECTION: VERSION.BIND. 0S CHAOS TXT "8.3.7-REL" ;; Total query time: 1 msec ;; FROM: bsd.chem.msu.ru to SERVER: 158.250.32.97 ;; WHEN: Sun Mar 5 13:54:15 2006 ;; MSG SIZE sent: 30 rcvd: 64 yar@bsd:~$dig b.root-servers.net. @158.250.32.97 ; <<>> DiG 8.3 <<>> b.root-servers.net. @158.250.32.97 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54593 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13 ;; QUERY SECTION: ;; b.root-servers.net, type = A, class = IN ;; ANSWER SECTION: b.root-servers.net. 6d7h23m28s IN A 192.228.79.201 ;; AUTHORITY SECTION: net. 1d7h23m29s IN NS A.GTLD-SERVERS.net. net. 1d7h23m29s IN NS G.GTLD-SERVERS.net. net. 1d7h23m29s IN NS H.GTLD-SERVERS.net. net. 1d7h23m29s IN NS C.GTLD-SERVERS.net. net. 1d7h23m29s IN NS I.GTLD-SERVERS.net. net. 1d7h23m29s IN NS B.GTLD-SERVERS.net. net. 1d7h23m29s IN NS D.GTLD-SERVERS.net. net. 1d7h23m29s IN NS L.GTLD-SERVERS.net. net. 1d7h23m29s IN NS F.GTLD-SERVERS.net. net. 1d7h23m29s IN NS J.GTLD-SERVERS.net. net. 1d7h23m29s IN NS K.GTLD-SERVERS.net. net. 1d7h23m29s IN NS E.GTLD-SERVERS.net. net. 1d7h23m29s IN NS M.GTLD-SERVERS.net. ;; ADDITIONAL SECTION: A.GTLD-SERVERS.net. 1d7h23m29s IN A 192.5.6.30 A.GTLD-SERVERS.net. 1d7h23m29s IN AAAA 2001:503:a83e::2:30 G.GTLD-SERVERS.net. 1d7h23m29s IN A 192.42.93.30 H.GTLD-SERVERS.net. 1d7h23m29s IN A 192.54.112.30 C.GTLD-SERVERS.net. 1d7h23m29s IN A 192.26.92.30 I.GTLD-SERVERS.net. 1d7h23m29s IN A 192.43.172.30 B.GTLD-SERVERS.net. 1d7h23m29s IN A 192.33.14.30 B.GTLD-SERVERS.net. 1d7h23m29s IN AAAA 2001:503:231d::2:30 D.GTLD-SERVERS.net. 1d7h23m29s IN A 192.31.80.30 L.GTLD-SERVERS.net. 1d7h23m29s IN A 192.41.162.30 F.GTLD-SERVERS.net. 1d7h23m29s IN A 192.35.51.30 J.GTLD-SERVERS.net. 1d7h23m29s IN A 192.48.79.30 K.GTLD-SERVERS.net. 1d7h23m29s IN A 192.52.178.30 ;; Total query time: 22 msec ;; FROM: bsd.chem.msu.ru to SERVER: 158.250.32.97 ;; WHEN: Sun Mar 5 13:52:58 2006 ;; MSG SIZE sent: 36 rcvd: 505 yar@bsd:~$dig version.bind. chaos txt @195.208.208.18 ; <<>> DiG 8.3 <<>> version.bind. chaos txt @195.208.208.18 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51891 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; version.bind, type = TXT, class = CHAOS ;; ANSWER SECTION: version.bind. 0S CHAOS TXT "9.3.2" ;; AUTHORITY SECTION: version.bind. 0S CHAOS NS version.bind. ;; Total query time: 1 msec ;; FROM: bsd.chem.msu.ru to SERVER: 195.208.208.18 ;; WHEN: Sun Mar 5 13:55:22 2006 ;; MSG SIZE sent: 30 rcvd: 62 yar@bsd:~$dig b.root-servers.net. @195.208.208.18 ; <<>> DiG 8.3 <<>> b.root-servers.net. @195.208.208.18 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20927 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; QUERY SECTION: ;; b.root-servers.net, type = A, class = IN ;; ANSWER SECTION: b.root-servers.net. 6d9h46m6s IN A 192.228.79.201 ;; AUTHORITY SECTION: root-servers.net. 6d9h45m30s IN NS f.root-servers.net. root-servers.net. 6d9h45m30s IN NS j.root-servers.net. root-servers.net. 6d9h45m30s IN NS k.root-servers.net. root-servers.net. 6d9h45m30s IN NS A.root-servers.net. ;; ADDITIONAL SECTION: A.root-servers.net. 6d9h45m30s IN A 198.41.0.4 ;; Total query time: 1 msec ;; FROM: bsd.chem.msu.ru to SERVER: 195.208.208.18 ;; WHEN: Sun Mar 5 13:55:44 2006 ;; MSG SIZE sent: 36 rcvd: 132