Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 5 Mar 2006 14:19:43 +0300
From:      Yar Tikhiy <yar@comp.chem.msu.su>
To:        Doug Barton <dougb@FreeBSD.org>
Cc:        freebsd-net@FreeBSD.org
Subject:   Re: BIND incompatibility
Message-ID:  <20060305111943.GC18983@comp.chem.msu.su>
In-Reply-To: <440A9D0B.7020703@FreeBSD.org>
References:  <20060304191306.GA600@comp.chem.msu.su> <440A9D0B.7020703@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Mar 05, 2006 at 12:10:51AM -0800, Doug Barton wrote:
> Yar Tikhiy wrote:
> > Hi there,
> > 
> > Just want to remind about a problem I've finally run into myself.
> > There has been a lot of gossip on it, but next to no tech details.
> > Namely, BIND8 will go nuts and spit out tons of error messages per
> > second if its forwarder happens to be BIND9 and "forwarders only"
> > is not in effect.  The error message reads:
> > 
> > 	sysquery: no addrs found for root NS
> > 
> > I saw that after two my DNS servers had been upgraded today along
> > their respective branches, 4-STABLE and 6-STABLE, which had involved
> > no changes to named.conf or named.root.
> > 
> > Has anybody got links to tech details why the trouble happens?
> > Sorry, today I had little time for debugging and tcpdumping, just
> > had to make sure it all worked by the end of the day :-)
> 
> Not 100% sure from your description, but it's possible that you're falling
> victim to the problem described here:
> 
> http://www.isc.org/index.pl?/sw/bind/bind8.php

My case was exactly opposite: BIND8 was trying to forward its
requests to BIND9.  In other words, my BIND8 was an originator while
my BIND9 was acting as a proxy.  I think this case was also mentioned
in numerous discussions about the plague of "sysquery: no addrs found".

As soon as the BIND8 started at system boot and apparently tried
to get up-to-date data on root nameservers through its forwarder,
it immediately began to overflow the console and /var/log/messages
with the said messages, looping very fast over the list of root
nameservers, but mentioning them in a different order each time.

By now, I have just noticed that my BIND8 and BIND9 will return
rather different authority and additional sections in their replies
when asked about, e.g., b.root-servers.net.  That is, they must
have quite different notions of the root zone.  Now they both are
running in stand-alone mode, i.e., with no forwarders configured
at all.  The output from dig(1) is attached below for illustration.

-- 
Yar

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

yar@bsd:~$dig version.bind. chaos txt @158.250.32.97

; <<>> DiG 8.3 <<>> version.bind. chaos txt @158.250.32.97
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61634
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      version.bind, type = TXT, class = CHAOS

;; ANSWER SECTION:
VERSION.BIND.           0S CHAOS TXT    "8.3.7-REL"

;; Total query time: 1 msec
;; FROM: bsd.chem.msu.ru to SERVER: 158.250.32.97
;; WHEN: Sun Mar  5 13:54:15 2006
;; MSG SIZE  sent: 30  rcvd: 64

yar@bsd:~$dig b.root-servers.net. @158.250.32.97

; <<>> DiG 8.3 <<>> b.root-servers.net. @158.250.32.97
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54593
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
;; QUERY SECTION:
;;      b.root-servers.net, type = A, class = IN

;; ANSWER SECTION:
b.root-servers.net.     6d7h23m28s IN A  192.228.79.201

;; AUTHORITY SECTION:
net.                    1d7h23m29s IN NS  A.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  G.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  H.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  C.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  I.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  B.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  D.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  L.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  F.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  J.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  K.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  E.GTLD-SERVERS.net.
net.                    1d7h23m29s IN NS  M.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net.     1d7h23m29s IN A  192.5.6.30
A.GTLD-SERVERS.net.     1d7h23m29s IN AAAA  2001:503:a83e::2:30
G.GTLD-SERVERS.net.     1d7h23m29s IN A  192.42.93.30
H.GTLD-SERVERS.net.     1d7h23m29s IN A  192.54.112.30
C.GTLD-SERVERS.net.     1d7h23m29s IN A  192.26.92.30
I.GTLD-SERVERS.net.     1d7h23m29s IN A  192.43.172.30
B.GTLD-SERVERS.net.     1d7h23m29s IN A  192.33.14.30
B.GTLD-SERVERS.net.     1d7h23m29s IN AAAA  2001:503:231d::2:30
D.GTLD-SERVERS.net.     1d7h23m29s IN A  192.31.80.30
L.GTLD-SERVERS.net.     1d7h23m29s IN A  192.41.162.30
F.GTLD-SERVERS.net.     1d7h23m29s IN A  192.35.51.30
J.GTLD-SERVERS.net.     1d7h23m29s IN A  192.48.79.30
K.GTLD-SERVERS.net.     1d7h23m29s IN A  192.52.178.30

;; Total query time: 22 msec
;; FROM: bsd.chem.msu.ru to SERVER: 158.250.32.97
;; WHEN: Sun Mar  5 13:52:58 2006
;; MSG SIZE  sent: 36  rcvd: 505

yar@bsd:~$dig version.bind. chaos txt @195.208.208.18

; <<>> DiG 8.3 <<>> version.bind. chaos txt @195.208.208.18
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51891
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      version.bind, type = TXT, class = CHAOS

;; ANSWER SECTION:
version.bind.           0S CHAOS TXT    "9.3.2"

;; AUTHORITY SECTION:
version.bind.           0S CHAOS NS     version.bind.

;; Total query time: 1 msec
;; FROM: bsd.chem.msu.ru to SERVER: 195.208.208.18
;; WHEN: Sun Mar  5 13:55:22 2006
;; MSG SIZE  sent: 30  rcvd: 62

yar@bsd:~$dig b.root-servers.net. @195.208.208.18

; <<>> DiG 8.3 <<>> b.root-servers.net. @195.208.208.18
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20927
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; QUERY SECTION:
;;      b.root-servers.net, type = A, class = IN

;; ANSWER SECTION:
b.root-servers.net.     6d9h46m6s IN A  192.228.79.201

;; AUTHORITY SECTION:
root-servers.net.       6d9h45m30s IN NS  f.root-servers.net.
root-servers.net.       6d9h45m30s IN NS  j.root-servers.net.
root-servers.net.       6d9h45m30s IN NS  k.root-servers.net.
root-servers.net.       6d9h45m30s IN NS  A.root-servers.net.

;; ADDITIONAL SECTION:
A.root-servers.net.     6d9h45m30s IN A  198.41.0.4

;; Total query time: 1 msec
;; FROM: bsd.chem.msu.ru to SERVER: 195.208.208.18
;; WHEN: Sun Mar  5 13:55:44 2006
;; MSG SIZE  sent: 36  rcvd: 132

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060305111943.GC18983>