query id=1?

permalink · #1 (**permalink**) 03-02-2004

Hi,
I'm trying to find out why certain clients (dnstest.com for
example) are having difficulty receiving results from my company's public
nameservers. Most users have no problems, and whois all seems to work,
but for one client they are reporting difficulties, and dnstest.com is
giving NS fails for some reason. Here's my tcpdump:

(a number of successful accesses)
vnsc-bak.sys.gtei.net.domain: 24043+ PTR? 190.185.168.192.in-addr.arpa.
(46) (DF)
vnsc-bak.sys.gtei.net.domain: 21755+ PTR? 2.2.2.4.in-addr.arpa. (38)
(DF)
mail.tradeware.com.50659: 24043 NXDomain 0/1/0 (123) (DF)
mail.tradeware.com.50660: 21755 1/0/0 PTR[|domain] (DF)
ns1.tradeware.com.domain: 14225+ A? mail.tradeware.com. (36)
stage.prinsite.com.2276: 14225*- 1/3/3 A mail.tradeware.com (154) (DF)

(and where dnstest breaks down)

http://www.dnsreport.com/tools/dnsre...=tradeware.com

14:51:07.537286 test.dnsstuff.com.4706 > ns1.tradeware.com.domain: 1+
NS? tradeware.com. (31)
14:51:07.537614 test.dnsstuff.com.4707 > ns1.tradeware.com.domain: 1+
TXT CHAOS)? version.bind. (30)
14:51:07.537964 test.dnsstuff.com.4708 > ns1.tradeware.com.domain: 1+
SOA? tradeware.com. (31)
14:51:07.538314 test.dnsstuff.com.4709 > ns1.tradeware.com.domain: 1+
MX? tradeware.com. (31)
14:51:07.538980 test.dnsstuff.com.4710 > ns1.tradeware.com.domain: 1+ A?
www.tradeware.com. (35)
14:51:07.539337 test.dnsstuff.com.4711 > ns1.tradeware.com.domain: 1+
CNAME? tradeware.com. (31)
14:51:07.540195 test.dnsstuff.com.4712 > ns1.tradeware.com.domain: 1+
CNAME? ns1.tradeware.com. (35)
14:51:07.549202 test.dnsstuff.com.4720 > mail.tradeware.com.domain: 1+
NS? tradeware.com. (31)
14:51:07.549536 test.dnsstuff.com.4721 > mail.tradeware.com.domain: 1+
TXT CHAOS)? version.bind. (30)
14:51:07.551350 test.dnsstuff.com.4722 > mail.tradeware.com.domain: 1+
SOA? tradeware.com. (31)
14:51:07.552556 test.dnsstuff.com.4723 > mail.tradeware.com.domain: 1+
MX? tradeware.com. (31)
14:51:07.553210 test.dnsstuff.com.4724 > mail.tradeware.com.domain: 1+
A? www.tradeware.com. (35)
14:51:07.553563 test.dnsstuff.com.4725 > mail.tradeware.com.domain: 1+
CNAME? tradeware.com. (31)
14:51:07.555827 test.dnsstuff.com.4726 > mail.tradeware.com.domain: 1+
CNAME? ns3.tradeware.com. (35)

So is test.dnsstuff.com setting its query id to 1 for a
particular reason (can clients set their own query id)? Is there an
issue with bind that prohibits or chokes on a query id of 1? Apparently
one of our clients uses a mail provider that runs Exchange on the
Internet, who's having similar failures to resolve our IPs. Is there
something I'm missing in my BIND config that other BINDs silently ignore?
From what I've heard, nobody else has this issue.

We're running BIND 9.2.1.

Cheers,
- Matt
--
"When in doubt, use brute force."
- Ken Thompson

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode