help with FC3 and Bugzilla Bug 161181 DNS truncation
Paul Howarth
paul at city-fan.org
Wed Aug 24 13:06:51 UTC 2005
Skunk Worx wrote:
> Paul Howarth wrote:
>
>> On Mon, 2005-08-22 at 12:58 -0700, Skunk Worx wrote:
>>
>>> Paul Howarth wrote:
>>>
>>>> On Sun, 2005-08-21 at 16:54 -0700, Skunk Worx wrote:
>>>>
>>>>
>>>>> My FC3 local caching DNS is placing the AUTHORITY section in the
>>>>> responses. I think this exceeds a certain size threshold and I get
>>>>> this :
>>>>>
>>>>> # dig @10.0.0.2 www.wikipedia.org
>>>>> ;; Truncated, retrying in TCP mode.
>>>>>
>>>>> When I go directly to my ISP's dns, it is fine, I assume because
>>>>> there is no lengthy AUTHORITY section in their reply.
>>>>
>>>>
>>>>
>>>> What lengthy AUTHORITY section? I'm getting just this:
>>>>
>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 3, ADDITIONAL: 3
>>>>
>>>
>>> So far I always get back AUTHORITY: 13 from my local caching DNS with
>>> lines in the form of :
>>>
>>> . 28240 IN NS A.ROOT-SERVERS.NET.
>>>
>>> If I make an empty root.hints file I get SERVFAIL. If I try trimming
>>> down the root.hints file, or removing it, I get all 13 entries back.
>>>
>>> Dig'ing directly to my ISPs DNS returns AUTHORITY: 0 (no list), so
>>> the size of the response is not big enough to trigger the glibc bug.
>>>
>>> I've been fooling with the root.hints, zone and conf files and
>>> reviewing the caching DNS howto's (via google) but so far it's all or
>>> nothing (13 AUTHORITY: entries or SERVFAIL).
>>
>>
>>
>> What's strange about this is that the AUTHORITY section should be
>> returning the 3 wikipedia.org nameservers, not the root servers.
>>
>> What do you get for:
>> $ dig www.wikipedia.org +trace
>> $ rpm -q bind
>>
>
> Thanks again for your continuing help. I must have some configuration
> setting botched to be getting all those root server entries.
>
> --
> SW
>
> $ dig www.wikipedia.org +trace
>
> ; <<>> DiG 9.2.5 <<>> www.wikipedia.org +trace
> ;; global options: printcmd
> . 38309 IN NS D.ROOT-SERVERS.NET.
> . 38309 IN NS E.ROOT-SERVERS.NET.
> . 38309 IN NS F.ROOT-SERVERS.NET.
> . 38309 IN NS G.ROOT-SERVERS.NET.
> . 38309 IN NS H.ROOT-SERVERS.NET.
> . 38309 IN NS I.ROOT-SERVERS.NET.
> . 38309 IN NS J.ROOT-SERVERS.NET.
> . 38309 IN NS K.ROOT-SERVERS.NET.
> . 38309 IN NS L.ROOT-SERVERS.NET.
> . 38309 IN NS M.ROOT-SERVERS.NET.
> . 38309 IN NS A.ROOT-SERVERS.NET.
> . 38309 IN NS B.ROOT-SERVERS.NET.
> . 38309 IN NS C.ROOT-SERVERS.NET.
> ;; Received 260 bytes from 10.0.0.2#53(10.0.0.2) in 3 ms
>
> org. 172800 IN NS TLD1.ULTRADNS.NET.
> org. 172800 IN NS TLD2.ULTRADNS.NET.
> org. 172800 IN NS TLD3.ULTRADNS.org.
> org. 172800 IN NS TLD4.ULTRADNS.org.
> org. 172800 IN NS TLD5.ULTRADNS.INFO.
> org. 172800 IN NS TLD6.ULTRADNS.CO.UK.
> ;; Received 293 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 103 ms
>
> wikipedia.org. 86400 IN NS ns2.wikimedia.org.
> wikipedia.org. 86400 IN NS ns1.wikimedia.org.
> wikipedia.org. 86400 IN NS ns0.wikimedia.org.
> ;; Received 147 bytes from 204.74.112.1#53(TLD1.ULTRADNS.NET) in 20 ms
>
> www.wikipedia.org. 3600 IN CNAME rr.wikimedia.org.
> rr.wikimedia.org. 600 IN CNAME rr.pmtpa.wikimedia.org.
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.248
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.204
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.210
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.246
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.235
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.213
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.245
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.203
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.206
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.214
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.247
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.236
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.202
> rr.pmtpa.wikimedia.org. 3600 IN A 207.142.131.205
> ;; Received 309 bytes from 145.97.39.158#53(ns2.wikimedia.org) in 168 ms
So that looks OK then.
Is your named configured to resolve things itself, or forward requests
to your ISP's server? Whatever it is, trying the other option might work
around the issue for the time being.
Paul.
More information about the fedora-list
mailing list