Bind forgets to forward

richie1985 · September 2, 2022, 12:50pm

Hi,

i have something crazy, i dont get what is the reason…

my local dns server 192.168.200.2 should forward all not known entrys to 192.168.62.1, so i set it as forwarder…
it works without any problems BUT after sometime it dont forward any more… after a restart of the bind service it works again:

grafik

what the hell could cause this issue?

Thx!

Erik

knebb · September 2, 2022, 9:19pm

Hi,

sounds indeed weird. I guess replication got stuck for some reason. Check here.

And/ or check your DNS/Bind log entries. Be aware when using LDAP as backend there is a second bind-process running!

My recommendation is to use the Samba backend on all UCS using Samba and only change to LDAP where Samba is not installed!

/KNEBB

richie1985 · January 10, 2023, 5:06pm

hey,

we still have this issue… we have a currently a workaround that we restart ucs dns server every 30 minutes… quiet stupid i know.

i also set dns loglevel to 11, have massive logs… but nothing that could explain why it stopped forwarding request for a specifc domain…

and of course we use every where samba backend.

maybe you have a other idea?

thank you very much!

richie1985 · May 13, 2023, 5:42pm

now i have some logs, it seems it bind tries to ask a ipv6 dns server? thats of course not working and after that ucs bind didnt forward it correctly until i restart bind, can someone point me in the right direction?

May 13 17:51:48 dc-gr named[28730]: client @0x7fed6515bbb0 192.168.204.9#63620 (zentrale.xxxx): next
May 13 17:51:48 dc-gr named[28730]: client @0x7fed6515bbb0 192.168.204.9#63620 (zentrale.xxxx): request failed: duplicate query
May 13 17:51:48 dc-gr named[28730]: client @0x7fed6515bbb0 192.168.204.9#63620 (zentrale.xxxx): ns_client_detach: ref = 0
May 13 17:51:48 dc-gr named[28730]: client @0x7fed6515bbb0 192.168.204.9#63620 (zentrale.xxxx): endrequest
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:503:ba3e::2:30#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  25831#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 31cabf995763a37a#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:503:ba3e::2:30#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:500:200::b#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  58120#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: eba08642456a8b5e#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:500:200::b#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:500:2::c#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  10290#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 48d35de1996e306c#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:500:2::c#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:500:2f::f#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  61298#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 704d6fc078e884f2#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:500:2f::f#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:500:12::d0d#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  13404#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 1045b867ef9e8c04#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:500:12::d0d#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:500:1::53#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  48434#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: a5f9912f0684cbe5#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:500:1::53#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:7fe::53#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  60996#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: f2df9a226a851b64#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:7fe::53#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:503:c27::2:30#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  43705#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 0e6d0a7d58db3ae1#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:503:c27::2:30#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:500:9f::42#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  13492#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: a188890bc7120deb#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:500:9f::42#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:dc3::35#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  23371#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 814d8504e672f3f2#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:dc3::35#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:7fd::1#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  38685#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 2ef2b8d63b17784f#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:7fd::1#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:500:a8::e#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  16086#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 85778cd0598f3ebf#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:500:a8::e#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 2001:500:2d::d#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  64134#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 17623a46ed2a6924#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: network unreachable resolving 'zentrale.xxxx/AAAA/IN': 2001:500:2d::d#53
May 13 17:51:48 dc-gr named[28730]: sending packet to 198.41.0.4#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  32365#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 512#012; COOKIE: 028699658ec8886d#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: received packet from 198.41.0.4#53#012;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  32365#012;; flags: qr aa tc; QUESTION: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 1472#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012#012;; AUTHORITY SECTION:#012;fitness.#011#01186400#011IN#011NSEC#011fj. NS DS RRSIG NSEC#012;fitness.#011#01186400#011IN#011RRSIG#011NSEC 8 1 86400 (#012;#011#011#011#011#011#01120230526050000 20230513040000 60955 .#012;#011#011#011#011#011#011HkGrqHUfVUbNnIyVmPa53Ea7o98A#012;#011#011#011#011#011#011SItdHt2Y6PSEFNaRoaAcQ0u3+uBe#012;#011#011#011#011#011#011A311nEv6TUL/hOAb2U6yTYaMem96#012;#011#011#011#011#011#0110cZmD+xIPNr4Zeu85SLEijtgAifm#012;#011#011#011#011#011#011NWI9je06S+G/5JJWgyGplndQI97T#012;#011#011#011#011#011#011fRcIsFZ6ARrnDhMk2VkB5Y2oflKo#012;#011#011#011#011#011#011o7msYQaBEHNHjro6Vlz7EDGIvC+D#012;#011#011#011#011#011#0110KnNK3ujh9HxqJs87pgODAf1xBae#012;#011#011#011#011#011#011ZZgv3vIarir7FI0eFYbzWptMYIWm#012;#011#011#011#011#011#011JHNS4KVULEUdY07ffZ/X6asx3rdk#012;#011#011#011#011#011#011zMLNUv7UNObXC/38T4mQk9eFCN6t#012;#011#011#011#011#011#011OH1QIqcA9xyqbl860u4qZf9cSftR#012;#011#011#011#011#011#011kbKXRg== )#012
May 13 17:51:48 dc-gr named[28730]: sending packet to 198.41.0.4#53#012;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  59432#012;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 4096#012; COOKIE: 028699658ec8886d#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012
May 13 17:51:48 dc-gr named[28730]: received packet from 198.41.0.4#53#012;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  59432#012;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1#012;; OPT PSEUDOSECTION:#012; EDNS: version: 0, flags: do; udp: 1472#012;; QUESTION SECTION:#012;zentrale.xxxx.#011#011#011IN#011AAAA#012#012;; AUTHORITY SECTION:#012;fitness.#011#01186400#011IN#011NSEC#011fj. NS DS RRSIG NSEC#012;fitness.#011#01186400#011IN#011RRSIG#011NSEC 8 1 86400 (#012;#011#011#011#011#011#01120230526050000 20230513040000 60955 .#012;#011#011#011#011#011#011HkGrqHUfVUbNnIyVmPa53Ea7o98A#012;#011#011#011#011#011#011SItdHt2Y6PSEFNaRoaAcQ0u3+uBe#012;#011#011#011#011#011#011A311nEv6TUL/hOAb2U6yTYaMem96#012;#011#011#011#011#011#0110cZmD+xIPNr4Zeu85SLEijtgAifm#012;#011#011#011#011#011#011NWI9je06S+G/5JJWgyGplndQI97T#012;#011#011#011#011#011#011fRcIsFZ6ARrnDhMk2VkB5Y2oflKo#012;#011#011#011#011#011#011o7msYQaBEHNHjro6Vlz7EDGIvC+D#012;#011#011#011#011#011#0110KnNK3ujh9HxqJs87pgODAf1xBae#012;#011#011#011#011#011#011ZZgv3vIarir7FI0eFYbzWptMYIWm#012;#011#011#011#011#011#011JHNS4KVULEUdY07ffZ/X6asx3rdk#012;#011#011#011#011#011#011zMLNUv7UNObXC/38T4mQk9eFCN6t#012;#011#011#011#011#011#011OH1QIqcA9xyqbl860u4qZf9cSftR#012;#011#011#011#011#011#011kbKXRg== )#012;.#011#011#01186400#011IN#011NSEC#011aaa. NS SOA RRSIG NSEC DNSKEY#012;.#011#011#01186400#011IN#011RRSIG#011NSEC 8 0 86400 (#012;#011#011#011#011#011#01120230526050000 20230513040000 60955 .#012;#011#011#011#011#011#011Rd8oqQZ9u5ZGp5G2/M+8c5vNdRI9#012;#011#011#011#011#011#011H8j0lVT+eB1zPoGz2qDwi4c13+Mg#012;#011#011#011#011#011#011Pq+waO4SLoNGvPERACpWv8LzD2Dv#012;#011#011#011#011#011#0117//s+/ng1rC0GlUXK4Dv7jHnx81G#012;#011#011#011#011#011#011pxqcf4lEOT89acEu1aYlcLXJkAiM#012;#011#011#011#011#011#011NxvLigfEwiduTl9La88zKxuTm4Ht#012;#011#011#011#011#011#011HHo9wDiFCXlq4z9fyDhyI2B6XXhx#012;#011#011#011#011#011#011gqkNl3+yIze+yshY0rKr3ZVSszWE#012;#011#011#011#011#011#011eIdtbamRR8HuskQ39kW/lL06PcUl#012;#011#011#011#011#011#011LTXuzVhdUqJDUnKEHSHn9xMfGR+8#012;#011#011#011#011#011#0118d4Hg9rriJARF2QF8p7WgoeK/BYR#012;#011#011#011#011#011#011L27mrmkpT/Y5Yb7jx2+JzQ7KqFSb#012;#011#011#011#011#011#011rNC+oA== )#012;.#011#011#01186400#011IN#011SOA#011a.root-servers.net. nstld.verisign-grs.com. (#012;#011#011#011#011#011#0112023051300 ; serial#012;#011#011#011#011#011#0111800       ; refresh (30 minutes)#012;#011#011#011#011#011#011900        ; retry (15 minutes)#012;#011#011#011#011#011#011604800     ; expire (1 week)#012;#011#011#011#011#011#01186400      ; minimum (1 day)#012;#011#011#011#011#011#011)#012;.#011#011#01186400#011IN#011RRSIG#011SOA 8 0 86400 (#012;#011#011#011#011#011#01120230526050000 20230513040000 60955 .#012;#011#011#011#011#011#011qEmADm8CZgwZII+u8lm0JTzG2Zwv#012;#011#011#011#011#011#011lTL/I8A16WRkxAFUvD0d0QIgKTpD#012;#011#011#011#011#011#011RKJ8MduJENV8I9QK4YbSEnA0TUMh#012;#011#011#011#011#011#01117qpCirGBccY/Zi8m3yYLKD5et4U#012;#011#011#011#011#011#011bsZm9Q/jqkZXBnpVJ29jERp9hU2Z#012;#011#011#011#011#011#011vJBkFCeUoMvHABs6rN7wWTvNQr/M#012;#011#011#011#011#011#011e6VqnBfKRUVwNxl6uWnr44xV5nfX#012;#011#011#011#011#011#011JjgNkaGGht/tEp8exOjT4o/UvWye#012;#011#011#011#011#011#011xMqRY8RbzAyZnXYhATasqL5qpE4Q#012;#011#011#011#011#011#011y0mqti1GSybKLbDEwdFMxn/pdEtV#012;#011#011#011#011#011#011MfJGFqPlz0ehFno+WfSitMgSFApj#012;#011#011#011#011#011#0112X7Cudd/q3Vjk9lWCu6BCtRK9LHv#012;#011#011#011#011#011#0113vRJ2g== )#012
May 13 17:51:48 dc-gr named[28730]: log_ns_ttl: fctx 0x7fed6596b580: noanswer_response: zentrale.xxxx (in '.'?): 1 408893
May 13 17:51:48 dc-gr named[28730]: client @0x7fed657da6b0 192.168.204.9#63620 (zentrale.xxxx): send
May 13 17:51:48 dc-gr named[28730]: client @0x7fed657da6b0 192.168.204.9#63620 (zentrale.xxxx): sendto
May 13 17:51:48 dc-gr named[28730]: client @0x7fed657da6b0 192.168.204.9#63620 (zentrale.xxxx): senddone
May 13 17:51:48 dc-gr named[28730]: client @0x7fed657da6b0 192.168.204.9#63620 (zentrale.xxxx): next
May 13 17:51:48 dc-gr named[28730]: client @0x7fed657da6b0 192.168.204.9#63620 (zentrale.xxxx): ns_client_detach: ref = 0
May 13 17:51:48 dc-gr named[28730]: client @0x7fed657da6b0 192.168.204.9#63620 (zentrale.xxxx): endrequest