On 23/08/2013 4:43 a.m., johnh_at_primebuchholz.com wrote:
> Greetings List,
>
> This is a really strange problem, that I can't tell if it's squid or bind
> causing it. Here's the summary:
>
> For only ONE address, whenever I attempt to access it through the proxy,
> the record disappears from DNS, and the retry time changes too.
> Essentially, accessing www.thisdomain.com works, but a link to a portal on
> that page to the subdomain login.thisdomain.com causes the problem. Here's
> a the output of dig from before accessing the page:
>
> ; <<>> DiG 9.4.1-P1 <<>> login.thisdomain.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45037
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;login.thisdomain.com. IN A
>
> ;; ANSWER SECTION:
> login.thisdomain.com. 17 IN A 111.222.333.123
>
> ;; AUTHORITY SECTION:
> thisdomain.com. 168319 IN NS ns1.thisdomain.com.
> thisdomain.com. 168319 IN NS ns2.thisdomain.com.
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Aug 22 12:29:57 2013
> ;; MSG SIZE rcvd: 88
>
> You can do anything to request the address from bind and it works,
> *except* try to access it through squid. Bypassing squid and going
> directly through the firewall works fine.
>
> Now, immediately after you try to access it through squid:
>
> ; <<>> DiG 9.4.1-P1 <<>> login.thisdomain.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43943
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;login.thisdomain.com. IN A
>
> ;; AUTHORITY SECTION:
> thisdomain.com. 298 IN SOA ns1.thisdomain.com.
> serv.anotherdomain.com. 2006062510 3600 3600 2592000 300
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Aug 22 12:30:06 2013
> ;; MSG SIZE rcvd: 95
>
> After the 5-minute retry shown above expires, the original record
> reappears.
>
> Ideas? Should I be looking at squid, or bind for the issue? Has anyone
> seen anything similar before? All other proxy and dns operations work
> perfectly, and it's a pretty heavily utilized proxy. I'm stumped.
Keep in mind that Squid is no just performing a standard A record
lookup. It is performing both AAAA and A record lookups with EDNS
advertisement on each.
I've seen similar issues when testing the EDNS extensions and >16KB
jumbogram packets through a consumer retail ADSL device. The EDNS
extension on A record would crash the devices DNS relay or something to
that effect.
I've also heard about some older versions of bind having strange issues
when AAAA record lookups were combined with certain SERVFAIL responses
from upstream. If you have anything less than bind 9, please upgrade.
Amos
Received on Fri Aug 23 2013 - 09:05:00 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 23 2013 - 12:00:35 MDT