Author | Message |
computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert
Send message Joined: 28 Jul 16 Posts: 485 Credit: 394,839 RAC: 0
|
When resolving names like *.gridpp.rl.ac.uk my DNS cache logs a lot of errors like:
"skipping nameserver 'srsgsv.dl.ac.uk' because it is a CNAME"
Resolving that nameserver itself shows that it is indeed a CNAME and that's a common DNS misconfiguration.
dig srsgsv.dl.ac.uk. @nserv1.dl.ac.uk
; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> srsgsv.dl.ac.uk. @nserv1.dl.ac.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63531
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;srsgsv.dl.ac.uk. IN A
;; ANSWER SECTION:
srsgsv.dl.ac.uk. 86400 IN CNAME nserv4.dl.ac.uk.
nserv4.dl.ac.uk. 86400 IN A 148.79.80.70
;; AUTHORITY SECTION:
dl.ac.uk. 86400 IN NS ns2.rl.ac.uk.
dl.ac.uk. 86400 IN NS nserv1.dl.ac.uk.
dl.ac.uk. 86400 IN NS ns1.rl.ac.uk.
dl.ac.uk. 86400 IN NS nserv4.dl.ac.uk.
;; ADDITIONAL SECTION:
nserv1.dl.ac.uk. 86400 IN A 148.79.80.78
ns1.rl.ac.uk. 7200 IN A 130.246.135.153
ns2.rl.ac.uk. 7200 IN A 130.246.11.148
;; Query time: 50 msec
;; SERVER: 148.79.80.78#53(148.79.80.78)
;; WHEN: Mon May 01 11:24:14 CEST 2017
;; MSG SIZE rcvd: 203
Be so kind as fo forward this post to your partner institute.
|
|
ivan Volunteer moderator Project administrator Project developer Project tester Project scientist
Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,310,612 RAC: 4
|
I've notified Andrew. Hopefully he'll know who to alert. Thanks for the report.
|
|
computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert
Send message Joined: 28 Jul 16 Posts: 485 Credit: 394,839 RAC: 0
|
Thank you Ivan.
Be so kind as to also forward the following DNS issue.
If you query lcgft-atlas.gridpp.rl.ac.uk the answer gives you a couple of nameservers that will be asked in random order.
One of them is nnsa.dl.ac.uk.
This nameserver seems to be misconfigured ("lame") as it gives no IP for lcgft-atlas.gridpp.rl.ac.uk.
Correct answer from ns1.rl.ac.uk
; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> lcgft-atlas.gridpp.rl.ac.uk. @ns1.rl.ac.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32925
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 6, ADDITIONAL: 6
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lcgft-atlas.gridpp.rl.ac.uk. IN A
;; ANSWER SECTION:
lcgft-atlas.gridpp.rl.ac.uk. 2 IN A 130.246.183.175
lcgft-atlas.gridpp.rl.ac.uk. 2 IN A 130.246.223.196
lcgft-atlas.gridpp.rl.ac.uk. 2 IN A 130.246.181.128
lcgft-atlas.gridpp.rl.ac.uk. 2 IN A 130.246.183.174
;; AUTHORITY SECTION:
rl.ac.uk. 7200 IN NS srsgsv.dl.ac.uk.
rl.ac.uk. 7200 IN NS nnsa.dl.ac.uk.
rl.ac.uk. 7200 IN NS ns1.rl.ac.uk.
rl.ac.uk. 7200 IN NS ns3.rl.ac.uk.
rl.ac.uk. 7200 IN NS nserv1.dl.ac.uk.
rl.ac.uk. 7200 IN NS ns2.rl.ac.uk.
;; ADDITIONAL SECTION:
ns1.rl.ac.uk. 7200 IN A 130.246.135.153
ns2.rl.ac.uk. 7200 IN A 130.246.11.148
ns3.rl.ac.uk. 3600 IN A 148.79.80.70
nnsa.dl.ac.uk. 86400 IN A 193.62.115.16
nserv1.dl.ac.uk. 86400 IN A 148.79.80.78
;; Query time: 45 msec
;; SERVER: 130.246.135.153#53(130.246.135.153)
;; WHEN: Mon May 01 15:08:19 CEST 2017
;; MSG SIZE rcvd: 318
No answer from nnsa.dl.ac.uk causing a new query to one of the other nameservers. This happens very often as the TTL is only 2 seconds.
dig lcgft-atlas.gridpp.rl.ac.uk. @nnsa.dl.ac.uk
;; Query time: 50 msec
;; SERVER: 193.62.115.16#53(193.62.115.16)
;; WHEN: Mon May 01 15:09:18 CEST 2017
;; MSG SIZE rcvd: 56
; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> lcgft-atlas.gridpp.rl.ac.uk. @nnsa.dl.ac.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 11892
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lcgft-atlas.gridpp.rl.ac.uk. IN A
;; Query time: 50 msec
;; SERVER: 193.62.115.16#53(193.62.115.16)
;; WHEN: Mon May 01 15:09:18 CEST 2017
;; MSG SIZE rcvd: 56
|
|
ivan Volunteer moderator Project administrator Project developer Project tester Project scientist
Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,310,612 RAC: 4
|
Response: "Thanks for this, I've forwarded it on to the appropriate people in STFC."
|
|
ivan Volunteer moderator Project administrator Project developer Project tester Project scientist
Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,310,612 RAC: 4
|
Done. I take it May 1st isn't a holiday where you are? :-)
|
|
computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert
Send message Joined: 28 Jul 16 Posts: 485 Credit: 394,839 RAC: 0
|
Done. I take it May 1st isn't a holiday where you are? :-)
It is.
And very quiet.
So it's enough time to dig a bit deeper in the logfiles.
;-)
|
|
ivan Volunteer moderator Project administrator Project developer Project tester Project scientist
Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,310,612 RAC: 4
|
Fair enough!
|
|
ivan Volunteer moderator Project administrator Project developer Project tester Project scientist
Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,310,612 RAC: 4
|
New response from Andrew:
"It should be fixed now. The nameservers with problems were not actually meant to be in use :-)"
|
|
computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert
Send message Joined: 28 Jul 16 Posts: 485 Credit: 394,839 RAC: 0
|
Great!
Looks good now.
This measure could save about 8 ms per DNS query to that zone.
Hmmm, in 100,000,000 years ...
:-D
|
|
ivan Volunteer moderator Project administrator Project developer Project tester Project scientist
Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,310,612 RAC: 4
|
[Sirius Cybernetics Corporation] Glad to be of service! [/Sirius Cybernetics Corporation]
|
|
computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert
Send message Joined: 28 Jul 16 Posts: 485 Credit: 394,839 RAC: 0
|
Sorry to bother again.
There is still (or again?) a "lame" nameserver in the query chain for *.rl.ac.uk.
nnsa.dl.ac.uk.
193.62.115.16
|
|