Con Wieland
2018-05-31 19:09:48 UTC
I have a nameserver that can not resolve extranet.aro.army.mil.
dig extranet.aro.army.mil
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> extranet.aro.army.mil
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56491
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;extranet.aro.army.mil. IN A
;; Query time: 4004 msec
;; SERVER: 128.200.1.201#53(128.200.1.201)
;; WHEN: Thu May 31 11:58:23 PDT 2018
;; MSG SIZE rcvd: 50
dig any works though
dig any extranet.aro.army.mil
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> any extranet.aro.army.mil
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36259
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;extranet.aro.army.mil. IN ANY
;; ANSWER SECTION:
extranet.aro.ARMY.mil. 5 IN CNAME aro.army.mil.apps.gcds.disa.mil.
extranet.aro.ARMY.mil. 5 IN RRSIG CNAME 8 4 3600 20180603234628 20180530232344 17853 aro.army.mil. FWADxA2KjVZGnMJMrqCeQaaIhYdyf/pgu5OkBkCk/BAVyRnRaksGbNhx WP15FIQpfXHZXpuV7ChQoGxGXbmpFZc6khlBgOHxhhOSykiJeVB53QR6 8uvu1cRQ6gy7yeaGHvVUFsYyPlSyitY4kWS1v5RS70RhNVviVaSmaEBu JAkACgMdQs8FG6y8E5Uhsazsl3fX6p2b5wX8ohwCYaFygHoIZqq+TBJX HxcX6MOdPfyyP0UeM+aC1x/58HQXekRlpY8VXujBSjDbVIWZKI/EdA0o Z6eXuGBExkzl4IctnwGSGTyQgtWRovDoJEiRi/jyss/Z4BlMBvpbDBJi AC0b9g==
;; AUTHORITY SECTION:
aro.ARMY.mil. 2921 IN NS ns03.army.mil.
aro.ARMY.mil. 2921 IN NS ns02.army.mil.
aro.ARMY.mil. 2921 IN NS ns01.army.mil.
;; ADDITIONAL SECTION:
NS01.ARMY.mil. 582 IN A 140.153.43.44
NS02.ARMY.mil. 20920 IN A 192.82.113.7
NS03.ARMY.mil. 279 IN A 130.114.200.6
;; Query time: 0 msec
;; SERVER: 128.200.1.201#53(128.200.1.201)
;; WHEN: Thu May 31 12:00:39 PDT 2018
;; MSG SIZE rcvd: 530
and to further confuse the issue, resolution from a nameserver that does resolve this shows different nameservers listed for the default query and the “any” query
dig extranet.aro.army.mil
; <<>> DiG 9.3.4-P1 <<>> extranet.aro.army.mil
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 359
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;extranet.aro.army.mil. IN A
;; ANSWER SECTION:
extranet.aro.ARMY.mil. 801 IN CNAME aro.army.mil.apps.gcds.disa.mil.
aro.army.mil.apps.gcds.DISA.mil. 247 IN CNAME aro.army.mil.edgekey.dmz.akamai.csd.disa.mil.
aro.army.mil.edgekey.dmz.akamai.csd.disa.mil. 180 IN CNAME e1008.d.akamaiedge.akamai.csd.disa.mil.
e1008.d.akamaiedge.akamai.csd.disa.mil. 20 IN A 214.48.248.31
;; AUTHORITY SECTION:
DISA.mil. 17124 IN NS NS1.CSD.DISA.MIL.
DISA.mil. 17124 IN NS NS.CYBERCOM.MIL.
DISA.mil. 17124 IN NS NS.JTFGNO.MIL.
;; ADDITIONAL SECTION:
NS.JTFGNO.mil. 17124 IN A 214.3.125.231
NS.CYBERCOM.mil. 17124 IN A 131.77.60.235
NS1.CSD.DISA.mil. 17124 IN A 152.229.110.235
;; Query time: 161 msec
;; SERVER: 128.200.192.203#53(128.200.192.203)
;; WHEN: Thu May 31 12:03:21 2018
;; MSG SIZE rcvd: 384
and “any” include the RRSIG record and different nameservers
dig any extranet.aro.army.mil
; <<>> DiG 9.3.4-P1 <<>> any extranet.aro.army.mil
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 763
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 2
;; QUESTION SECTION:
;extranet.aro.army.mil. IN ANY
;; ANSWER SECTION:
extranet.aro.ARMY.mil. 732 IN RRSIG CNAME 8 4 3600 20180603234628 20180530232344 17853 aro.army.mil. FWADxA2KjVZGnMJMrqCeQaaIhYdyf/pgu5OkBkCk/BAVyRnRaksGbNhx WP15FIQpfXHZXpuV7ChQoGxGXbmpFZc6khlBgOHxhhOSykiJeVB53QR6 8uvu1cRQ6gy7yeaGHvVUFsYyPlSyitY4kWS1v5RS70RhNVviVaSmaEBu JAkACgMdQs8FG6y8E5Uhsazsl3fX6p2b5wX8ohwCYaFygHoIZqq+TBJX HxcX6MOdPfyyP0UeM+aC1x/58HQXekRlpY8VXujBSjDbVIWZKI/EdA0o Z6eXuGBExkzl4IctnwGSGTyQgtWRovDoJEiRi/jyss/Z4BlMBvpbDBJi AC0b9g==
extranet.aro.ARMY.mil. 732 IN CNAME aro.army.mil.apps.gcds.disa.mil.
;; AUTHORITY SECTION:
ARMY.mil. 17055 IN NS NS01.ARMY.MIL.
ARMY.mil. 17055 IN NS NS02.ARMY.MIL.
ARMY.mil. 17055 IN NS NS03.ARMY.MIL.
;; ADDITIONAL SECTION:
NS01.ARMY.mil. 17055 IN A 140.153.43.44
NS02.ARMY.mil. 17055 IN A 192.82.113.7
;; Query time: 2 msec
;; SERVER: 128.200.192.203#53(128.200.192.203)
;; WHEN: Thu May 31 12:04:29 2018
;; MSG SIZE rcvd: 506
To further confuse this, this server worked until it’s IP address changed when it replace an existing server. There were no configuration changes only the ip address and it is otherwise fully functioning..
any leads on where to start looking or further trouble shooting ideas would really be appreciated.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-***@lists.i
dig extranet.aro.army.mil
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> extranet.aro.army.mil
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56491
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;extranet.aro.army.mil. IN A
;; Query time: 4004 msec
;; SERVER: 128.200.1.201#53(128.200.1.201)
;; WHEN: Thu May 31 11:58:23 PDT 2018
;; MSG SIZE rcvd: 50
dig any works though
dig any extranet.aro.army.mil
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> any extranet.aro.army.mil
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36259
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;extranet.aro.army.mil. IN ANY
;; ANSWER SECTION:
extranet.aro.ARMY.mil. 5 IN CNAME aro.army.mil.apps.gcds.disa.mil.
extranet.aro.ARMY.mil. 5 IN RRSIG CNAME 8 4 3600 20180603234628 20180530232344 17853 aro.army.mil. FWADxA2KjVZGnMJMrqCeQaaIhYdyf/pgu5OkBkCk/BAVyRnRaksGbNhx WP15FIQpfXHZXpuV7ChQoGxGXbmpFZc6khlBgOHxhhOSykiJeVB53QR6 8uvu1cRQ6gy7yeaGHvVUFsYyPlSyitY4kWS1v5RS70RhNVviVaSmaEBu JAkACgMdQs8FG6y8E5Uhsazsl3fX6p2b5wX8ohwCYaFygHoIZqq+TBJX HxcX6MOdPfyyP0UeM+aC1x/58HQXekRlpY8VXujBSjDbVIWZKI/EdA0o Z6eXuGBExkzl4IctnwGSGTyQgtWRovDoJEiRi/jyss/Z4BlMBvpbDBJi AC0b9g==
;; AUTHORITY SECTION:
aro.ARMY.mil. 2921 IN NS ns03.army.mil.
aro.ARMY.mil. 2921 IN NS ns02.army.mil.
aro.ARMY.mil. 2921 IN NS ns01.army.mil.
;; ADDITIONAL SECTION:
NS01.ARMY.mil. 582 IN A 140.153.43.44
NS02.ARMY.mil. 20920 IN A 192.82.113.7
NS03.ARMY.mil. 279 IN A 130.114.200.6
;; Query time: 0 msec
;; SERVER: 128.200.1.201#53(128.200.1.201)
;; WHEN: Thu May 31 12:00:39 PDT 2018
;; MSG SIZE rcvd: 530
and to further confuse the issue, resolution from a nameserver that does resolve this shows different nameservers listed for the default query and the “any” query
dig extranet.aro.army.mil
; <<>> DiG 9.3.4-P1 <<>> extranet.aro.army.mil
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 359
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;extranet.aro.army.mil. IN A
;; ANSWER SECTION:
extranet.aro.ARMY.mil. 801 IN CNAME aro.army.mil.apps.gcds.disa.mil.
aro.army.mil.apps.gcds.DISA.mil. 247 IN CNAME aro.army.mil.edgekey.dmz.akamai.csd.disa.mil.
aro.army.mil.edgekey.dmz.akamai.csd.disa.mil. 180 IN CNAME e1008.d.akamaiedge.akamai.csd.disa.mil.
e1008.d.akamaiedge.akamai.csd.disa.mil. 20 IN A 214.48.248.31
;; AUTHORITY SECTION:
DISA.mil. 17124 IN NS NS1.CSD.DISA.MIL.
DISA.mil. 17124 IN NS NS.CYBERCOM.MIL.
DISA.mil. 17124 IN NS NS.JTFGNO.MIL.
;; ADDITIONAL SECTION:
NS.JTFGNO.mil. 17124 IN A 214.3.125.231
NS.CYBERCOM.mil. 17124 IN A 131.77.60.235
NS1.CSD.DISA.mil. 17124 IN A 152.229.110.235
;; Query time: 161 msec
;; SERVER: 128.200.192.203#53(128.200.192.203)
;; WHEN: Thu May 31 12:03:21 2018
;; MSG SIZE rcvd: 384
and “any” include the RRSIG record and different nameservers
dig any extranet.aro.army.mil
; <<>> DiG 9.3.4-P1 <<>> any extranet.aro.army.mil
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 763
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 2
;; QUESTION SECTION:
;extranet.aro.army.mil. IN ANY
;; ANSWER SECTION:
extranet.aro.ARMY.mil. 732 IN RRSIG CNAME 8 4 3600 20180603234628 20180530232344 17853 aro.army.mil. FWADxA2KjVZGnMJMrqCeQaaIhYdyf/pgu5OkBkCk/BAVyRnRaksGbNhx WP15FIQpfXHZXpuV7ChQoGxGXbmpFZc6khlBgOHxhhOSykiJeVB53QR6 8uvu1cRQ6gy7yeaGHvVUFsYyPlSyitY4kWS1v5RS70RhNVviVaSmaEBu JAkACgMdQs8FG6y8E5Uhsazsl3fX6p2b5wX8ohwCYaFygHoIZqq+TBJX HxcX6MOdPfyyP0UeM+aC1x/58HQXekRlpY8VXujBSjDbVIWZKI/EdA0o Z6eXuGBExkzl4IctnwGSGTyQgtWRovDoJEiRi/jyss/Z4BlMBvpbDBJi AC0b9g==
extranet.aro.ARMY.mil. 732 IN CNAME aro.army.mil.apps.gcds.disa.mil.
;; AUTHORITY SECTION:
ARMY.mil. 17055 IN NS NS01.ARMY.MIL.
ARMY.mil. 17055 IN NS NS02.ARMY.MIL.
ARMY.mil. 17055 IN NS NS03.ARMY.MIL.
;; ADDITIONAL SECTION:
NS01.ARMY.mil. 17055 IN A 140.153.43.44
NS02.ARMY.mil. 17055 IN A 192.82.113.7
;; Query time: 2 msec
;; SERVER: 128.200.192.203#53(128.200.192.203)
;; WHEN: Thu May 31 12:04:29 2018
;; MSG SIZE rcvd: 506
To further confuse this, this server worked until it’s IP address changed when it replace an existing server. There were no configuration changes only the ip address and it is otherwise fully functioning..
any leads on where to start looking or further trouble shooting ideas would really be appreciated.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-***@lists.i