BIND failure in OSF/1 v3.2

From: Ben Martel <100633.2276_at_compuserve.com>
Date: 14 Jun 95 04:00:55 EDT

Hello all,

We have just upgraded to OSF/1 v3.2 and we now have a problem with the primary
BIND server not acknowledging that it the root point for our domain.

Background
----------------

We have 8 Alpha 2100's all configured with BIND. One (zentral.schitagey.de) is
the primary server and there is one other secondary server, all the rest are
configured as clients. We are not directly connected to the Internet and hence
the primary server should the root point of the domain. The first symptons of
the problem where that people establishing a telnet session with any of the
hosts waited 75 seconds for the login prompt to appear.
Investigation into this has shown that the delay is caused by a name server
timeout period.

We have currently corrected the problem by turning BIND off completely. This of
course is not an acceptable solution for the future. Can anyone help with the
following questions:

o Has there been a significant change to BIND between OSF/1 3.0 and 3.2?

o Why does named not know that hostnames not within its domain are impossible to
connect to and return an 'invalid host' error *immediately* ?

o Why does the login process over telnet take 75 secs when it is to a host that
named can give an authoritative answer about?

Supporting evidence and files
-----------------------------

/etc/namedb/named.boot:
------------------------------------------------------------------------------
directory /etc/namedb
;
primary schitagey.de hosts.db
primary 169.10.194.in-addr.arpa hosts.rev
;
;
primary 0.0.127.in-addr.arpa named.local
;
; load the cache data last
cache . named.ca
-----------------------------------------------------------------------------

Output from nslookup with debug on when looking for a node within the domain.

> set debug
> pcu37.schitagey.de
Server: localhost
Address: 127.0.0.1
                                                                                
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NXDOMAIN
        header flags: response, auth. answer, want recursion, recursion avail.
        questions = 1, answers = 0, auth. records = 1, additional = 0
                                                                                
    QUESTIONS:
        pcu37.schitagey.de.schitagey.de, type = A, class = IN
    AUTHORITY RECORDS:
    -> schitagey.de
        ttl = 43200 (12 hours)
        origin = zentral.schitagey.de
        mail addr = postmaster.zentral.schitagey.de
        serial=14, refresh=300, retry=60, expire=1209600, min=43200
                                                                                
------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags: response, auth. answer, want recursion, recursion avail.
        questions = 1, answers = 1, auth. records = 1, additional = 1
                                                                                
    QUESTIONS:
        pcu37.schitagey.de, type = A, class = IN
    ANSWERS:
    -> pcu37.schitagey.de
        inet address = 194.99.104.37
        ttl = 43200 (12 hours)
    AUTHORITY RECORDS:
    -> schitagey.de
        nameserver = zentral.schitagey.de
        ttl = 43200 (12 hours)
    ADDITIONAL RECORDS:
    -> zentral.schitagey.de
        inet address = 194.10.169.1
        ttl = 43200 (12 hours)
                                                                                
------------
Name: pcu37.schitagey.de
Address: 194.99.104.37

But when you ask for the address of a node that is outside this domain, which it
could never resolve due to the lack of a forwarding nameserver, you get a
timeout condition.

> machine.some.domain.anywhere
Server: localhost
Address: 127.0.0.1
                                                                                
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NXDOMAIN
        header flags: response, auth. answer, want recursion, recursion avail.
        questions = 1, answers = 0, auth. records = 1, additional = 0
                                                                                
    QUESTIONS:
        machine.some.domain.anywhere.schitagey.de, type = A, class = IN
    AUTHORITY RECORDS:
    -> schitagey.de
        ttl = 43200 (12 hours)
        origin = zentral.schitagey.de
        mail addr = postmaster.zentral.schitagey.de
        serial=14, refresh=300, retry=60, expire=1209600, min=43200
                                                                                
------------
timeout (5 secs)
timeout (10 secs)
timeout (20 secs)
timeout (40 secs)
*** Request to localhost timed-out
>

/etc/resolv.conf
-------------------------------------------------------------------------
domain schitagey.de
nameserver 127.0.0.1
-------------------------------------------------------------------------

/etc/svc.conf
-------------------------------------------------------------------------
aliases=local,yp
group=local,yp
hosts=local,bind,yp
netgroup=local,yp
networks=local,yp
passwd=local,yp
protocols=local,yp
rpc=local,yp
services=local,yp
                                                 
SECLEVEL=BSD # for backwards compatibility ONLY
-------------------------------------------------------------------------

Thanks in advance
Ben Martel
100633.2276_at_compuserve.com
Received on Wed Jun 14 1995 - 18:26:39 NZST