1 votos

Bind9, evitando consultas de servfail / repetición cuando "reenvío solo" en una conexión no confiable

Entiendo que esto puede sonar como una mala idea, sin embargo...

Cuando se utiliza muy poco fiable aguas arriba de enlace en una puerta de enlace con bind9. Es posible configurar el bind9 agresivamente a reintentar sus consultas hacia arriba reenviadores cuando en adelante-sólo modo? Resultante de evitar la servfail" hasta hace muy "largo" tiempo , por ejemplo 2 minutos en lugar de inmediatamente por un error en la solicitud.

Esto significa que yo también tendría que fuerza se unen para siempre en enviar sus consultas, incluso si un transportista está abajo/inalcanzable.

Aquí está un ejemplo de una captura para www.google.com que inmediatamente recibe servfail que me gustaría posponer:

28-Feb-2019 11:20:37.148 client @0x7fa92059d9e0: udprecv
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: UDP request
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: using view 'clients'
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: request is not signed
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: recursion available
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: query
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: query (cache) 'www.google.se/A/IN' approved
28-Feb-2019 11:20:40.457 client 10.7.64.100#24254: view clients: replace
28-Feb-2019 11:20:40.457 clientmgr @0x7fa91f240760: createclients
28-Feb-2019 11:20:40.457 clientmgr @0x7fa91f240760: create new
28-Feb-2019 11:20:40.458 client @0x7fa9205d6230: create
28-Feb-2019 11:20:40.458 createfetch: www.google.se A
28-Feb-2019 11:20:40.458 client @0x7fa9205d6230: udprecv
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): create
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): join
28-Feb-2019 11:20:40.458 fetch 0x7fa918714000 (fctx 0x7fa91821e010(www.google.se/A)): created
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): start
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): getaddresses
28-Feb-2019 11:20:40.458 fctx 0x7fa91821e010(www.google.se/A'): query
28-Feb-2019 11:20:40.458 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): send
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): sent
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): udpconnected
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): senddone
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): add_bad
28-Feb-2019 11:20:40.459 error (host unreachable) resolving 'www.google.se/A/IN': 8.8.8.8#53
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): cancelquery
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): query
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): send
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): sent
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): udpconnected
28-Feb-2019 11:20:40.459 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): senddone
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): add_bad
28-Feb-2019 11:20:40.459 error (host unreachable) resolving 'www.google.se/A/IN': 8.8.4.4#53
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): cancelquery
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): getaddresses
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): no addresses
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): done
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): stopeverything
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.459 fctx 0x7fa91821e010(www.google.se/A'): sendevents
28-Feb-2019 11:20:40.459 client 10.7.64.100#24254: view clients: query failed (SERVFAIL) for www.google.se/IN/A at query.c:7002
28-Feb-2019 11:20:40.459 client 10.7.64.100#24254: view clients: error
28-Feb-2019 11:20:40.459 client 10.7.64.100#24254: view clients: send
28-Feb-2019 11:20:40.459 client 10.7.64.100#24254: view clients: sendto
28-Feb-2019 11:20:40.460 client 10.7.64.100#24254: view clients: senddone
28-Feb-2019 11:20:40.460 client 10.7.64.100#24254: view clients: next
28-Feb-2019 11:20:40.460 client 10.7.64.100#24254: view clients: endrequest
28-Feb-2019 11:20:40.460 fetch completed at resolver.c:3098 for www.google.se/A in 0.001312: failure/success [domain:.,referral:0,restart:2,qrysent:2,timeout:0,lame:0,neterr:2,badresp:0,adberr:0,findfail:0,valfail:0]
28-Feb-2019 11:20:40.460 fetch 0x7fa918714000 (fctx 0x7fa91821e010(www.google.se/A)): destroyfetch
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): shutdown
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): doshutdown
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): stopeverything
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): unlink
28-Feb-2019 11:20:40.460 fctx 0x7fa91821e010(www.google.se/A'): destroy
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: UDP request
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: using view 'clients'
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: request is not signed
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: recursion available
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: query
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: query (cache) 'www.google.se/A/IN' approved
28-Feb-2019 11:20:40.462 client 10.7.64.100#29322: view clients: replace
28-Feb-2019 11:20:40.462 clientmgr @0x7fa91f240760: createclients
28-Feb-2019 11:20:40.462 clientmgr @0x7fa91f240760: recycle
28-Feb-2019 11:20:40.462 createfetch: www.google.se A
28-Feb-2019 11:20:40.462 fctx 0x7fa91821e010(www.google.se/A'): create
28-Feb-2019 11:20:40.462 client @0x7fa9207667c0: udprecv
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): join
28-Feb-2019 11:20:40.463 fetch 0x7fa918714000 (fctx 0x7fa91821e010(www.google.se/A)): created
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): start
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): getaddresses
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): query
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): send
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): sent
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): udpconnected
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): senddone
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): add_bad
28-Feb-2019 11:20:40.463 error (host unreachable) resolving 'www.google.se/A/IN': 8.8.8.8#53
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): cancelquery
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.463 fctx 0x7fa91821e010(www.google.se/A'): query
28-Feb-2019 11:20:40.463 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): send
28-Feb-2019 11:20:40.464 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): sent
28-Feb-2019 11:20:40.464 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): udpconnected
28-Feb-2019 11:20:40.464 resquery 0x7fa918224010 (fctx 0x7fa91821e010(www.google.se/A)): senddone
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): add_bad
28-Feb-2019 11:20:40.464 error (host unreachable) resolving 'www.google.se/A/IN': 8.8.4.4#53
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): cancelquery
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): try
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): getaddresses
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): no addresses
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): done
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): stopeverything
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): sendevents
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: query failed (SERVFAIL) for www.google.se/IN/A at query.c:7002
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: error
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: send
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: sendto
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: senddone
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: next
28-Feb-2019 11:20:40.464 client 10.7.64.100#29322: view clients: endrequest
28-Feb-2019 11:20:40.464 fetch completed at resolver.c:3098 for www.google.se/A in 0.001510: failure/success [domain:.,referral:0,restart:2,qrysent:2,timeout:0,lame:0,neterr:2,badresp:0,adberr:0,findfail:0,valfail:0]
28-Feb-2019 11:20:40.464 fetch 0x7fa918714000 (fctx 0x7fa91821e010(www.google.se/A)): destroyfetch
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): shutdown
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): doshutdown
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): stopeverything
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): cancelqueries
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): unlink
28-Feb-2019 11:20:40.464 fctx 0x7fa91821e010(www.google.se/A'): destroy
28-Feb-2019 11:20:41.124 client 127.0.0.1#45092: UDP request
28-Feb-2019 11:20:41.124 client 127.0.0.1#45092: no matching view in class 'IN'
28-Feb-2019 11:20:41.124 client 127.0.0.1#45092: no matching view in class

0voto

Eliazz Puntos 11

Ah, era un problema de prueba. Probé el dns "dropeado" con una regla iptable "-p udp --dport 53 -j DROP" en el mismo servidor que tenía el bind9 en ejecución. Parece que esto de alguna manera interfirió con las pruebas. Cuando realicé algo en la ruta de acceso a Internet, obtuve los mensajes correspondientes y recibí la debida espera :) Aunque no entiendo muy bien qué está pasando aquí, mi problema se resolvió, así que marque esto como respuesta.

EnMiMaquinaFunciona.com

EnMiMaquinaFunciona es una comunidad de administradores de sistemas en la que puedes resolver tus problemas y dudas.
Puedes consultar las preguntas de otros sysadmin, hacer tus propias preguntas o resolver las de los demás.

Powered by: