[Yeti DNS Discuss] A weird behavior of Knot

"Davey(宋林健)" ljsong at biigroup.cn
Fri Aug 14 07:57:09 UTC 2015


Hi all, 

We observed a weird behavior of Knot when we reset the .arpa ns records to [a-m].root-servers.net <http://root-servers.net/> in root zone file. 

The knot root server (yeti-dns01.dnsworkshop.org)  entered a a kind of "hung” state after updating the root zone (with a new serial number) but without change of the NS records list for .arpa.  

Best regards,
Davey

> ------------------ Original ------------------
> From:  "Carsten Strotmann"<carsten at strotmann.de>;
> Date:  Fri, Aug 14, 2015 03:30 PM
> To:  "龚道彪"<dbgong at biigroup.cn>;
> Subject:  Re: Fw:[Yeti DNS Operators] <Action>: Remove the .arpa zone fromcurrentYeti Root servers
>  
> Hello Kevin,
> 
> 
> 龚道彪 wrote:
> > Hi Carsten,
> > 
> > I have try to dig arpa ns @yeti-dns01.dnsworkshop.org 
> > I found that the answer is not right.
> > 
> 
> thanks for the notice.
> 
> > ---
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;arpa.                          IN      NS
> > 
> > ;; AUTHORITY SECTION:
> > arpa.                   172800  IN      NS      bii.dns-lab.net.
> > arpa.                   172800  IN      NS      yeti.bofh.priv.at.
> > arpa.                   172800  IN      NS      yeti.ipv6.ernet.in.
> > arpa.                   172800  IN      NS      dahu1.yeti.eu.org.
> > arpa.                   172800  IN      NS      ns-yeti.bondis.org.
> > arpa.                   172800  IN      NS      yeti-ns.ix.ru.
> > arpa.                   172800  IN      NS      yeti-ns.tisf.net.
> > arpa.                   172800  IN      NS      yeti-ns.wide.ad.jp.
> > arpa.                   172800  IN      NS      yeti-ns.conit.co.
> > arpa.                   172800  IN      NS      yeti-ns.as59715.net.
> > arpa.                   172800  IN      NS      yeti-dns01.dnsworkshop.org.
> > 
> > ;; ADDITIONAL SECTION:
> > bii.dns-lab.net.        518400  IN      AAAA    240c:f:1:22::6
> > yeti.bofh.priv.at.      518400  IN      AAAA    2a01:4f8:161:6106:1::10
> > yeti.ipv6.ernet.in.     518400  IN      AAAA    2001:e30:1c1e:1::333
> > dahu1.yeti.eu.org.      518400  IN      AAAA  
> >  2001:4b98:dc2:43:216:3eff:fea9:41a
> > ns-yeti.bondis.org.     518400  IN      AAAA    2a02:2810:0:405::250
> > yeti-ns.ix.ru.          518400  IN      AAAA    2001:6d0:6d06::53
> > yeti-ns.tisf.net.       518400  IN      AAAA    2001:559:8000::6
> > yeti-ns.wide.ad.jp.     518400  IN      AAAA    2001:200:1d9::35
> > yeti-ns.conit.co.       518400  IN      AAAA    2607:ff28:2:10::47:a010
> > yeti-ns.as59715.net.    518400  IN      AAAA  
> >  2a02:cdc5:9715:0:185:5:203:53
> > yeti-dns01.dnsworkshop.org. 518400 IN   AAAA    2001:1608:10:167:32e::53
> > -----
> > ARPA zone's NS should be [a-m].root-servers.net now
> > 
> > DMs have removed ARPA zone. and do not modify ARPA zone NS records on
> > root zone file.
> > 
> > dig SOA on yeti-dns01.dnsworkshop.org
> >  dig @2001:1608:10:167:32e::53 . soa +short
> > bii.dns-lab.net. yeti.biigroup.cn. 2015081301 1800 900 604800 86400
> > 
> > but the SOA serial number is same with DM, it's weird.
> > 
> > would you please check this?
> > Thank you
> > 
> 
> I've found the Knot-DNS server process in a kind of "hung" state, it was
> still answering queries, but would not respond to control messages. Also
> the slave copy of the yeti-root-zone on disk was an old one.
> 
> I've killed the process, and restarted, and it fetched the latest
> version of the zone and the answers now seem OK.
> 
> I will monitor this closely, and if it happens again, will troubleshoot
> with the Knot-DNS developers.
> 
> Best regards
> 
> Carsten Strotmann
> 

---------------------------
Davey Song(宋林健)
BII Lab
ljsong at biigroup.cn



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20150814/b4e80408/attachment.html>


More information about the discuss mailing list