DNS errors in log

I am running BIND 9.2.2 on a LFS server.

I get the following errors:

Apr 7 18:51:44 server named[279]: lame server resolving
'ad.3ad.doubleclick.net' (in '3ad.doubleclick.NET'?): 65.205.8.11# 53
Apr 7 18:51:44 server named[279]: lame server resolving
'ad.3ad.doubleclick.net' (in '3ad.doubleclick.NET'?): 216.73.87.11 #53
Apr 7 18:51:48 server named[279]: lame server resolving
'ad.3ad.doubleclick.net' (in '3ad.doubleclick.NET'?): 65.205.8.12# 53
Apr 7 18:53:14 server named[279]: client 192.168.0.231#36299: error
sending response: host unreachable
Apr 7 18:53:14 server named[279]:client 192.168.0.231#36299: error
sending response: host unreachable
Apr 7 18:53:14 server named[279]: client 192.168.0.231#36325: error
sending response: host unreachable
Apr 7 18:53:14 server named[279]:client 192.168.0.231#36325: error
sending response: host unreachable

The host unreachable always occurs after the lame server log.
client 192.168.0.231 is a workstation on the network and the server is
192.168.0.1.
This only happens when bind incurs a lame server, the log is clean
otherwise.
What is Bind trying to tell me?

Thanks
--
Tayo'y Mga Pinoy

Baho Utot wrote:
> I am running BIND 9.2.2 on a LFS server.
>
> I get the following errors:
>
> Apr 7 18:51:44 server named[279]: lame server resolving
> 'ad.3ad.doubleclick.net' (in '3ad.doubleclick.NET'?): 65.205.8.11# 53
> Apr 7 18:51:44 server named[279]: lame server resolving
> 'ad.3ad.doubleclick.net' (in '3ad.doubleclick.NET'?): 216.73.87.11
#53
> Apr 7 18:51:48 server named[279]: lame server resolving
> 'ad.3ad.doubleclick.net' (in '3ad.doubleclick.NET'?): 65.205.8.12# 53
> Apr 7 18:53:14 server named[279]: client 192.168.0.231#36299: error
> sending response: host unreachable
> Apr 7 18:53:14 server named[279]:client 192.168.0.231#36299: error
> sending response: host unreachable
> Apr 7 18:53:14 server named[279]: client 192.168.0.231#36325: error
> sending response: host unreachable
> Apr 7 18:53:14 server named[279]:client 192.168.0.231#36325: error
> sending response: host unreachable
>
> The host unreachable always occurs after the lame server log.
> client 192.168.0.231 is a workstation on the network and the server
is
> 192.168.0.1.
> This only happens when bind incurs a lame server, the log is clean
> otherwise.
> What is Bind trying to tell me?

http://www.nominum.com/getOpenSource...hp?id=6#faq_95

[q]
What are these "lame server" errors in my logs?
A "lame server" is a server that does not believe it is authoritative
for a domain which has been delegated to it. The "lame server" messages
can be useful if you have the lame server, or are a domain delegated to
the lame server. If you would rather not see the "lame server"
messages, you can discard them using the logging statement:

logging {
category lame-servers{ null; };
};
[eq]


Oops, time to eat

hth,
prg

On Thu, 07 Apr 2005 17:04:18 -0700, prg wrote:

[putulin]

> http://www.nominum.com/getOpenSource...hp?id=6#faq_95
>
> [q]
> What are these "lame server" errors in my logs?
> A "lame server" is a server that does not believe it is authoritative
> for a domain which has been delegated to it. The "lame server" messages
> can be useful if you have the lame server, or are a domain delegated to
> the lame server. If you would rather not see the "lame server" messages,
> you can discard them using the logging statement:
>
> logging {
> category lame-servers{ null; };
> };
> [eq]
>
>
> Oops, time to eat
>
> hth,
> prg

Salamat po

It seems that I didn't post well, Ingles (english) is not my native
language.
I know what a lame server is, its the error sending response: host
unreachable logs that I am looking for an answer to.

--
Tayo'y Mga Pinoy

Baho Utot wrote:
> On Thu, 07 Apr 2005 17:04:18 -0700, prg wrote:
>
> [putulin]
>
> > http://www.nominum.com/getOpenSource...hp?id=6#faq_95
> >
> > [q]
> > What are these "lame server" errors in my logs?
> > A "lame server" is a server that does not believe it is
authoritative
> > for a domain which has been delegated to it. The "lame server"
messages
> > can be useful if you have the lame server, or are a domain
delegated to
> > the lame server. If you would rather not see the "lame server"
messages,
> > you can discard them using the logging statement:
> >
> > logging {
> > category lame-servers{ null; };
> > };
> > [eq]
> >
> >
> > Oops, time to eat
> >
> > hth,
> > prg
>
> Salamat po
>
> It seems that I didn't post well, Ingles (english) is not my native
> language.
> I know what a lame server is, its the error sending response: host
> unreachable logs that I am looking for an answer to.

No, your English is good enough. I suspected that "host unreachable"
was what you were wondering about, but I was called to eat dinner
before I could continue. Thought you might want to clear the messages
though. We do at work.

Note the time difference:

Apr 7 18:51:48 server named[279]: lame server resolving
'ad.3ad.doubleclick.net' (in '3ad.doubleclick.NET'?): 65.205.8.12# 53
Apr 7 18:53:14 server named[279]: client 192.168.0.231#36299: error
sending response: host unreachable

I could not find another post that included similar messages
after/related to a lame server message, so I'm not sure if they are
related (because of a time out?). Also not clear what other packets
may have been sent/received.

"Host unreachable" here, I presume means what it always means, but
_precisely_ where it is being generated is the question. Do you
otherwise have/confirm reachability with ping, traceroute, etc.?
Something in the pathway that could be blocking/dropping (these
particular) packets from the named server to that client IP or port?

In these cases I usually employ a sniffer to watch the packets on the
wire. Especially when I'm not sure where/what to look for, I find
ethereal to be awfully handy for eyeballing the evidence.

I will look through my Bind docs/book for a clue and get back.

regards,
prg

Baho Utot wrote:
> On Thu, 07 Apr 2005 17:04:18 -0700, prg wrote:
>
> [putulin]
>
> > http://www.nominum.com/getOpenSource...hp?id=6#faq_95
> >
> > [q]
> > What are these "lame server" errors in my logs?
> > A "lame server" is a server that does not believe it is
authoritative
> > for a domain which has been delegated to it. The "lame server"
messages
> > can be useful if you have the lame server, or are a domain
delegated to
> > the lame server. If you would rather not see the "lame server"
messages,
> > you can discard them using the logging statement:
> >
> > logging {
> > category lame-servers{ null; };
> > };
> > [eq]
> >
> >
> > Oops, time to eat
> >
> > hth,
> > prg
>
> Salamat po
>
> It seems that I didn't post well, Ingles (english) is not my native
> language.
> I know what a lame server is, its the error sending response: host
> unreachable logs that I am looking for an answer to.

I needed to confirm (by way of a posted example) that 2.6 kernel's use
of ipv6 might be something to look out for. Seems DNS configs are
especially susceptable to some of the code (and firewalls with ICMP
completely dropped).

Anyway, you might want to check this although it's not directly
related:
http://www.julianscorner.com/modules...icle.php?id=12

Other than connectivity -- routing or firewall rules -- I can't see how
to proceed without closely watching the packets exchanged.

regards,
prg

On Thu, 07 Apr 2005 19:39:28 -0700, prg wrote:

[putulin]


> Note the time difference:
>
> Apr 7 18:51:48 server named[279]: lame server resolving
> 'ad.3ad.doubleclick.net' (in '3ad.doubleclick.NET'?): 65.205.8.12# 53
> Apr 7 18:53:14 server named[279]: client 192.168.0.231#36299: error
> sending response: host unreachable
>
> I could not find another post that included similar messages
> after/related to a lame server message, so I'm not sure if they are
> related (because of a time out?). Also not clear what other packets may
> have been sent/received.



> "Host unreachable" here, I presume means what it always means, but
> _precisely_ where it is being generated is the question. Do you
> otherwise have/confirm reachability with ping, traceroute, etc.?
> Something in the pathway that could be blocking/dropping (these
> particular) packets from the named server to that client IP or port?
>
>
I found theses entries today:
Apr 8 19:11:12 server kernel: IN= OUT=eth1 SRC=192.168.0.1
DST=192.168.0.231 LEN=64 TOS=0x00 PREC=0x00 TTL=64 I D=0 DF PROTO=UDP
SPT=53 DPT=34111 LEN=44
Apr 8 19:11:12 server named[279]: client 192.168.0.231#34111: error
sending response: host unreachable
Apr 8 19:11:12 server kernel: IN= OUT=eth1 SRC=192.168.0.1
DST=192.168.0.231 LEN=64 TOS=0x00 PREC=0x00 TTL=64 I D=0 DF PROTO=UDP
SPT=53 DPT=34111 LEN=44
Apr 8 19:11:12 server named[279]: client
192.168.0.231#34111: error sending response: host unreachable

It looks like iptables is blocking DNS, Now I need to have a look at me
firewall.

> In these cases I usually employ a sniffer to watch the packets on the
> wire. Especially when I'm not sure where/what to look for, I find
> ethereal to be awfully handy for eyeballing the evidence.
>
> I will look through my Bind docs/book for a clue and get back.
>
>

Thanks

--
Tayo'y Mga Pinoy