This is strange problem, when update BIND this time, suddenly, DNS query failed. I cannot find reason, I thought that should be NAT problem originally, because it cannot all other domains but Intranet domain, So, after capture packet to observe it. found root cause eventually , the DNS server replay me Format Error.
The DNS server is intranet DNS server, and used BIND domain name forwarding function to get domain name from intranet server. suppose that used a old DNS server, so, something happen. After analyze packet format between good and fail packets, it shows interesting result. fail packet has DNS Cookies .
Fail Query Packet
Good Query Packet
Root cause might be BIND default enable DNS Cookies on after 9.11.0 . But my previous bind version is 9.11.x. suppose already enable Cookie.
Solution is to disable cookie , modify bind configure file and add send-cookie no to option session. it works.
發佈留言