NAME_RESOLVED not firing

Hi,

 

 

The above iRule works all right on my lab system. However on the customer site I see a difference when it comes to DNS name resolving:

 

 

1. When trying to ping something directly from customer's 1600 (2.4.21-9.4.5.1049.0smp 2 SMP) it resolves the query without problem:

 

[root@f5-1:Active] config ping www.cnn.com

 

PING www.cnn.com (157.166.226.25) 56(84) bytes of data.

 

 

2. However when the query comes from request generated by incoming connection and NAME:resolve (in fact by telnet from 1600 itself as well) then it ignores its defined nameservers but rather starts to traverse everything to the top-level (in fact I am not sure how it gets all these names below):

 

 

12:33:29.060935 10.159.1.11.32925 > 128.8.10.90.domain: 57452 [1au] A? www.cnn.com. (40) (DF)

 

12:33:31.465794 10.159.1.11.32925 > 128.63.2.53.domain: 18473 [1au] A? www.cnn.com. (40) (DF)

 

12:33:33.875554 10.159.1.11.32925 > 192.36.148.17.domain: 25538 [1au] A? www.cnn.com. (40) (DF)

 

12:33:36.285542 10.159.1.11.32925 > 193.0.14.129.domain: 55243 [1au] A? www.cnn.com. (40) (DF)

 

12:33:38.695527 10.159.1.11.32925 > 199.7.83.42.domain: 54524 [1au] A? www.cnn.com. (40) (DF)

 

12:33:41.105769 10.159.1.11.32925 > 202.12.27.33.domain: 24915 [1au] A? www.cnn.com. (40) (DF)

 

12:33:43.515514 10.159.1.11.32925 > 192.228.79.201.domain: 26852 A? www.cnn.com. (29) (DF)

 

12:33:45.925754 10.159.1.11.32925 > 192.112.36.4.domain: 40513 A? www.cnn.com. (29) (DF)

 

12:33:48.335747 10.159.1.11.32925 > 198.41.0.4.domain: 2810 A? www.cnn.com. (29) (DF)

 

12:33:50.745737 10.159.1.11.32925 > 192.203.230.10.domain: 56159 A? www.cnn.com. (29) (DF)

 

12:33:53.155732 10.159.1.11.32925 > 192.5.5.241.domain: 16256 A? www.cnn.com. (29) (DF)

 

12:33:55.565718 10.159.1.11.32925 > 192.58.128.30.domain: 55341 A? www.cnn.com. (29) (DF)

 

12:33:57.975715 10.159.1.11.32925 > 192.33.4.12.domain: 16374 A? www.cnn.com. (29) (DF)

 

 

Why the difference?

 

Resolv.conf contains just two nameserver lines. Named.conf seems fine to me as well, recursive queries are on and everything is treated in this same way:

 

 

[root@f5-1:Active] config cat /var/named/config/named.conf

 

restrict rndc access to local machines

 

use the key in the default place: /config/rndc.key

 

controls { inet 127.0.0.1 port 953 allow { 127.0.0.1 ;}; };

 

logging {

 

channel logfile {

 

syslog daemon;

 

severity error;

 

print-category yes;

 

print-severity yes;

 

print-time yes;

 

};

 

category default {

 

logfile;

 

};

 

category config {

 

logfile;

 

};

 

category notify {

 

logfile;

 

};

 

};

 

options {

 

listen-on port 53 { 127.0.0.1; };

 

listen-on-v6 port 53 { ::1; };

 

set this to yes when you want to resolve off

 

box. setting it to yes when you dont actuallly

 

have a bind server configured will result in

 

bind timeouts for many commmands

 

recursion no;

 

recursion yes;

 

forward only;

 

directory "/config/namedb";

 

allow-transfer {

 

localhost;

 

};

 

check-names master warn;

 

change to "no" if you want to be able to add

 

MX records that do not reference a record that has an A record

 

check-integrity yes;

 

};

 

acl "zrd-acl-000-000" {

 

127.10.0.0;

 

localnets;

 

};

 

view "external" {

 

match-clients { "zrd-acl-000-000"; any; };

 

};

 

 

Regards

 

Andrzej