Hi,
i have a problem with my bind server. (Full disclosure, it’s not with my BDDS installation but a non-bluecat named server).
When i try to resolve www.semigator.de thouth this server, it works fine. But after some time, it stops working. It’s not a general Problem, other stuff is still possible to resolve. If i flush the cache, it instanstly works again. I have a suspiction why that is, but i wanted to check with someone.
My setup is the following: I run the official docker hub image from isc (https://hub.docker.com/r/internetsystemsconsortium/bind) in v9.20. It runs on an RHEL 9.7 with docker-ce.x86_64 3:29.1.2-1.el9. The container runs it’s networking in host mode (so it attaches directly to port 53 of the OS).
Important, i do not have any IPv6 IPs. Thus i overrule the entrypoint with the -4 Option:
/usr/sbin/named -f -c /etc/bind/named.conf -u bind -4
When i inspect the cache after first resolving, the nameservers each have two IPs, an v4 and one v6. The v4 has a TTL of 3600, and the v6 have 172800 and 86400
# docker exec -ti named-test /usr/sbin/rndc dumpdb -cache && sleep 1 && grep -iE "semigator|78.138.66.90|haufegroup|192.174.68.103|2001:67c:1bc::103|176.97.158.103|2001:67c:10b8::103" /var/lib/docker/volumes/named-test_cache/_data/named_dump.db
haufegroup.com. 172800 NS ns1.haufegroup.de.
172800 NS ns2.haufegroup.com.
ns2.haufegroup.com. 3600 A 176.97.158.103
20260205000000 20260115000000 36627 haufegroup.com.
172800 AAAA 2001:67c:10b8::103
haufegroup.de. 86400 NS ns1.haufegroup.de.
86400 NS ns2.haufegroup.com.
ns1.haufegroup.de. 3600 A 192.174.68.103
20260205000000 20260115000000 20306 haufegroup.de.
86400 AAAA 2001:67c:1bc::103
semigator.de. 86400 NS ns1.haufegroup.de.
86400 NS ns2.haufegroup.com.
www.semigator.de. 60 A 78.138.66.90
; ns2.haufegroup.com. [v4 TTL 60] [v4 success] [v6 unexpected]
; 176.97.158.103 [srtt 1200] [flags 00000004] [edns 1/0] [plain 0/0] [udpsize 512] [ttl 60]
; ns1.haufegroup.de. [v4 TTL 60] [v4 success] [v6 unexpected]
; 192.174.68.103 [srtt 1506] [flags 00000004] [edns 2/0] [plain 0/0] [udpsize 512] [ttl 60]
; ns2.haufegroup.com. [v4 TTL 3600] [v4 success] [v6 unexpected]
; 176.97.158.103 [srtt 1200] [flags 00000004] [edns 1/0] [plain 0/0] [udpsize 512] [ttl 60]
; ns1.haufegroup.de. [v4 TTL 3600] [v4 success] [v6 unexpected]
; 192.174.68.103 [srtt 1506] [flags 00000004] [edns 2/0] [plain 0/0] [udpsize 512] [ttl 60]
So, after 3600 seconds, the cache looks like this:
haufegroup.com. 169191 NS ns1.haufegroup.de.
169191 NS ns2.haufegroup.com.
ns2.haufegroup.com. 169191 AAAA 2001:67c:10b8::103
haufegroup.de. 82791 NS ns1.haufegroup.de.
82791 NS ns2.haufegroup.com.
ns1.haufegroup.de. 82791 AAAA 2001:67c:1bc::103
semigator.de. 82791 NS ns1.haufegroup.de.
82791 NS ns2.haufegroup.com.
When i then try to resolve the name, named fails and logs this line:
22-Jan-2026 16:03:05.877 shut down hung fetch while resolving 0x7f0b20618400(semigator.de/A)
22-Jan-2026 16:03:05.877 shut down hung fetch while resolving 0x7f0b207fd800(ns1.haufegroup.de/A)
22-Jan-2026 16:03:05.877 shut down hung fetch while resolving 0x7f0b1fb7d400(ns2.haufegroup.com/A)
So for the named, these nameserver are only reachable via IPv6, and since my company doesn’t have any IPv6 it can’t reach them. That’s at least my theory, why resolving fails.
But i don’t understand why? When looking at the glue records, both A and AAAA have a TTL of 172800
# dig @k.gtld-servers.net ns2.haufegroup.com
;; QUESTION SECTION:
;ns2.haufegroup.com. IN A;; AUTHORITY SECTION:
haufegroup.com. 172800 IN NS ns2.haufegroup.com.
haufegroup.com. 172800 IN NS ns1.haufegroup.de.;; ADDITIONAL SECTION:
ns2.haufegroup.com. 172800 IN A 176.97.158.103
ns2.haufegroup.com. 172800 IN AAAA 2001:67c:10b8::103
When asking ns2 itself, it returns a TTL of 3600
# dig @ns2.haufegroup.com ns2.haufegroup.com
;; QUESTION SECTION:
;ns2.haufegroup.com. IN A;; ANSWER SECTION:
ns2.haufegroup.com. 3600 IN A 176.97.158.103# dig @ns2.haufegroup.com ns2.haufegroup.com aaaa
;; QUESTION SECTION:
;ns2.haufegroup.com. IN AAAA;; ANSWER SECTION:
ns2.haufegroup.com. 3600 IN AAAA 2001:67c:10b8::103
Does anyone have an idea, why the named takes the TTL of 3600 from the A-Record, but keeps the 172800 for AAAA from the glue-record?
Or does anyone have a better idea, why resolving could fail?
Thanks for your help,
Christian