Fw: Even Stranger Incorrect DNS Query Results
Allie M Hopkins
allie at lsu.edu
Wed Dec 8 21:54:43 UTC 2004
NM on that last email. I had to stop and restart bind for the "no"
commands to take effect.
Once again.... THANK YOU.
Allie M Hopkins
Office of Computing Services
Louisiana State University
225/578-3700
----- Forwarded by Allie M Hopkins/allie/LSU on 12/08/2004 03:53 PM -----
|---------+---------------------------->
| | Allie M Hopkins |
| | |
| | 12/08/2004 02:47 |
| | PM |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------------------------------------------|
| |
| To: Ronan Flood <ronan at noc.ulcc.ac.uk> |
| cc: bind-users-bounce at isc.org, comp-protocols-dns-bind at isc.org |
| Subject: Re: Even Stranger Incorrect DNS Query Results(Document link: Allie M Hopkins) |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
You guys are great. That certainly enable me to run dig @ns1.ntwo.net
successfully. However, I still am not able to do lookups just straight
from my server. IOW, when I try to find the domain bergstedtandmount.com
from my nameserver I time out still. Originally I wasn't even able to run
the dig off of ns1.ntwo.net. At least I can do that. But why am I still
timing out?
Steps I took to achieve successful digs off ns1.ntwo.net:
Increased upd ttl (no -o udp_ttl=128)
Increased tcp mss ( no -o tcp_mssdflt=1440) the default is 512
Only the udp ttl increase was really needed, but in trying to get the dig
to work using our nameservers I increased the tcp mss.
Anybody willing to brainstorm with me? The dig at ns1.ntwo.net does take a
pretty long time. Are my queries off my box just not getting back fast
enough? Can I change this setting somewhere?
|---------+---------------------------->
| | Ronan Flood |
| | <ronan at noc.ulcc.a|
| | c.uk> |
| | Sent by: |
| | bind-users-bounce|
| | @isc.org |
| | |
| | |
| | 12/08/2004 10:29 |
| | AM |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------------------------------------------|
| |
| To: comp-protocols-dns-bind at isc.org |
| cc: (bcc: Allie M Hopkins/allie/LSU) |
| Subject: Re: Even Stranger Incorrect DNS Query Results |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
Allie M Hopkins <allie at lsu.edu> wrote:
> ANY aix machine that I run dig @ns1.ntwo.net any.thing.com times out. I
> have tried 6 different aix machines with varying hardware, os version,
> software, administrators, etc. All fail. On ANY other os that I try:
> windows, openbsd, fedora, gentoo, this lookup is successful. How strange
> is that????? I dug a little deeper. When I traceroute to that
nameserver,
> it never reaches it from our network.
> traceroute to 207.191.33.2 (207.191.33.2) from 130.39.3.5 (130.39.3.5),
30
> hops max
Looks like ns1.ntwo.net is more than 30 hops from your machines.
AIX apparently uses an initial TTL of 30 in UDP, see
http://secfr.nerim.net/docs/fingerprint/en/ttl_default.html
That references the AIX command "no", so look into that.
--
Ronan Flood <R.Flood at noc.ulcc.ac.uk>
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)
More information about the bind-users
mailing list