Sporadic resolution problems
Sten Carlsen
ccc2716 at vip.cybercity.dk
Thu Jun 24 23:32:34 UTC 2004
Matthew Hoskison wrote:
>>Possibly you should think along the line of access problems, ACLs,
>>firewalls etc.
>>Is there any pattern in who gets good results and who gets bad? Internal
>>/ external in some context?
>>
>>
>
>There seems to be no rhyme or reason as to who gets successful resolutions and
>who gets failures, other than the subjective observation that the majority of
>the reports (aka complaints) of failure are from US clients.
>
>I'm tempted to think it could be a firewall issue, since I beefed up the
>iptables ruleset at roughly the time when the first issues were reported. ns1
>is a box at rackshack, and ns2 is right here next to me on a Sparc through a
>DSL link, so the only internal user in that respect is myself. Firewall issues
>would affect all clients, and there has not been a significant decrease in
>traffic *inside* the firewall on tcp/udp 53 since I changed the ruleset.
>
>I could happily delude myself that it was nothing more serious than a couple of
>packets dropping out for those who can't get resolution, if it were not for the
>fact that ISC and Google's mail servers can't resolve my primary mail domain of
>room41.net.
>
>Amongst those domains I know to be experiencing problems are room41.net,
>babysfirstsite.org and ill-behaviour.com. I'm at a loss as to where to look
>next. I throw myself upon your collective wisdom!
>
>
>
>
>__________________________________
>Do you Yahoo!?
>Yahoo! Mail - 50x more storage than other providers!
>http://promotions.yahoo.com/new_mail
>
>
>
Somehow you have what looks like delegation problems to me.
If I do dig room41.net from my PC, via my BIND server, I get a timeout.
If I try different I get:
silver:~>dig @195.137.113.86 ns1.room41.net
; <<>> DiG 8.3 <<>> @195.137.113.86 ns1.room41.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; ns1.room41.net, type = A, class = IN
;; ANSWER SECTION:
ns1.room41.net. 1H IN A 195.137.113.86
;; AUTHORITY SECTION:
room41.net. 3H IN NS ns2.room41.com.
room41.net. 3H IN NS ns1.room41.com.
;; ADDITIONAL SECTION:
ns1.room41.com. 3H IN A 216.127.74.118
ns2.room41.com. 3H IN A 195.137.113.86
;; Total query time: 94 msec
;; FROM: silver.s-carlsen.dk to SERVER: 195.137.113.86 195.137.113.86
;; WHEN: Fri Jun 25 01:24:30 2004
;; MSG SIZE sent: 32 rcvd: 126
I am asking what according to whois is NS2... for the address of NS1.
The answer section gives NS1=195.137... the additional section has a
different address for NS1... and the NS1 address for NS2.
I am not sure what this means, except that it is a mess, that needs
cleaning up.
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
More information about the bind-users
mailing list