Name servers that are offline, resolve for other carriers?

Mark Andrews Mark_Andrews at isc.org
Tue Oct 19 23:50:28 UTC 2004 

> I just was informed that cadoj-gwwa.doj.ca.gov was not able to
> resolve, I traced it back to doj.ca.gov nameservers are offline,
> ns1.doj.ca.gov and ns2.

	Well the two servers most probably live on the same lan
	which increases the likelyhood of single point failures
	making them not visible from some points on the net.

	ns1.doj.ca.gov.         4H IN A         167.10.5.248
	ns2.doj.ca.gov.         4H IN A         167.10.5.249

	Also how did you determine that they were offline?  You
	can't ping them.  (I really don't know what the point of
	blocking icmp echo to externally advertised services. It
	doesn't hide the machine, icmp echo to unicast addresses
	is not a security threat and it just makes remote diagnostics
	harder.)

	I would be looking for routing problems.

> Now if the servers are offline, and cant provide resolution. Why can
> other people? Where is it cached? I tried Verizon and BT, both
> resolve.
> 
> Is there some dns caching software that everyone is using that I'm not
> aware of?
> 
> Any ideas, Tired of people saying "It resolves on the desktop
> network!", when the customers name servers are offline.
> 
> Thanks.
> 

; <<>> DiG 9.3.1prerelease <<>> +trace cadoj-gwwa.doj.ca.gov
;; global options:  printcmd
.			187347	IN	NS	M.ROOT-SERVERS.NET.
.			187347	IN	NS	A.ROOT-SERVERS.NET.
.			187347	IN	NS	B.ROOT-SERVERS.NET.
.			187347	IN	NS	C.ROOT-SERVERS.NET.
.			187347	IN	NS	D.ROOT-SERVERS.NET.
.			187347	IN	NS	E.ROOT-SERVERS.NET.
.			187347	IN	NS	F.ROOT-SERVERS.NET.
.			187347	IN	NS	G.ROOT-SERVERS.NET.
.			187347	IN	NS	H.ROOT-SERVERS.NET.
.			187347	IN	NS	I.ROOT-SERVERS.NET.
.			187347	IN	NS	J.ROOT-SERVERS.NET.
.			187347	IN	NS	K.ROOT-SERVERS.NET.
.			187347	IN	NS	L.ROOT-SERVERS.NET.
;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

gov.			172800	IN	NS	F.GOV.ZONEEDIT.COM.
gov.			172800	IN	NS	G.GOV.ZONEEDIT.COM.
gov.			172800	IN	NS	A.GOV.ZONEEDIT.COM.
gov.			172800	IN	NS	B.GOV.ZONEEDIT.COM.
gov.			172800	IN	NS	C.GOV.ZONEEDIT.COM.
gov.			172800	IN	NS	D.GOV.ZONEEDIT.COM.
gov.			172800	IN	NS	E.GOV.ZONEEDIT.COM.
;; Received 279 bytes from 2001:dc3::35#53(M.ROOT-SERVERS.NET) in 374 ms

ca.gov.			10800	IN	NS	NS1.NET.ca.gov.
ca.gov.			10800	IN	NS	NS2.NET.ca.gov.
ca.gov.			10800	IN	NS	NS3.NET.ca.gov.
;; Received 145 bytes from 66.197.185.229#53(F.GOV.ZONEEDIT.COM) in 269 ms

doj.ca.gov.		86400	IN	NS	ns1.doj.ca.gov.
doj.ca.gov.		86400	IN	NS	ns2.doj.ca.gov.
;; Received 107 bytes from 134.186.254.252#53(NS1.NET.ca.gov) in 190 ms

cadoj-gwwa.doj.ca.gov.	14400	IN	A	167.10.5.145
doj.ca.gov.		14400	IN	NS	ns1.doj.ca.gov.
doj.ca.gov.		14400	IN	NS	ns2.doj.ca.gov.
;; Received 123 bytes from 167.10.5.248#53(ns1.doj.ca.gov) in 193 ms

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list