DNS trace tools
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Jul 11 07:11:25 UTC 2005
On Fri, Jul 08, 2005 at 02:50:05AM -0700,
AY Xu <ay_xu at yahoo.com> wrote
a message of 26 lines which said:
> ;; connection timed out; no servers could be reached
The domain carrier.utc.com has three name servers, but all of them
seem to be on the same switch. So, there is only a redundancy for
machine failures, and not at all for network failures. Their fault,
not yours.
> My question is: Is there any tools we can use to trace what's could be
> the problem.
dig +trace would be sufficient.
Otherwise, Zonecheck (http://www.zonecheck.fr/) flags the problem:
w> IP addresses are likely to be all on the same subnet
| Adv: ZoneCheck
| To avoid loosing all connectivity with the authoritative DNS in case
| of network outage it is advised to host the DNS on different networks.
|
| Ref: IETF RFC2182 (Abstract)
| The Domain Name System requires that multiple servers exist for every
| delegated domain (zone). This document discusses the selection of
| secondary servers for DNS zones. Both the physical and topological
| location of each server are material considerations when selecting
| secondary servers. The number of servers appropriate for a zone is also
| discussed, and some general secondary server maintenance issues
| considered.
`----- -- -- - - -
: All the servers are likely to be on the subnet 4.2.49.0/28, try
: moving some of them to another subnet.
`..... .. .. . . .
=> generic
w> Nameservers are all part of the same AS
| Adv: ZoneCheck
| To avoid loosing all connectivity with the authoritative DNS in case
| of a routing problem inside your Autonomous System, it is advised to
| host the DNS on different AS.
`----- -- -- - - -
: All the nameservers are part of the same Autonomous System (AS number
: 3356), try to have some of them hosted on another AS.
`..... .. .. . . .
=> generic
More information about the bind-users
mailing list