Reverse DNS issues

Thu Jan 5 16:24:06 UTC 2006

> From: Tuc at T-B-O-H <ml at t-b-o-h.net>
> Subject: Re: Reverse DNS issues
> To: bind-users at isc.org
> Date: Thu, 5 Jan 2006 09:24:00 -0500 (EST)
> 
> Hi,
> 
> 	This now seems to be affecting me on 2 different servers....
> 
>  
> > In article <doqeil$14tl$1 at sf1.isc.org>, Tuc at T-B-O-H <ml at t-b-o-h.net> 
> > wrote:
> > 
> > > > 
> > > > In article <doq5rs$2k21$1 at sf1.isc.org>, Tuc at T-B-O-H <ml at t-b-o-h.net> 
> > > > wrote:
> > > > 
> > > > > Hi,
> > > > > 
> > > > > 	I'm having a problem on a FreeBSD 4.10 system running BIND
> > > > > 8.3.7 . I don't think its been like this forever, but the only thing
> > > > > I've done lately to the machine is add a virtual interface (tun1)
> > > > > to the machine. But for some reason :
> > > > > 
> > > > > -bash-2.05b$ nslookup
> > > > > Default Server:  localhost
> > > > > Address:  127.0.0.1
> > > > > 
> > > > > > 128.90.107.204.in-addr.arpa.
> > > > > Server:  localhost
> > > > > Address:  127.0.0.1
> > > > > 
> > > > > *** Request to localhost timed-out
> > > > > 
> > > > > -bash-2.05b$ dig @127.0.0.1 -x 204.107.90.128
> > > > > 
> > > > > ; <<>> DiG 8.3 <<>> @127.0.0.1 -x 
> > > > > ; (1 server found)
> > > > > ;; res options: init recurs defnam dnsrch
> > > > > ;; res_nsend: Operation timed out
> > > > 
> > > > Try:
> > > > 
> > > > dig +trace -x 204.107.90.128
> > > > 
> > > 	I don't have a version of dig with trace. :-/ I have debug
> > > though...
> > 
> > Then get yourself the current version of dig.  Debug isn't telling you 
> > anything you don't already know, which is that your local named can't 
> > seem to look this up.
> > 
> > You can also dump your cache to see if it has correct info for 
> > 204.in-addr.arpa.
> > 
> I compiled bind9 in its own directory, but not installed.
> 
> When I run it "by itself" I get :
> 
> vjofn# ./bin/dig/dig +trace -x 204.107.90.128
> 
> ; <<>> DiG 9.3.1 <<>> +trace -x 204.107.90.128
> ;; global options:  printcmd
> .                       370004  IN      NS      D.ROOT-SERVERS.NET.
> .                       370004  IN      NS      A.ROOT-SERVERS.NET.
> .                       370004  IN      NS      H.ROOT-SERVERS.NET.
> .                       370004  IN      NS      C.ROOT-SERVERS.NET.
> .                       370004  IN      NS      G.ROOT-SERVERS.NET.
> .                       370004  IN      NS      F.ROOT-SERVERS.NET.
> .                       370004  IN      NS      B.ROOT-SERVERS.NET.
> .                       370004  IN      NS      J.ROOT-SERVERS.NET.
> .                       370004  IN      NS      K.ROOT-SERVERS.NET.
> .                       370004  IN      NS      L.ROOT-SERVERS.NET.
> .                       370004  IN      NS      M.ROOT-SERVERS.NET.
> .                       370004  IN      NS      I.ROOT-SERVERS.NET.
> .                       370004  IN      NS      E.ROOT-SERVERS.NET.
> ;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
> 
> 204.in-addr.arpa.       86400   IN      NS      chia.ARIN.NET.
> 204.in-addr.arpa.       86400   IN      NS      dill.ARIN.NET.
> 204.in-addr.arpa.       86400   IN      NS      BASIL.ARIN.NET.
> 204.in-addr.arpa.       86400   IN      NS      henna.ARIN.NET.
> 204.in-addr.arpa.       86400   IN      NS      indigo.ARIN.NET.
> 204.in-addr.arpa.       86400   IN      NS      epazote.ARIN.NET.
> 204.in-addr.arpa.       86400   IN      NS      figwort.ARIN.NET.
> ;; Received 196 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 9 ms
> 
> 90.107.204.in-addr.arpa. 86400  IN      NS      ns15.zoneedit.com.
> 90.107.204.in-addr.arpa. 86400  IN      NS      ns18.zoneedit.com.
> ;; Received 95 bytes from 2001:440:2000:1::21#53(chia.ARIN.NET) in 151 ms
> 
> 128.90.107.204.in-addr.arpa. 7200 IN    PTR     
vjofn.tucs-beachin-obx-house.com
> .
> 90.107.204.in-addr.arpa. 7200   IN      NS      ns15.zoneedit.com.
> 90.107.204.in-addr.arpa. 7200   IN      NS      ns18.zoneedit.com.
> ;; Received 138 bytes from 72.9.106.68#53(ns18.zoneedit.com) in 16 ms
> 
> 
> 
> 
> And when I force it to the local server (only?) 
> 
> vjofn# ./bin/dig/dig @127.0.0.1 +trace -x 204.107.90.128
> 
> ; <<>> DiG 9.3.1 <<>> @127.0.0.1 +trace -x 204.107.90.128
> ; (1 server found)
> ;; global options:  printcmd
> .                       369785  IN      NS      K.ROOT-SERVERS.NET.
> .                       369785  IN      NS      L.ROOT-SERVERS.NET.
> .                       369785  IN      NS      M.ROOT-SERVERS.NET.
> .                       369785  IN      NS      I.ROOT-SERVERS.NET.
> .                       369785  IN      NS      E.ROOT-SERVERS.NET.
> .                       369785  IN      NS      D.ROOT-SERVERS.NET.
> .                       369785  IN      NS      A.ROOT-SERVERS.NET.
> .                       369785  IN      NS      H.ROOT-SERVERS.NET.
> .                       369785  IN      NS      C.ROOT-SERVERS.NET.
> .                       369785  IN      NS      G.ROOT-SERVERS.NET.
> .                       369785  IN      NS      F.ROOT-SERVERS.NET.
> .                       369785  IN      NS      B.ROOT-SERVERS.NET.
> .                       369785  IN      NS      J.ROOT-SERVERS.NET.
> ;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 2 ms
> 
> 204.in-addr.arpa.       86400   IN      NS      chia.arin.net.
> 204.in-addr.arpa.       86400   IN      NS      dill.arin.net.
> 204.in-addr.arpa.       86400   IN      NS      basil.arin.net.
> 204.in-addr.arpa.       86400   IN      NS      henna.arin.net.
> 204.in-addr.arpa.       86400   IN      NS      indigo.arin.net.
> 204.in-addr.arpa.       86400   IN      NS      epazote.arin.net.
> 204.in-addr.arpa.       86400   IN      NS      figwort.arin.net.
> ;; Received 196 bytes from 193.0.14.129#53(K.ROOT-SERVERS.NET) in 79 ms
> 
> 90.107.204.in-addr.arpa. 86400  IN      NS      ns15.zoneedit.com.
> 90.107.204.in-addr.arpa. 86400  IN      NS      ns18.zoneedit.com.
> ;; Received 95 bytes from 2001:440:2000:1::21#53(chia.arin.net) in 154 ms
> 
> 128.90.107.204.in-addr.arpa. 7200 IN    PTR     
vjofn.tucs-beachin-obx-house.com.
> 90.107.204.in-addr.arpa. 7200   IN      NS      ns15.zoneedit.com.
> 90.107.204.in-addr.arpa. 7200   IN      NS      ns18.zoneedit.com.
> ;; Received 138 bytes from 72.9.106.68#53(ns18.zoneedit.com) in 16 ms
> 
> 
> 	If I run it w/o the +trace :
> 
> vjofn# ./bin/dig/dig @127.0.0.1  -x 204.107.90.128
> 
> ; <<>> DiG 9.3.1 <<>> @127.0.0.1 -x 204.107.90.128
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
> 
> 
> 
> 
> 	Why does it look like its getting the answer when I trace, but
> not as normal.

Tuc:

Looks like one of your nameservers is not responding:

FAIL	All nameservers respond	

ERROR: Some of your nameservers listed at the parent nameservers did not 
respond. The ones that did not respond are:

72.9.106.68

Note: If you are running a Watchguard Firebox with DNS Proxy enabled, there may 
be a bug causing port numbers get mixed up -- if this is the case, you can 
contact Watchguard to see if they have a fix.

See http://dnsreport.com/tools/dnsreport.ch?domain=tucs-beachin-obx-house.com

and

FAIL	Connect to mail servers	

ERROR: I could not complete a connection to one or more of your mailservers:
vjofn-v6.tucs-beachin-obx-house.com: Could not connect without glue or A record.

t-b-o-h.net looks to be in good shape though.

Regards,
Gregory Hicks

> 
> 		Thanks, Tuc
> 
> 

-------------------------------------------------------------------
Gregory Hicks                        | Principal Systems Engineer
Cadence Design Systems               | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1          | Fax:      408.894.3400
San Jose, CA 95134                   | Internet: ghicks at cadence.com

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton