problems resolving domains unser NSxx.DOMAINCONTROL.COM - this problem i have too! :(((((
Erwin Lansing
erwin at FreeBSD.org
Wed Jun 23 09:01:29 UTC 2010
On Wed, Jun 23, 2010 at 05:51:24PM +1000, Mark Andrews wrote:
>
> In message <AANLkTinjqoRpLnyqj5tsO2TDwLt_ROPzDMrYMOIPHYTO at mail.gmail.com>, Piff
> writes:
> > Mark,
> >
> > more than once you have blamed firewal but I have tested without
> > firewall and NSxx.DOMAINCONTROL.COM do not answer to "dig +dnssec".
>
> Wrong. The nameserver DO answer these queries.
Right, unfortunately. All is fine on a freshly reloaded bind, but after
a while no answers are seen. This is on Bind 9.4, 9.5 and 9.6.
>
> # dig +dnssec @ns33.domaincontrol.com. replacementservices.com.
>
> ; <<>> DiG 9.3.6-P1 <<>> +dnssec @ns33.domaincontrol.com. replacementservices.com.
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41760
> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;replacementservices.com. IN A
>
> ;; ANSWER SECTION:
> replacementservices.com. 3600 IN A 72.32.12.235
>
> ;; AUTHORITY SECTION:
> replacementservices.com. 3600 IN NS ns33.domaincontrol.com.
> replacementservices.com. 3600 IN NS ns34.domaincontrol.com.
>
> ;; Query time: 346 msec
> ;; SERVER: 216.69.185.17#53(216.69.185.17)
> ;; WHEN: Wed Jun 23 17:39:43 2010
> ;; MSG SIZE rcvd: 109
>
> #
# dig +dnssec @ns33.domaincontrol.com. replacementservices.com.
; <<>> DiG 9.6.1-P3 <<>> +dnssec @ns33.domaincontrol.com.
replacementservices.com.
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
>
> Since you are not getting answers then there is a problem between
> you and the nameservers in question and as just about every one
> else is getting answers as well this puts the problem close to you.
> i.e. Your network or your ISP's network. Something on the path is
> doing DPI tests and is rejecting the response. Do you have a NAT
> that does DPI?
No firewall, DPI, NAT or any form of filtering involved on our side,
direct peering with GLBX.
-erwin
--
Erwin Lansing (o_ _o) http://droso.org
Ceterum censeo \\\_\ /_///
Carthaginem esse delendam <____) (____> erwin at lansing.dk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100623/4a1bddd8/attachment.bin>
More information about the bind-users
mailing list