Problem with sakon.com.sg
Jim Reid
jim at mpn.cp.philips.com
Tue Oct 19 17:19:10 UTC 1999
>>>>> "Khoo" == Khoo Boon Hing <bhkhoo at nic.net.sg> writes:
Khoo> One of our customer has this problem of getting connection
Khoo> timed out when querying for records other that 'any' and
Khoo> 'soa' on host1.sakon.com.sg and host2.sakon.com.sg
Khoo> But when asking for 'and' or 'soa', it looks completely normal :
Khoo> % dig @host1.sakon.com.sg sakon.com.sg soa
Khoo> .... lots of dig output snipped ....
Khoo> ;; FROM: ast.nic.net.sg to SERVER: host1.sakon.com.sg 203.116.235.67
But this seems to be what happens when you run dig at *your* site, not
your customer's....
Khoo> Any idea what could be wrong ? The two servers are behind
Khoo> firewall, but only certain types of dns query get timed out.
The most likely explanation is that there is a router access control
list or firewall filter somewhere that is stopping DNS queries going
to the name servers at host?.sakon.com.sg. (Or their replies getting
back.) I very much doubt if the problem has anything to do with the
type of query that is being made. [Don't forget that the successful
lookups might be coming from the cache on one of the customer's name
servers.] When a name server is up and responding to queries and
someone's queries to the server time out, it generally means there is
some sort of connectivity problem. For example, a routing table is
screwed up or a firewall is blocking the traffic. Another possibility
is that these name servers are too busy or there's serious congestion
which means that the queries or replies don't get through. Tools like
ping, traceroute and tcpdump can be a help to troubleshoot these
problems.
More information about the bind-users
mailing list