Problem with sakon.com.sg
Barry Margolin
barmar at bbnplanet.com
Tue Oct 19 21:48:14 UTC 1999
In article <28168.940353550 at kludge.mpn.cp.philips.com>,
Jim Reid <jim at mpn.cp.philips.com> wrote:
>>>>>> "Khoo" == Khoo Boon Hing <bhkhoo at nic.net.sg> writes:
>
> Khoo> One of our customer has this problem of getting connection
> Khoo> timed out when querying for records other that 'any' and
> Khoo> 'soa' on host1.sakon.com.sg and host2.sakon.com.sg
>
> Khoo> But when asking for 'and' or 'soa', it looks completely normal :
> Khoo> % dig @host1.sakon.com.sg sakon.com.sg soa
>
> Khoo> .... lots of dig output snipped ....
> Khoo> ;; FROM: ast.nic.net.sg to SERVER: host1.sakon.com.sg 203.116.235.67
>
>But this seems to be what happens when you run dig at *your* site, not
>your customer's....
>
> Khoo> Any idea what could be wrong ? The two servers are behind
> Khoo> firewall, but only certain types of dns query get timed out.
>
>The most likely explanation is that there is a router access control
>list or firewall filter somewhere that is stopping DNS queries going
>to the name servers at host?.sakon.com.sg. (Or their replies getting
>back.) I very much doubt if the problem has anything to do with the
>type of query that is being made. [Don't forget that the successful
>lookups might be coming from the cache on one of the customer's name
>servers.]
No they can't. All his examples included '@host1.sakon.com.sg' in the dig
command, so they bypass the local name server and go directly to the remote
server.
> When a name server is up and responding to queries and
>someone's queries to the server time out, it generally means there is
>some sort of connectivity problem. For example, a routing table is
>screwed up or a firewall is blocking the traffic. Another possibility
>is that these name servers are too busy or there's serious congestion
>which means that the queries or replies don't get through. Tools like
>ping, traceroute and tcpdump can be a help to troubleshoot these
>problems.
I was able to reproduce his problem.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list