VERY wierd cant lookup mx problem

[Jim Reid]

>>>>> "Mike" == Email Archive <archive at securityinsight.com> writes:

    Mike> Folks, I have a dns server sges01.xpedite.com.sg that is
    Mike> having a wierd problem.  It is running bind 4.9.4-p1 on
    Mike> solaris 5.6.

Bind 4.9.4 is very dead, even by BIND4 standards and that died ~3
years ago. Upgrade to the latest version, 8.2.2P5 or (real soon now)
8.2.3. Or if you want to stick to vendor-supplied code, get the latest
Sun DNS patch.

    Mike> I am trying to do a lookup of the mx records
    Mike> for db.com so we can send them some email but a mx query
    Mike> fails with no response. I ran nslookup in d2 mode and
    Mike> verified that it sends the request but times out. I can
    Mike> connect to any of their dns servers on port 53 so I know it
    Mike> is not a connectivity problem.

I wouldn't be so sure. I queried your name server for the db.com
zone's NS records. It gives the right answer. But when I ask it for
db.com's MX records, the query times out. In fact, it looks like your
name server times out if it is queried for any name or record type in
the db.com zone. This probably means your name server is unable to
query the name servers for db.com and get an answer back. Connecting
to port 53 of their servers just proves TCP traffic works. But DNS
queries generally use UDP.... So maybe there's some firewall or router
that's dropping the queries from your name server to their name
servers (or back again). Try running a packet snooper and look for the
traffic between these name servers and any ICMP responses for that
traffic. Or maybe db.com's name servers are blackholing your queries
for some reason: try asking their hostmaster.

It might also be an idea to restart your name server though it's
doubtful if this will do any good. [It's always the thing to try as a
laste resort.] Before you do that, take a dump of the current cache so
you can look at it just in case your server's cache got mangled
somehow.