unresolvable domains

[Kevin Darcy]

A record queries are far more likely to overflow UDP packet size and require a
TCP retransmission, which may be blocked somewhere. This would be one possible
explanation of why A record queries fail even though queries of other record
types do not.

I've never heard of BIND 8.0.5. You should really upgrade all of your
nameservers to 8.2.2-p7 or later.


- Kevin

Cihan Subasi (Garanti Teknoloji) wrote:

> I posted a week ago similar problem on my secondary dns, When I query NS,MX
> record of the domain DNS resolves fine but when I query A records DNS
> returns "Unknown domain or host message"...On the firewall udp port 53 to
> the outside world and to my DNSs are open....Still my Primary DNS resolves
> everything but secondary do not resolv "most of the A records"...On the
> primary I am running Bind 4.9.X secondary is I believe Bind8.0.5....I would
> really use any help...Thanks
>
> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Saturday, November 11, 2000 4:44 AM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: unresolvable domains
>
> Can't get a response from either ns1.yossarian-music.com or your putative
> slave, ns2.myserversdns.com. Make sure you have destination port 53 open
> to the outside with no source port restrictions, and source port 53 with
> no destination port restrictions open outbound. And you should really have
> TCP configured the same way. nslookup doesn't use it by default, but you
> don't want to be banging your head against a brick wall years from now
> when TCP becomes *necessary* for something in one of your domains and you
> can't figure out why it doesn't work.
>
> - Kevin
>
> yossariancomputing at my-deja.com wrote:
>
> > Hi,
> >
> > I've just set up a dns server using bind-8.2.2p5 at the address
> > 209.242.115.2 and told the Internic 10 days ago that I would be hosting
> > the 3 following domains at the above address (ns1.yossarian-music.com):
> >
> > yossarian-music.com
> > paulwhitrod.com
> > 133records.com
> >
> > I then setup forward zones for the above domains, with appropriate A
> > records and nameservers as above, and a revers mapping with a PTR
> > record of 2 back to the nameserver A record.  In fact, I followed
> > numerous examples via the dns resources directory.
> >
> > On the local machine all is fine.  I can resolve external addresses,
> > and ls -d from within nslookup of the forward and reverse domains
> > appears correct.
> >
> > The problem is that outside of the local machine, I can't resolve the
> > domains.  However, on Saturday it appeared that I COULD resolve the
> > domains...and indeed, my local proxy cache software running on my
> > windows machine, netsonic, stored the correct address and I can get to
> > the site still through it?  Also, I've had small amounts of mail sent
> > to me through paulwhitrod.com, and someone from addresses beginning
> > with 212 seems to make occassional access to my webserver...so someone
> > can see me.
> >
> > Note.  I have changed the zone files since Saturday and updated the
> > serial number.
> >
> > BTW I'm running an ip firewall on the server, which only allows UDP
> > traffic at port 53.  I believe nslookup uses TCP, so I don't think
> > you'll be able to use it to query my server....let me know if that's a
> > problem.
> >
> > Could someone help pls?  Thnx very much for your time.
> >
> > Rgds,
> >
> > Steve Huckle
> >
> > Sent via Deja.com http://www.deja.com/
> > Before you buy.