NEW DOMAIN: dpp.go.ug

Randy Bush randy at psg.com
Sun Jul 8 06:10:31 UTC 2001 

>> It  appears that I can query ns.imul.com successfully from psg.com. Here
>> is what I get
>> psg.com:/usr/home/ksemat> dig @ns.imul.com dpp.go.ug +norec ns
>>
>> please get in the habit of using terminating dots.
>>
>> but you are correct.  i can query successfully from some hosts and not from
>> others.  those that fail are running bind9.  those that succeed, bind8.
>>
>> randy
>>
>> ---
>>
>> bind 9 (freshly executed)
>>
>> roam.psg.com:/usr/home/randy> dig +norec dpp.go.ug. @ns.imul.com. ns
>>
>> ; <<>> DiG 9.1.1 <<>> +norec dpp.go.ug. @ns.imul.com. ns
>> ;; global options:  printcmd
>> ;; connection timed out; no servers could be reached
>>
>> ...
>>
>> bind8
>>
>> psg.com:/usr/home/randy> dig +norec dpp.go.ug. @ns.imul.com. ns
>>
>> ; <<>> DiG 8.3 <<>> +norec dpp.go.ug. @ns.imul.com. ns
>> ; (1 server found)
>> ;; res options: init defnam dnsrch
>> ;; got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10005
>> ;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
>> ;; QUERY SECTION:
>> ;;      dpp.go.ug, type = NS, class = IN
>>
>> ;; ANSWER SECTION:
>> dpp.go.ug.              23h53m3s IN NS  mail2.starcom.co.ug.
>> dpp.go.ug.              23h53m3s IN NS  ns.imul.com.
>>
>> ;; ADDITIONAL SECTION:
>> mail2.starcom.co.ug.    23h13m5s IN A   193.219.212.7
>> ns.imul.com.            1D IN A         216.129.142.2
>>
>> ;; Total query time: 621 msec
>> ;; FROM: psg.com to SERVER: ns.imul.com.  216.129.142.2
>> ;; WHEN: Thu Jul  5 10:25:47 2001
>> ;; MSG SIZE  sent: 27  rcvd: 117
>
> First of all, why bother with terminating dots? Unlike the blecherous
> nslookup, decent DNS troubleshooting tools like "dig" don't implement
> "search" algorithms, so terminating dots are usually superfluous.
> 
> Secondly, since you're pointing "dig" directly at the ns.imul.com
> nameserver, what difference does it make what version of BIND the local
> nameserver is running? If anything, this is a difference between the BIND
> 8 and BIND 9 version of "dig" (possibly related to the newer "dig"s
> attempt to use EDNS0?).
> 
> Having said all of that, however, I just plopped a version of the BIND 9
> "dig" on one of our firewalls and I can use it to query this name from the
> ns.imul.com server just fine. Are you sure this isn't some sort of local
> networking problem? Perhaps an intermittent one?

yes, terminating dots make a difference sometimes.  the name server to be
probed is filled out the old fashioned way.

and the actual problem turned out to be that the server is running an
interesting name daemon.

randy

More information about the bind-users mailing list