Not able to resolve external names
John Ross
john.ross at informix.com
Tue Nov 6 17:57:25 UTC 2001
Could you give me a couple of examples to try? What am I looking for?
--
John Ross
Systems Management Integration Professional - Adv
Data Management Solutions
IBM, Inc.
16011 College Blvd.
Lenexa, KS 66219
Tel: (913) 599-8611 Fax: (913) 599-8565
<http://www.ksu.edu>
> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Monday, November 05, 2001 8:06 PM
> To: 'bind-users at isc.org'
> Subject: Re: Not able to resolve external names
>
>
>
> Cache poisoning isn't always malicious. Sometimes it's caused
> by plain old
> ignorance and/or laziness. A DNS admin decides to shove all of their
> information into a "com" zone, rather than having separate
> zones for a bunch
> of different domains. That makes things easy for the admin,
> but it means that
> his/her nameserver now claims to be authoritative for "com". Other
> nameservers may believe these claims and start querying that
> nameserver for
> *all* "com" names. If this misconfigured nameserver happens
> to be one which
> you talk to frequently, then your cache may get poisoned
> within a few minutes
> of starting your nameserver. As Mark said, if this is cache
> poisoning, you
> may need to track the source of the poison. Do some recursive queries,
> preferrably using "dig" instead of "nslookup", and look at
> what is contained
> in the "Authority" section. If your cache is poisoned, you
> should see the
> evidence there. Once identified, you should a) in the short
> term, use the
> "bogusns" directive to protect yourself from this poison, b)
> in the medium
> term, upgrade to BIND 8 or BIND 9, which is more immune to
> poison, and c) for
> the long term, notify the administrator of the nameserver and
> get them to fix
> it.
>
>
> - Kevin
>
> John Ross wrote:
>
> > What exactly do you mean by cache poisoning? I am assuming
> that you are
> > suggesting that the cache could be bad, but have already
> shutdown, cleared
> > out the secondary zones (for kicks), and restarted. So far
> the only thing
> > that has worked is setting up a forwarders line to servers
> outside of this
> > site. Or are you suggesting something else that I am not
> thinking of?
> >
> > John
> >
> > --
> > John Ross
> > Systems Management Integration Professional - Adv
> > Data Management Solutions
> > IBM, Inc.
> > 16011 College Blvd.
> > Lenexa, KS 66219
> > Tel: (913) 599-8611 Fax: (913) 599-8565
> >
> > <http://www.ksu.edu>
> >
> > > -----Original Message-----
> > > From: Mark.Andrews at isc.org [mailto:Mark.Andrews at isc.org]
> > > Sent: Monday, November 05, 2001 5:34 PM
> > > To: John Ross
> > > Cc: 'bind-users at isc.org'
> > > Subject: Re: Not able to resolve external names
> > >
> > >
> > >
> > > > Content-Type: text/plain;
> > > > charset="iso-8859-1"
> > > >
> > > > I am having a problem with BIND 4.9x. Just recently it has
> > > decided to not
> > > > resolve external names (ie www.yaho.com
> > > <http://www.yaho.com> , etc.).
> > > > Internal names resolve correctly, but external names just
> > > time out, or
> > > > resolve minutes later. I have checked my connectivity to
> > > the root servers
> > > > and I can both ping by address, and traceroute via port 53,
> > > so it appears
> > > > that I can reach them. I recently pulled a copy of the
> > > current root
> > > > servers, so that should be correct. I am pulling my hair
> > > out over this one,
> > > > because unless I am missing something, everything looks fine.
> > > >
> > > > If any could lend a hand on this one, I would greatly
> appreciate it.
> > > > --
> > > > John Ross
> > > > Systems Management Integration Professional - Adv
> > > > Data Management Solutions
> > > > IBM, Inc.
> > > > 16011 College Blvd.
> > > > Lenexa, KS 66219
> > > > Tel: (913) 599-8611 Fax: (913) 599-8565
> > > >
> > > > <http://www.ksu.edu/>
> > >
> > > It could be cache poisioning. Make some
> non-recursive queries
> > > and see if the referal information looks correct.
> > >
> > > Mark
> > > --
> > > Mark Andrews, Internet Software Consortium
> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > > PHONE: +61 2 9871 4742 INTERNET:
> Mark.Andrews at isc.org
> > >
>
>
More information about the bind-users
mailing list