named timeout when trying to resolve a certain (definitely exisiting) hostname on the internet

[Barry Margolin]

In article <9s98hp$n9l at pub3.rc.vix.com>, Matthias Hupp <mhupp at gmx.de> wrote:
>After having similar problems from time to time, The name server (named, BIND
>version 8.2.2-P5) on the machine I take care of (SuSE Linux kernel 2.2.14)

Let me be the first to remind you to upgrade your BIND to one that doesn't
have known security problems.

>became unable to resolve the address of one specific mail server
>(host61.axa-its.axa.de) although other nameservers, like that of my ISP, have
>no problem with it and produce quick results. I did not change my name server
>configuration; a quick test with my old ipchains ruleset did not help either,
>so I am pretty sure it doesn't have anything to do with the firewall changes.
>Besides, port 53 is open on every interface.
>
>I tried ping and traceroute on host61.axa-its.axa.de, resulting in endless
>waiting periods to no avail;
>> dig host61.axa-its.axa.de
>sends me a timeout message,
>> dig axa.de
>does as well.
>> dig host61.axa-its.axa.de @isp.nameserver
>works, but doesn't seem to store the results in my named's cache. my
>postfix/smtpd is aunable to receive mail from the server; every connection
>attempt produces the following log output:

Can you ping the nameservers for the axa.de domain, dns01.pironet-ndh.com,
dns02.pironet-ndh.com, and dns03.pironet-ndh.com?  Maybe there's a firewall
somewhere blocking communication between your server and those servers.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.