Dig, nslookup fail when referencing other server
Barry Margolin
barmar at genuity.net
Tue Apr 30 20:35:45 UTC 2002
In article <aamr3b$mlj at pub3.rc.vix.com>, VinceV <vpv at rdrop.com> wrote:
>
>The problem:
>
>On my local RH7.2 server which is primary DNS for my domains
>(ns.ak7.com) and is defined for split DNS (local 192.x.x.x and
>Requests from "outside").
>
>I can run
>dig -x199.26.172.34
>and it returns the correct answer rdrop.com
>
>However, if I try to use the primary rdrop.com name server
>dig -x199.26.172.34 @ns1.rdrop.com
>The request times out.
>The deprecated nslookup function exhibits similar behavior.
>
>Ping to ns1.rdrop.com is succesful
>traceroute ns1.rdrop.com fails (no route, default is UDP)
>traceroute -I ns1.rdrop.com is successful (-I force ICMP)
>
>It appears that BIND is working correctly on my local server since it
>resolved the domain request correctly.
Does it have a private copy of that reverse domain? When I query
ns1.rdrop.com, I get the answer agora.rdrop.com, not rdrop.com. If you're
getting a different answer from the local server, I think it must have its
own version of the domain (as part of the split DNS configuration).
>The network sits behind a Watchguard SOHO firewall that allows all
>outbound connections. The RH 6.1 server that sits on the same switch
>resolves without a problem.
>
>Any ideas what would cause dig to fail?
I have no problem making that query, so I suspect it has something to do
with the firewall blocking UDP to ns1.rdrop.com; that would also explain
the traceroute failure.
Can you put a sniffer at various points along the path, to see where the
packets are getting lost?
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list