Can't resolve hotmail.com, everything else is fine

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Tue Dec 3 18:02:22 UTC 2002 

Paul Roberts <red3kgto at hotmail.com> wrote:

> This is very weird. I'm running BIND 9.2.1 on Solaris 8 and have a
> caching only server on my internet DMZ. I can resolve pretty much
> everything I need, apart from any records for hotmail.com. I can see
> the hotmail.com NS records in the cache but my server isn't getting
> any response when it tries to query these servers.

> I've read a lot in here about EDNS, but I've tried switching it off
> and also using dig with and without EDNS, and neither work.

> The queries are going out through Checkpoint FW-1 (I can see them in
> the log).

> I have got around the problem by setting up a conditional forwarding
> statement that just forwards any hotmail.com queries out to my ISP DNS
> servers, and this seems to work, but it's a bit of a bodge as I'd
> rather have my server use the internet roots.

> Anyone got any ideas? Here's what I get:

Whats that checkpoint doing with your packets ?

I can get hotmail.mx with bind-9.2.1 + openBSD 
ns:peter {101} dig hotmail.com mx

; <<>> DiG 9.2.1 <<>> hotmail.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55080
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 10

;; QUESTION SECTION:
;hotmail.com.                   IN      MX

;; ANSWER SECTION:
hotmail.com.            3560    IN      MX      5 mx4.hotmail.com.
hotmail.com.            3560    IN      MX      5 mx1.hotmail.com.
hotmail.com.            3560    IN      MX      5 mx2.hotmail.com.
hotmail.com.            3560    IN      MX      5 mx3.hotmail.com.

;; AUTHORITY SECTION:
hotmail.com.            3560    IN      NS      ns4.hotmail.com.
hotmail.com.            3560    IN      NS      ns1.hotmail.com.
hotmail.com.            3560    IN      NS      ns2.hotmail.com.
hotmail.com.            3560    IN      NS      ns3.hotmail.com.

;; ADDITIONAL SECTION:
mx1.hotmail.com.        3560    IN      A       65.54.254.129
mx1.hotmail.com.        3560    IN      A       65.54.166.99
mx1.hotmail.com.        3560    IN      A       65.54.252.99
mx2.hotmail.com.        3560    IN      A       65.54.254.145
mx2.hotmail.com.        3560    IN      A       65.54.166.230
mx2.hotmail.com.        3560    IN      A       65.54.252.230
mx3.hotmail.com.        3560    IN      A       65.54.254.140
mx3.hotmail.com.        3560    IN      A       65.54.253.99
mx4.hotmail.com.        3560    IN      A       65.54.254.151
mx4.hotmail.com.        3560    IN      A       65.54.253.230

;; Query time: 144 msec
;; SERVER: 62.20.110.202#53(62.20.110.202)
;; WHEN: Tue Dec  3 18:56:17 2002
;; MSG SIZE  rcvd: 341


Try sniffing outside the fw-1 and find out why it's dropping it.



> Regards,

> Paul Roberts
> DNS Architect - Core Network Design
> Hutchison3G
  ^^^^^^^^^^

Nice, i have a meeting with them tomorrow ...


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list