Strange problem resolving yahoo.com

Mark Andrews Mark_Andrews at isc.org
Thu Oct 28 22:54:20 UTC 2004 

> Jeffrey Keil <keilj_33 at yahoo.com> wrote:
> > Greetings:
> 
> > We're running bind on a Macintosh OS X server. There is never any
> > problem with DNS except for one domain. We have problems with
> > yahoo.com and no other domain that I am aware of.
> 
> > As you can see from the output below, we can resolve yahoo.com with
> > dig and nslookup, but we can't check email at yahoo because we can't
> > resolve mail.yahoo.com or login.yahoo.com:
> 
> You should use appropiate tools, nslookup is not one of these.
> 
> > dig mail.yahoo.com
> 
> ; <<>> DiG 8.3 <<>> mail.yahoo.com
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 11, ADDITIONAL: 11
> ;; QUERY SECTION:
> ;;      mail.yahoo.com, type = A, class = IN
> 
> ;; ANSWER SECTION:
> mail.yahoo.com.         30M IN CNAME    login.yahoo.com.
> login.yahoo.com.        5M IN CNAME     login.yahoo.akadns.net.
> login.yahoo.akadns.net.  1M IN A  66.218.75.184
> 
> ;; AUTHORITY SECTION:
> akadns.net.             1d22h51m30s IN NS  asia3.akam.net.
> akadns.net.             1d22h51m30s IN NS  eur3.akam.net.
> akadns.net.             1d22h51m30s IN NS  use2.akam.net.
> akadns.net.             1d22h51m30s IN NS  use4.akam.net.
> akadns.net.             1d22h51m30s IN NS  usw5.akam.net.
> akadns.net.             1d22h51m30s IN NS  usw6.akam.net.
> akadns.net.             1d22h51m30s IN NS  usw7.akam.net.
> akadns.net.             1d22h51m30s IN NS  za.akadns.org.
> akadns.net.             1d22h51m30s IN NS  zc.akadns.org.
> akadns.net.             1d22h51m30s IN NS  zf.akadns.org.
> akadns.net.             1d22h51m30s IN NS  zh.akadns.org.
> 
> ;; ADDITIONAL SECTION:
> asia3.akam.net.         23h4m37s IN A   193.108.154.9
> eur3.akam.net.          1d22h51m30s IN A  193.45.1.103
> use2.akam.net.          1d22h51m30s IN A  63.209.170.136
> use4.akam.net.          23h4m37s IN A   80.67.67.182
> usw5.akam.net.          23h4m37s IN A   63.241.73.214
> usw6.akam.net.          1d22h51m30s IN A  206.132.100.108
> usw7.akam.net.          1d22h51m30s IN A  65.203.234.27
> za.akadns.org.          4h11m30s IN A   208.185.132.176
> zc.akadns.org.          4h11m30s IN A   63.241.199.54
> zf.akadns.org.          4h11m30s IN A   63.241.29.161
> zh.akadns.org.          4h11m30s IN A   63.208.48.46
> 
> ;; Total query time: 297 msec
> ;; FROM: zap.hk.ipsec.se to SERVER: default -- 192.168.99.5
> ;; WHEN: Thu Oct 28 23:21:20 2004
> ;; MSG SIZE  sent: 32  rcvd: 511
> 
> >
> 
> 
> ( this was 'dig' )
> 
> 
> > ~ root at osx2 # nslookup yahoo.com
> > Server:  ns2.gcs-usa.com
> > Address:  192.168.1.42
> 
> > Name:    yahoo.com
> > Addresses:  66.94.234.13, 216.109.112.135
> 
> > ~ root at osx2 # nslookup mail.yahoo.com
> > Server:  ns2.gcs-usa.com
> > Address:  192.168.1.42
> 
> > *** ns2.gcs-usa.com can't find mail.yahoo.com: Non-existent
> > host/domain
> > ~ root at osx2 # nslookup login.yahoo.com
> > Server:  ns2.gcs-usa.com
> > Address:  192.168.1.42
> 
> > *** ns2.gcs-usa.com can't find login.yahoo.com: Non-existent
> > host/domain
> 
> 
> > ~ root at osx2 # dig login.yahoo.com
> 
> > ; <<>> DiG 8.3 <<>> login.yahoo.com 
> > ;; res options: init recurs defnam dnsrch
> > ;; res_nsend to server default -- 192.168.1.42: Operation timed out
> 
> This is not what i get :
> >  dig login.yahoo.com
> 
> ; <<>> DiG 8.3 <<>> login.yahoo.com
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 11, ADDITIONAL: 11
> ;; QUERY SECTION:
> ;;      login.yahoo.com, type = A, class = IN
> 
> ;; ANSWER SECTION:
> login.yahoo.com.        3M IN CNAME     login.yahoo.akadns.net.
> login.yahoo.akadns.net.  1M IN A  66.218.75.184
> 
> ;; AUTHORITY SECTION:
> akadns.net.             1d22h49m30s IN NS  asia3.akam.net.
> akadns.net.             1d22h49m30s IN NS  eur3.akam.net.
> akadns.net.             1d22h49m30s IN NS  use2.akam.net.
> akadns.net.             1d22h49m30s IN NS  use4.akam.net.
> akadns.net.             1d22h49m30s IN NS  usw5.akam.net.
> akadns.net.             1d22h49m30s IN NS  usw6.akam.net.
> akadns.net.             1d22h49m30s IN NS  usw7.akam.net.
> akadns.net.             1d22h49m30s IN NS  za.akadns.org.
> akadns.net.             1d22h49m30s IN NS  zc.akadns.org.
> akadns.net.             1d22h49m30s IN NS  zf.akadns.org.
> akadns.net.             1d22h49m30s IN NS  zh.akadns.org.
> 
> ;; ADDITIONAL SECTION:
> asia3.akam.net.         23h2m37s IN A   193.108.154.9
> eur3.akam.net.          1d22h49m30s IN A  193.45.1.103
> use2.akam.net.          1d22h49m30s IN A  63.209.170.136
> use4.akam.net.          23h2m37s IN A   80.67.67.182
> usw5.akam.net.          23h2m37s IN A   63.241.73.214
> usw6.akam.net.          1d22h49m30s IN A  206.132.100.108
> usw7.akam.net.          1d22h49m30s IN A  65.203.234.27
> za.akadns.org.          4h9m30s IN A    208.185.132.176
> zc.akadns.org.          4h9m30s IN A    63.241.199.54
> zf.akadns.org.          4h9m30s IN A    63.241.29.161
> zh.akadns.org.          4h9m30s IN A    63.208.48.46
> 
> ;; Total query time: 409 msec
> ;; FROM: zap.hk.ipsec.se to SERVER: default -- 192.168.99.5
> ;; WHEN: Thu Oct 28 23:23:20 2004
> ;; MSG SIZE  sent: 33  rcvd: 493
> 
> 
> > ~ root at osx2 # dig yahoo.com
> 
> > ; <<>> DiG 8.3 <<>> yahoo.com 
> > ;; res options: init recurs defnam dnsrch
> > ;; got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL:
> > 5
> > ;; QUERY SECTION:
> > ;;      yahoo.com, type = A, class = IN
> 
> > ;; ANSWER SECTION:
> > yahoo.com.              5M IN A         66.94.234.13
> > yahoo.com.              5M IN A         216.109.112.135
> 
> > ;; AUTHORITY SECTION:
> > yahoo.com.              1d23h29m53s IN NS  ns1.yahoo.com.
> > yahoo.com.              1d23h29m53s IN NS  ns2.yahoo.com.
> > yahoo.com.              1d23h29m53s IN NS  ns3.yahoo.com.
> > yahoo.com.              1d23h29m53s IN NS  ns4.yahoo.com.
> > yahoo.com.              1d23h29m53s IN NS  ns5.yahoo.com.
> 
> > ;; ADDITIONAL SECTION:
> > ns1.yahoo.com.          1d4h6m3s IN A   66.218.71.63
> > ns2.yahoo.com.          1d4h6m3s IN A   66.163.169.170
> > ns3.yahoo.com.          1d4h6m3s IN A   217.12.4.104
> > ns4.yahoo.com.          1d4h6m3s IN A   63.250.206.138
> > ns5.yahoo.com.          1d4h6m3s IN A   216.109.116.17
> 
> > ;; Total query time: 101 msec
> > ;; FROM: osx2 to SERVER: default -- 192.168.1.42
> > ;; WHEN: Wed Oct 27 10:56:09 2004
> > ;; MSG SIZE  sent: 27  rcvd: 238
> 
> 
> > This is a problem that is getting worse. I can't even pull up yahoo's
> > web site in a browser now. I'm not sure what the problem is. Any help
> > or suggestions would be greatly appreciatedly.
> 
> > Thanks,
> > Jeff
> 
> You might have a problem yoth your ISP's routing. Is the problem persistent ?
> 
> 
> 
> 
> 
> -- 
> Peter Håkanson         
>         IPSec  Sverige      ( At Gothenburg Riverside )
>            Sorry about my e-mail address, but i'm trying to keep spam out,
> 	   remove "icke-reklam" if you feel for mailing me. Thanx.
 
	There is a firewall blocking the answer to the following EDNS
	query.  Note the answer size > 512 bytes.  It takes time for
	named to detect this and recover.

	The COM/NET zones just added IPv6 support so more referral answers
	like this one will exceed 512 bytes.

	The correct fix is to upgrade / configure your firewall to
	understand EDNS.  Talk to your firewall vendor.

	A short term work around is to add "edns-udp-size 512;" to
	options.  edns-udp-size is available in 9.3.0 / 8.4.0.

; <<>> DiG 9.3.1prerelease <<>> login.yahoo.com @ns1.yahoo.com +dnssec
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18832
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 16

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;login.yahoo.com.		IN	A

;; ANSWER SECTION:
login.yahoo.com.	300	IN	CNAME	login.yahoo.akadns.net.

;; AUTHORITY SECTION:
net.			7370	IN	NS	A.GTLD-SERVERS.net.
net.			7370	IN	NS	G.GTLD-SERVERS.net.
net.			7370	IN	NS	H.GTLD-SERVERS.net.
net.			7370	IN	NS	C.GTLD-SERVERS.net.
net.			7370	IN	NS	I.GTLD-SERVERS.net.
net.			7370	IN	NS	B.GTLD-SERVERS.net.
net.			7370	IN	NS	D.GTLD-SERVERS.net.
net.			7370	IN	NS	L.GTLD-SERVERS.net.
net.			7370	IN	NS	F.GTLD-SERVERS.net.
net.			7370	IN	NS	J.GTLD-SERVERS.net.
net.			7370	IN	NS	K.GTLD-SERVERS.net.
net.			7370	IN	NS	E.GTLD-SERVERS.net.
net.			7370	IN	NS	M.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net.	7370	IN	A	192.5.6.30
A.GTLD-SERVERS.net.	7370	IN	AAAA	2001:503:a83e::2:30
G.GTLD-SERVERS.net.	7370	IN	A	192.42.93.30
H.GTLD-SERVERS.net.	7370	IN	A	192.54.112.30
C.GTLD-SERVERS.net.	7370	IN	A	192.26.92.30
I.GTLD-SERVERS.net.	7370	IN	A	192.43.172.30
B.GTLD-SERVERS.net.	7370	IN	A	192.33.14.30
B.GTLD-SERVERS.net.	7370	IN	AAAA	2001:503:231d::2:30
D.GTLD-SERVERS.net.	7370	IN	A	192.31.80.30
L.GTLD-SERVERS.net.	7370	IN	A	192.41.162.30
F.GTLD-SERVERS.net.	7370	IN	A	192.35.51.30
J.GTLD-SERVERS.net.	7370	IN	A	192.48.79.30
K.GTLD-SERVERS.net.	7370	IN	A	192.52.178.30
E.GTLD-SERVERS.net.	7370	IN	A	192.12.94.30
M.GTLD-SERVERS.net.	7370	IN	A	192.55.83.30

;; Query time: 186 msec
;; SERVER: 66.218.71.63#53(66.218.71.63)
;; WHEN: Fri Oct 29 08:42:16 2004
;; MSG SIZE  rcvd: 565

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list