BIND only resolves hostname on the second attempt
Mark Andrews
Mark_Andrews at isc.org
Fri Oct 29 01:44:13 UTC 2004
> on 10/28/04 6:05 PM, Mark Andrews at Mark_Andrews at isc.org wrote:
>
> >> I also have the same problem in my colo cabinet. My ISP tells me there is
> >> no firewall, I certainly do not have one. How can I test for sure that ED
> NS
> >> is being blocked and how can I pin it down to where?
> >
> > This make a traditional DNS query.
> > dig +norec www.microsoft.com @a.root-servers.net
> >
> > These make EDNS queries.
> > dig +norec www.microsoft.com @a.root-servers.net +bufsize=4096
> > dig +norec www.microsoft.com @a.root-servers.net +dnssec
> >
> > A firewall that is block EDNS replies > 512 bytes will allow the
> > first through and block the later.
>
> I ran both of those, I will paste it in below, they both seemed to be
> allowed, or at least dig did send something back to me.
>
> Any other ideas as to why I can not resolve hostnames with my NS all of a
> sudden?
>
> dig +norec www.microsoft.com @a.root-servers.net +bufsize=4096
>
> ; <<>> DiG 9.2.2 <<>> +norec www.microsoft.com @a.root-servers.net
> +bufsize=4096
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55769
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 16
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.microsoft.com. IN A
>
> ;; AUTHORITY SECTION:
> com. 172800 IN NS A.GTLD-SERVERS.NET.
> com. 172800 IN NS G.GTLD-SERVERS.NET.
> com. 172800 IN NS H.GTLD-SERVERS.NET.
> com. 172800 IN NS C.GTLD-SERVERS.NET.
> com. 172800 IN NS I.GTLD-SERVERS.NET.
> com. 172800 IN NS B.GTLD-SERVERS.NET.
> com. 172800 IN NS D.GTLD-SERVERS.NET.
> com. 172800 IN NS L.GTLD-SERVERS.NET.
> com. 172800 IN NS F.GTLD-SERVERS.NET.
> com. 172800 IN NS J.GTLD-SERVERS.NET.
> com. 172800 IN NS K.GTLD-SERVERS.NET.
> com. 172800 IN NS E.GTLD-SERVERS.NET.
> com. 172800 IN NS M.GTLD-SERVERS.NET.
>
> ;; ADDITIONAL SECTION:
> A.GTLD-SERVERS.NET. 172800 IN AAAA 2001:503:a83e::2:30
> A.GTLD-SERVERS.NET. 172800 IN A 192.5.6.30
> G.GTLD-SERVERS.NET. 172800 IN A 192.42.93.30
> H.GTLD-SERVERS.NET. 172800 IN A 192.54.112.30
> C.GTLD-SERVERS.NET. 172800 IN A 192.26.92.30
> I.GTLD-SERVERS.NET. 172800 IN A 192.43.172.30
> B.GTLD-SERVERS.NET. 172800 IN AAAA 2001:503:231d::2:30
> B.GTLD-SERVERS.NET. 172800 IN A 192.33.14.30
> D.GTLD-SERVERS.NET. 172800 IN A 192.31.80.30
> L.GTLD-SERVERS.NET. 172800 IN A 192.41.162.30
> F.GTLD-SERVERS.NET. 172800 IN A 192.35.51.30
> J.GTLD-SERVERS.NET. 172800 IN A 192.48.79.30
> K.GTLD-SERVERS.NET. 172800 IN A 192.52.178.30
> E.GTLD-SERVERS.NET. 172800 IN A 192.12.94.30
> M.GTLD-SERVERS.NET. 172800 IN A 192.55.83.30
>
> ;; Query time: 72 msec
> ;; SERVER: 198.41.0.4#53(a.root-servers.net)
> ;; WHEN: Thu Oct 28 18:10:18 2004
> ;; MSG SIZE rcvd: 534
>
>
> dig +norec www.microsoft.com @a.root-servers.net +dnssec
>
> ; <<>> DiG 9.2.2 <<>> +norec www.microsoft.com @a.root-servers.net +dnssec
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11701
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 16
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.microsoft.com. IN A
>
> ;; AUTHORITY SECTION:
> com. 172800 IN NS A.GTLD-SERVERS.NET.
> com. 172800 IN NS G.GTLD-SERVERS.NET.
> com. 172800 IN NS H.GTLD-SERVERS.NET.
> com. 172800 IN NS C.GTLD-SERVERS.NET.
> com. 172800 IN NS I.GTLD-SERVERS.NET.
> com. 172800 IN NS B.GTLD-SERVERS.NET.
> com. 172800 IN NS D.GTLD-SERVERS.NET.
> com. 172800 IN NS L.GTLD-SERVERS.NET.
> com. 172800 IN NS F.GTLD-SERVERS.NET.
> com. 172800 IN NS J.GTLD-SERVERS.NET.
> com. 172800 IN NS K.GTLD-SERVERS.NET.
> com. 172800 IN NS E.GTLD-SERVERS.NET.
> com. 172800 IN NS M.GTLD-SERVERS.NET.
>
> ;; ADDITIONAL SECTION:
> A.GTLD-SERVERS.NET. 172800 IN AAAA 2001:503:a83e::2:30
> A.GTLD-SERVERS.NET. 172800 IN A 192.5.6.30
> G.GTLD-SERVERS.NET. 172800 IN A 192.42.93.30
> H.GTLD-SERVERS.NET. 172800 IN A 192.54.112.30
> C.GTLD-SERVERS.NET. 172800 IN A 192.26.92.30
> I.GTLD-SERVERS.NET. 172800 IN A 192.43.172.30
> B.GTLD-SERVERS.NET. 172800 IN AAAA 2001:503:231d::2:30
> B.GTLD-SERVERS.NET. 172800 IN A 192.33.14.30
> D.GTLD-SERVERS.NET. 172800 IN A 192.31.80.30
> L.GTLD-SERVERS.NET. 172800 IN A 192.41.162.30
> F.GTLD-SERVERS.NET. 172800 IN A 192.35.51.30
> J.GTLD-SERVERS.NET. 172800 IN A 192.48.79.30
> K.GTLD-SERVERS.NET. 172800 IN A 192.52.178.30
> E.GTLD-SERVERS.NET. 172800 IN A 192.12.94.30
> M.GTLD-SERVERS.NET. 172800 IN A 192.55.83.30
>
> ;; Query time: 71 msec
> ;; SERVER: 198.41.0.4#53(a.root-servers.net)
> ;; WHEN: Thu Oct 28 18:10:31 2004
> ;; MSG SIZE rcvd: 534
> --
> -------------------------------------------------------------
> Scott Haneda Tel: 415.898.2602
> <http://www.newgeo.com> Fax: 313.557.5052
> <scott at newgeo.com> Novato, CA U.S.A.
I would be looking at your IPv6 connectivity.
I would also be upgrading from 9.2.2.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list