problem with resolving SOME EXTERNAL domains

Mon Jun 13 19:24:46 UTC 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

dig does rely on a well maintained /etc/hosts file :)

I did have problems digging and I did see the same problems with
check_soa program from the O'Reilly book "DNS and BIND".

There are some programmes that can read a zone file and build an
/etc/hosts like file for you. Please read more on one of the following
sites:

http://www.kokoom.com/iason
http://iason.site.voila.fr

Dont worry most of the documentation is english.

After I had the glue records "added" to my /etc/hosts both
dig and check_soa worked fine.

|
| Can you query those servers directly by IP address from dig, eg
| ns-naples.navy.mil is 138.180.5.138, so
|
| dig @138.180.5.138 usno.navy.mil. a +norec
|
| should list the NS records for usno.navy.mil and the A records for those
| servers:

try: dig -t any @138.180.5.138 usno.navy.mil. a +norec
and: dig -t any @138.180.5.138 usno.navy.mil. a +norec +vc

"-t any" gets you all information. If you had hit the SOA it would
return only the "A" record.

"+vc" will use tcp not udp. That might be necessary if the returned
data does not fit into an udp packet.

|
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64477
| ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
|
| ;; QUESTION SECTION:
| ;usno.navy.mil.               IN    A
|
| ;; AUTHORITY SECTION:
| usno.navy.mil.          86400 IN    NS    METIS.usno.navy.mil.
| usno.navy.mil.          86400 IN    NS    CHARON.usno.navy.mil.
| usno.navy.mil.          86400 IN    NS    PSYCHE.usno.navy.mil.
|
| ;; ADDITIONAL SECTION:
| METIS.usno.navy.mil.    86400 IN    A     198.116.61.5
| CHARON.usno.navy.mil.   86400 IN    A     199.211.133.5
| PSYCHE.usno.navy.mil.   86400 IN    A     192.5.41.214
|
|
| The other nameservers for navy.mil are 205.56.138.34, 205.56.150.18,
| 138.143.200.2 and 192.245.206.2, so you could try the above with them
| too.
|
| Might as well ask: what's in your named.conf?
|
|
| After flushing DNS cache with rndc flush, i tried to resolve with IP
| adresses of navy.mil DNS servers, like this:
|
|
| # ./dig @138.180.5.138 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @138.180.5.138 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options:  printcmd
| ;; connection timed out; no servers could be reached
| #
| #
| # ./dig @205.56.138.34 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @205.56.138.34 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options:  printcmd
| ;; connection timed out; no servers could be reached
| #
| #
| # ./dig @205.56.150.18 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @205.56.150.18 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options:  printcmd
| ;; connection timed out; no servers could be reached
| #
| # ./dig @138.143.200.2 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @138.143.200.2 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options:  printcmd
| ;; connection timed out; no servers could be reached

; <<>> DiG 9.1.3 <<>> @138.143.200.2 usno.navy.mil. a +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48291
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;usno.navy.mil.                 IN      A

;; AUTHORITY SECTION:
usno.navy.mil.          86400   IN      NS      CHARON.usno.navy.mil.
usno.navy.mil.          86400   IN      NS      PSYCHE.usno.navy.mil.
usno.navy.mil.          86400   IN      NS      METIS.usno.navy.mil.

;; ADDITIONAL SECTION:
METIS.usno.navy.mil.    86400   IN      A       198.116.61.5
CHARON.usno.navy.mil.   86400   IN      A       199.211.133.5
PSYCHE.usno.navy.mil.   86400   IN      A       192.5.41.214

;; Query time: 173 msec
;; SERVER: 138.143.200.2#53(138.143.200.2)
;; WHEN: Mon Jun 13 21:18:11 2005
;; MSG SIZE  rcvd: 141

| #
| #
| # ./dig @192.245.206.2 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @192.245.206.2 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options:  printcmd
| ;; connection timed out; no servers could be reached
| #
|
| As you can see, NOTHING again.

; <<>> DiG 9.1.3 <<>> @192.245.206.2 usno.navy.mil. a +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29025
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;usno.navy.mil.                 IN      A

;; AUTHORITY SECTION:
usno.navy.mil.          86400   IN      NS      CHARON.usno.navy.mil.
usno.navy.mil.          86400   IN      NS      PSYCHE.usno.navy.mil.
usno.navy.mil.          86400   IN      NS      METIS.usno.navy.mil.

;; ADDITIONAL SECTION:
METIS.usno.navy.mil.    86400   IN      A       198.116.61.5
CHARON.usno.navy.mil.   86400   IN      A       199.211.133.5
PSYCHE.usno.navy.mil.   86400   IN      A       192.5.41.214

;; Query time: 247 msec
;; SERVER: 192.245.206.2#53(192.245.206.2)
;; WHEN: Mon Jun 13 21:16:23 2005
;; MSG SIZE  rcvd: 141

This looks not like a problem with bind.

|
| Is this a network problem, or..?
| Possible network problems on communication with root DNS servers?

This is a network problem.

Maybe you have problems with routing.
Maybe you are not connected at all.

|
| Please, do you have sugestions?
|
| Thanks
|
| P.S I already sent my named.conf
|
|

Regards,
Peter and Karin Dambier
Public-Root

- --
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-6252-599091 (O2 Genion)
+1-360-226-6583-9738 (INAIC)
mail: peter at peter-dambier.de
http://iason.site.voila.fr
http://www.kokoom.com/iason
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCrd14PGG/Vycj6zYRAmp6AKCCv8X1FQMKLH98H/OqN3YoHul+qgCfWXiJ
D8G7OOkPe6aGeJX8j0U/HWY=
=O1SQ
-----END PGP SIGNATURE-----