problem with resolving SOME EXTERNAL domains
Peter Dambier
peter at peter-dambier.de
Mon Jun 13 19:24:46 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
enesz at bih.net.ba wrote:
| Hi again,
|
| <Ronan Flode> wrote:
| <
| Hmm.
|
| (Question to group/list: does dig 9.3.1 rely on the configured resolver,
| using gethostbyname or similar, to resolve the NS names to addresses,
| ignoring any glue A in additional sections? I've seen something that
| does)
dig does rely on a well maintained /etc/hosts file :)
I did have problems digging and I did see the same problems with
check_soa program from the O'Reilly book "DNS and BIND".
There are some programmes that can read a zone file and build an
/etc/hosts like file for you. Please read more on one of the following
sites:
http://www.kokoom.com/iason
http://iason.site.voila.fr
Dont worry most of the documentation is english.
After I had the glue records "added" to my /etc/hosts both
dig and check_soa worked fine.
|
| Can you query those servers directly by IP address from dig, eg
| ns-naples.navy.mil is 138.180.5.138, so
|
| dig @138.180.5.138 usno.navy.mil. a +norec
|
| should list the NS records for usno.navy.mil and the A records for those
| servers:
try: dig -t any @138.180.5.138 usno.navy.mil. a +norec
and: dig -t any @138.180.5.138 usno.navy.mil. a +norec +vc
"-t any" gets you all information. If you had hit the SOA it would
return only the "A" record.
"+vc" will use tcp not udp. That might be necessary if the returned
data does not fit into an udp packet.
|
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64477
| ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
|
| ;; QUESTION SECTION:
| ;usno.navy.mil. IN A
|
| ;; AUTHORITY SECTION:
| usno.navy.mil. 86400 IN NS METIS.usno.navy.mil.
| usno.navy.mil. 86400 IN NS CHARON.usno.navy.mil.
| usno.navy.mil. 86400 IN NS PSYCHE.usno.navy.mil.
|
| ;; ADDITIONAL SECTION:
| METIS.usno.navy.mil. 86400 IN A 198.116.61.5
| CHARON.usno.navy.mil. 86400 IN A 199.211.133.5
| PSYCHE.usno.navy.mil. 86400 IN A 192.5.41.214
|
|
| The other nameservers for navy.mil are 205.56.138.34, 205.56.150.18,
| 138.143.200.2 and 192.245.206.2, so you could try the above with them
| too.
|
| Might as well ask: what's in your named.conf?
|
|
| After flushing DNS cache with rndc flush, i tried to resolve with IP
| adresses of navy.mil DNS servers, like this:
|
|
| # ./dig @138.180.5.138 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @138.180.5.138 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options: printcmd
| ;; connection timed out; no servers could be reached
| #
| #
| # ./dig @205.56.138.34 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @205.56.138.34 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options: printcmd
| ;; connection timed out; no servers could be reached
| #
| #
| # ./dig @205.56.150.18 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @205.56.150.18 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options: printcmd
| ;; connection timed out; no servers could be reached
| #
| # ./dig @138.143.200.2 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @138.143.200.2 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options: printcmd
| ;; connection timed out; no servers could be reached
; <<>> DiG 9.1.3 <<>> @138.143.200.2 usno.navy.mil. a +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48291
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;usno.navy.mil. IN A
;; AUTHORITY SECTION:
usno.navy.mil. 86400 IN NS CHARON.usno.navy.mil.
usno.navy.mil. 86400 IN NS PSYCHE.usno.navy.mil.
usno.navy.mil. 86400 IN NS METIS.usno.navy.mil.
;; ADDITIONAL SECTION:
METIS.usno.navy.mil. 86400 IN A 198.116.61.5
CHARON.usno.navy.mil. 86400 IN A 199.211.133.5
PSYCHE.usno.navy.mil. 86400 IN A 192.5.41.214
;; Query time: 173 msec
;; SERVER: 138.143.200.2#53(138.143.200.2)
;; WHEN: Mon Jun 13 21:18:11 2005
;; MSG SIZE rcvd: 141
| #
| #
| # ./dig @192.245.206.2 usno.navy.mil. a +norec
|
| ; <<>> DiG 9.3.1 <<>> @192.245.206.2 usno.navy.mil. a +norec
| ; (1 server found)
| ;; global options: printcmd
| ;; connection timed out; no servers could be reached
| #
|
| As you can see, NOTHING again.
; <<>> DiG 9.1.3 <<>> @192.245.206.2 usno.navy.mil. a +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29025
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;usno.navy.mil. IN A
;; AUTHORITY SECTION:
usno.navy.mil. 86400 IN NS CHARON.usno.navy.mil.
usno.navy.mil. 86400 IN NS PSYCHE.usno.navy.mil.
usno.navy.mil. 86400 IN NS METIS.usno.navy.mil.
;; ADDITIONAL SECTION:
METIS.usno.navy.mil. 86400 IN A 198.116.61.5
CHARON.usno.navy.mil. 86400 IN A 199.211.133.5
PSYCHE.usno.navy.mil. 86400 IN A 192.5.41.214
;; Query time: 247 msec
;; SERVER: 192.245.206.2#53(192.245.206.2)
;; WHEN: Mon Jun 13 21:16:23 2005
;; MSG SIZE rcvd: 141
This looks not like a problem with bind.
|
| Is this a network problem, or..?
| Possible network problems on communication with root DNS servers?
This is a network problem.
Maybe you have problems with routing.
Maybe you are not connected at all.
|
| Please, do you have sugestions?
|
| Thanks
|
| P.S I already sent my named.conf
|
|
Regards,
Peter and Karin Dambier
Public-Root
- --
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-6252-599091 (O2 Genion)
+1-360-226-6583-9738 (INAIC)
mail: peter at peter-dambier.de
http://iason.site.voila.fr
http://www.kokoom.com/iason
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFCrd14PGG/Vycj6zYRAmp6AKCCv8X1FQMKLH98H/OqN3YoHul+qgCfWXiJ
D8G7OOkPe6aGeJX8j0U/HWY=
=O1SQ
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list