First nslookup/query from Windows clients always fails (Bind9)
Vinny Abello
vinny at tellurian.com
Tue Mar 7 20:23:45 UTC 2006
This is Microsoft's fault. You are using Microsoft's nslookup which
has the side effect of appending your domain name to every lookup
first. In many setups this will cause the lookup to timeout.
In your example below, you are asking nslookup to resolve
www.cartoonnetwork.com but in reality it is first trying
www.cartoonnetwork.com.services.domain.com instead (or whatever the
rest of your FQDN is).
Suggestions:
1. Use dig
2. If you want to use Microsoft's nslookup, append your query with a
period so it knows not to append your domain name to the query.
3. I think you can also get the Windows binary version of nslookup
from ISC's win32 binary package of BIND as well (same place you get
dig). This doesn't exhibit that behavior. I would still recommend
learning dig though. It's much better.
At 12:19 PM 3/7/2006, aweaver at ee.net wrote:
>I've setup two identical machines for the purpose of simple resolution
>for hosts on my network. For whatever reason Windows clients always
>fail to resolve domains on the first try every attempt, here is an
>example of this behaviour:
>
>C:\Documents and Settings\aweaver.THENAP.000>nslookup
>www.cartoonnetwork.com
>Server: resolver2.services.domain.com
>Address: 192.168.123.3
>
>DNS request timed out.
> timeout was 2 seconds.
>*** Request to resolver2.services.domain.com timed-out
>
>C:\Documents and Settings\aweaver.THENAP.000>nslookup
>www.cartoonnetwork.com
>Server: resolver2.services.domain.com
>Address: 192.168.123.3
>
>Non-authoritative answer:
>Name: cartoonnetwork.com
>Addresses: 64.236.29.72, 64.236.22.72
>Aliases: www.cartoonnetwork.com
>
>On linux:
>
>[root at linuxweb ~]# nslookup cartoonnetwork.com
>Server: 192.168.123.3
>Address: 192.168.123.3#53
>
>Non-authoritative answer:
>Name: cartoonnetwork.com
>Address: 64.236.22.72
>Name: cartoonnetwork.com
>Address: 64.236.29.72
>
>Here is my configuration file that I am using on 192.168.123.2 and
>192.168.123.3:
>
>options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> // query-source address * port 53;
>};
>
>//
>// a caching only nameserver config
>//
>controls {
> inet 127.0.0.1 allow {
> 10.1.1.0/24;
> 192.168.123.0/24;
> 172.0.1.0/24;
> localhost;
> }
>keys { rndckey; };
>
>};
>zone "." IN {
> type hint;
> file "named.ca";
>};
>
>zone "localdomain" IN {
> type master;
> file "localdomain.zone";
> allow-update { none; };
>};
>
>zone "localhost" IN {
> type master;
> file "localhost.zone";
> allow-update { none; };
>};
>
>zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
>};
>
>zone
>"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
>IN
> {
> type master;
> file "named.ip6.local";
> allow-update { none; };
>};
>
>zone "255.in-addr.arpa" IN {
> type master;
> file "named.broadcast";
> allow-update { none; };
>};
>
>zone "0.in-addr.arpa" IN {
> type master;
> file "named.zero";
> allow-update { none; };
>};
>
>include "/etc/rndc.key";
>
>If anyone has a moment to try and tell me what I am doing wrong I would
>appreciate it so much; I am more used to bind 8 as we have been using
>it for years.
>
>There are no relevant lines in the log file either.
>
>Thanks,
>-Drew
Vinny Abello
Network Engineer
Server Management
vinny at tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN
"Courage is resistance to fear, mastery of fear - not absence of
fear" -- Mark Twain
More information about the bind-users
mailing list