Nslookup Times Out on A Lookup To Well-Known Hosts
Steve Ingraham
singraham at okcca.net
Fri Sep 29 17:02:52 UTC 2006
Will wrote:
>I have several well-known hosts that are failing A record lookups on
DNS >and I need help debugging this.
>We have the ISC Bind 9.3.0 set up on a box with a sendmail mail server,
>just to speed up the MX lookups on that box. I go to the nslookup
command >line, and type something like the following:
> type=mx
> cox.net
>and what I get back is a timeout that lasts two seconds and then no
>response.
>I start a sniffer, and record while performing the above. There is no
>question that the name server is issuing the query, and that the remote
DNS
>responds with the nameserver (NS) records for cox.net.
>At this point, the sniffer trace shows that there is a timeout on
simple
>Address (A) record lookups to all nameservers for cox.net.
>I confirm that result from the command line by simple nslookup to
>ns.cox.net (for example) and this does time out.
>I jump over to a UNIX box outside our network and try the same queries,
and
>they all immediately work.
>What are some possible causes for this? Could cox.net be
blacklisting
>many Internet hosts on their nameservers?
I am no expert on this as I am learning a great deal reading these posts
myself. However, I did have a similar problem attempting an "nslookup".
In my case what I discovered was that I was attempting to do the lookup
while using my internal DNS server instead of an external DNS server
that was looking from outside my firewall.
If you have a similar setup with your domain you need to designate a DNS
server outside your firewall. You can designate use of a specific DNS
server in nslookup by typing:
Nslookup - <IP address of external DNS>
>type=mx
>cox.net
Hope this helps.
Steve Ingraham
More information about the bind-users
mailing list