Weird problem.
David Miller
millerdc at fusion.gat.com
Mon Feb 12 22:17:57 UTC 2007
On Feb 12, 2007, at 2:01 PM, Stephen John Smoogen wrote:
> On 2/12/07, David Miller <millerdc at fusion.gat.com> wrote:
>> For some reason our servers(BIND 9.3.2) will not resolve one domain.
>> Well, it is the only one that has not worked. My users tell me it was
>> working last week. The domain is mcmaster.com. This is what I get
>> when I lookup the domain using my master name server within my
>> network
>> ( recursion is turned off).
>>
>> nslookup mcmaster.com 192.5.166.12
>> ;; connection timed out; no servers could be reached
>>
>
> I am missing something if recursion is turned off.. how is it going to
> do the lookup? What does dig +trace say when it tries to look it up?
>
>> It takes a few seconds for it to give that response. Like it can't
>> even query the server with that string. However I have not had any
>> problems resolving any other domains. It doesn't even act like it
>> would with a domain that doesn't exist at all. It immediately
>> responds back with a "not found: 3(NXDOMAIN)"
>>
>> The only changes I have made since last week are to my zone files for
>> my local domain hostnames. I double check all entries I make using
>> forward and reverse lookups. BIND is not complaining about anything.
>> Anyone see this before?
>>
>> David.
>>
>>
>>
>
>
> --
> Stephen J Smoogen. -- CSIRT/Linux System Administrator
> How far that little candle throws his beams! So shines a good deed
> in a naughty world. = Shakespeare. "The Merchant of Venice"
By non recursive, it doesn't allow name resolution for domains
outside my defined network. I have an ACL in my named.conf that
allows recursive lookups for anything not in the gat.com domain.
Here is what the dig command gives me for mcmaster.com.
========================================================================
=
emac-dmiller:~ millerdc$ dig @192.5.166.12 +trace mcmaster.com
; <<>> DiG 9.3.2 <<>> @192.5.166.12 +trace mcmaster.com
; (1 server found)
;; global options: printcmd
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
;; Received 228 bytes from 192.5.166.12#53(192.5.166.12) in 2 ms
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
;; Received 490 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 126 ms
mcmaster.com. 172800 IN NS ns1.mcmaster.com.
mcmaster.com. 172800 IN NS ns2.mcmaster.com.
mcmaster.com. 172800 IN NS ns3.mcmaster.com.
;; Received 132 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 100 ms
dig: couldn't get address for 'ns1.mcmaster.com': not found
========================================================================
=
Here is what dig gives me for ibm.com
========================================================================
=
emac-dmiller:~ millerdc$ dig @192.5.166.12 +trace ibm.com
; <<>> DiG 9.3.2 <<>> @192.5.166.12 +trace ibm.com
; (1 server found)
;; global options: printcmd
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
;; Received 260 bytes from 192.5.166.12#53(192.5.166.12) in 1 ms
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
;; Received 497 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in
190 ms
ibm.com. 172800 IN NS internet-
server.zurich.ibm.com.
ibm.com. 172800 IN NS ns.almaden.ibm.com.
ibm.com. 172800 IN NS ns.austin.ibm.com.
ibm.com. 172800 IN NS ns.watson.ibm.com.
;; Received 199 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 103 ms
ibm.com. 21600 IN A 129.42.17.103
ibm.com. 21600 IN A 129.42.18.103
ibm.com. 21600 IN A 129.42.16.103
ibm.com. 3600 IN NS ns.almaden.ibm.com.
ibm.com. 3600 IN NS internet-
server.zurich.ibm.com.
ibm.com. 3600 IN NS ns.austin.ibm.com.
ibm.com. 3600 IN NS ns.watson.ibm.com.
;; Received 215 bytes from 195.176.20.204#53(internet-
server.zurich.ibm.com) in 189 ms
More information about the bind-users
mailing list