not resolving from some places?

Dawn Connelly dawn.connelly at gmail.com
Wed Jul 25 20:00:17 UTC 2007 

I get the same thing on my network. But if I turn around and immediately do
the exact some query again, I get an answer. I'm thinking that the latency
in getting the cname and doing the second query is just enough to make it
time out. When I do the query the send time, I'm getting an answer out of
cache. I noticed from the outside that the response time was 200+ ms. I
could be WAY off on this one...but that's what it looks like to me.
One thing that might help is if any of your clients that are doing lookups
are windows boxes, try putting a period at the end of the FQDN when using
nslookup. Windows is a spastic freak when it comes to appending FQDNs. By
putting the period at the end, you are telling it not to do that. You'll
probably be able to prove that your stuff is working but you have latency
working against you.

[root at ns2 named]# dig www.atosresearch.eu

; <<>> DiG 9.2.1 <<>> www.atosresearch.eu
;; global options:  printcmd
;; connection timed out; no servers could be reached
[root at ns2 named]# dig www.atosresearch.eu

; <<>> DiG 9.2.1 <<>> www.atosresearch.eu
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11213
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;www.atosresearch.eu.           IN      A

;; ANSWER SECTION:
www.atosresearch.eu.    85642   IN      CNAME   arroyito.atosorigin.es.
arroyito.atosorigin.es. 85646   IN      A       212.170.156.75

;; AUTHORITY SECTION:
atosorigin.es.          85646   IN      NS      ns1.atosorigin.es.
atosorigin.es.          85646   IN      NS      ns2.atosorigin.es.
atosorigin.es.          85646   IN      NS      ineco.nic.es.

;; ADDITIONAL SECTION:
ns1.atosorigin.es.      85624   IN      A       212.170.156.7
ns2.atosorigin.es.      85624   IN      A       212.170.156.77
ineco.nic.es.           2842    IN      A       194.69.254.2

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 25 13:16:08 2007
;; MSG SIZE  rcvd: 197


On 7/25/07, Karl Auer <kauer at biplane.com.au> wrote:
>
> Hi there.
>
> This name resolves from outside our organisation, but not from within
> our organisation. It also resolves via our organisation's nameservers
> when the query comes from outside.
>
> So:
>
>    from outside, "dig www.atosresearch.eu works.
>    from outside, "dig @dns1.ethz.ch www.atosresearch.eu works
>    from inside, "dig www.atosresearch.eu" doesn't work.
>
> When it fails I usually get a timeout, sometimes a SERVFAIL after
> several seconds.
>
> www.atosresearch.eu is a CNAME pointing to arroyito.atosorigin.es.
>
> arroyito.atosorigin.es resolves promptly every time, from inside or
> outside.
>
> A trace shows the nameservers for atosresearch.eu:
>
> atosresearch.eu.        85851   IN      NS      ns1.atosorigin.es.
> atosresearch.eu.        85851   IN      NS      ns2.atosorigin.es.
>
> The nameservers for atosorigin.es are:
>
> atosorigin.es.          86248   IN      NS      ns1.atosorigin.es.
> atosorigin.es.          86248   IN      NS      ns2.atosorigin.es.
> atosorigin.es.          86248   IN      NS      ineco.nic.es.
>
> Explicit queries to these nameservers (all of them) work - from inside
> or outside. Explicit queries to these nameservers (all of them) issued
> from a shell while logged on to our nameservers still work. However,
> from inside our network, queries going via our nameservers do not work
> for atosresearch.eu.
>
> So I'm mystified. I feel it has to have something to do with our
> network, but why would just this domain have this particular problem?
>
> Regards, K.
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
> http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)
>
>
>

More information about the bind-users mailing list