Can't resolve occ.com.mx

Chris Buxton cbuxton at menandmice.com
Thu Sep 13 19:53:35 UTC 2007 

We saw this exact same behavior at a customer site recently. The  
problem was caused by the firewall, which had some kind of DNS packet  
inspection enabled and didn't understand EDNS - in that case, it was  
affecting all queries, not just queries for a particular domain.

Try putting a server statement into your configuration for the  
occ.com.mx server, and disabling EDNS when talking to that server.  
For example:

server 207.250.79.50 {
	edns no;
};

Chris Buxton
Men & Mice

On Sep 13, 2007, at 12:09 PM, Mónica Soto Valencia wrote:

> Hello, I have some problems with my dns servers when I try to resolve
> occ.com.mx, sometimes it resolve it well and sometimes doesn't.  
> When I use
> dig sometimes I got the following errors:
>
> dig  @200.10.243.45 occ.com.mx MX
> ;; Warning: ID mismatch: expected ID 23002, got 16756
> ;; Warning: ID mismatch: expected ID 23002, got 16756
> ;; Warning: ID mismatch: expected ID 23002, got 16756
>
> ; <<>> DiG 9.3.2-P1 <<>> @200.10.243.45 occ.com.mx MX
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23002
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;occ.com.mx.                    IN      MX
>
> ;; Query time: 297 msec
> ;; SERVER: 200.10.243.45#53(200.10.243.45)
> ;; WHEN: Thu Sep 13 13:29:37 2007
> ;; MSG SIZE  rcvd: 28
> dig  @200.10.243.45 occ.com.mx MX
>
> ; <<>> DiG 9.3.2-P1 <<>> @200.10.243.45 occ.com.mx MX
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
>
>
> When I use dig using +trace I succesfully reach the server:
>
> dig +trace @200.10.243.45 occ.com.mx MX
>
> ; <<>> DiG 9.3.2-P1 <<>> +trace @200.10.243.45 occ.com.mx MX
> ; (1 server found)
> ;; global options:  printcmd
> .                       426427  IN      NS      M.ROOT-SERVERS.NET.
> .                       426427  IN      NS      A.ROOT-SERVERS.NET.
> .                       426427  IN      NS      B.ROOT-SERVERS.NET.
> .                       426427  IN      NS      C.ROOT-SERVERS.NET.
> .                       426427  IN      NS      D.ROOT-SERVERS.NET.
> .                       426427  IN      NS      E.ROOT-SERVERS.NET.
> .                       426427  IN      NS      F.ROOT-SERVERS.NET.
> .                       426427  IN      NS      G.ROOT-SERVERS.NET.
> .                       426427  IN      NS      H.ROOT-SERVERS.NET.
> .                       426427  IN      NS      I.ROOT-SERVERS.NET.
> .                       426427  IN      NS      J.ROOT-SERVERS.NET.
> .                       426427  IN      NS      K.ROOT-SERVERS.NET.
> .                       426427  IN      NS      L.ROOT-SERVERS.NET.
> ;; Received 356 bytes from 200.10.243.45#53(200.10.243.45) in 1 ms
>
> mx.                     172800  IN      NS      B.NS.mx.
> mx.                     172800  IN      NS      C.NS.mx.
> mx.                     172800  IN      NS      D.NS.mx.
> mx.                     172800  IN      NS      A.NS.mx.
> ;; Received 159 bytes from 198.41.0.4#53(A.ROOT-SERVERS.NET) in 72 ms
>
> occ.com.mx.             86400   IN      NS      ns1.occmx.com.
> ;; Received 55 bytes from 200.23.179.1#53(B.NS.mx) in 8 ms
>
> occ.com.mx.             180     IN      MX      10 mail.occ.com.mx.
> ;; Received 59 bytes from 207.250.79.50#53(ns1.occmx.com) in 85 ms
>
>
> Does anyone know what could be the problem??. I am using BIND 9.3.4- 
> P1 whit
> Red Hat 4.0 Enterprise.
>
> I'll appreciate your help!!.
>
> Regards
>
> ______________________
> Mónica Soto Valencia
> Comunicación y Sistemas
> Universidad La Salle
> 52789500 xt. 1068
>
>
>

More information about the bind-users mailing list