[SPAM] Connection time out

Kevin Darcy kcd at chrysler.com
Mon Sep 8 21:15:14 UTC 2008 

Christian wrote:
> Hi,
>
> I have a wierd DNS behaviour with dig. When looking up some records, I get a 
> timeout, though not with the +trace option :
>
> root : vistres - ~> dig +trace @127.0.0.1 www.microsoft.com
>
> ; <<>> DiG 9.3.5-P2 <<>> +trace @127.0.0.1 www.microsoft.com
> ; (1 server found)
> ;; global options:  printcmd
> .                       517512  IN      NS      H.ROOT-SERVERS.NET.
> .                       517512  IN      NS      I.ROOT-SERVERS.NET.
> .                       517512  IN      NS      J.ROOT-SERVERS.NET.
> .                       517512  IN      NS      K.ROOT-SERVERS.NET.
> .                       517512  IN      NS      L.ROOT-SERVERS.NET.
> .                       517512  IN      NS      M.ROOT-SERVERS.NET.
> .                       517512  IN      NS      A.ROOT-SERVERS.NET.
> .                       517512  IN      NS      B.ROOT-SERVERS.NET.
> .                       517512  IN      NS      C.ROOT-SERVERS.NET.
> .                       517512  IN      NS      D.ROOT-SERVERS.NET.
> .                       517512  IN      NS      E.ROOT-SERVERS.NET.
> .                       517512  IN      NS      F.ROOT-SERVERS.NET.
> .                       517512  IN      NS      G.ROOT-SERVERS.NET.
> ;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 2 ms
>
> com.                    172800  IN      NS      a.gtld-servers.net.
> com.                    172800  IN      NS      b.gtld-servers.net.
> com.                    172800  IN      NS      c.gtld-servers.net.
> com.                    172800  IN      NS      d.gtld-servers.net.
> com.                    172800  IN      NS      e.gtld-servers.net.
> com.                    172800  IN      NS      f.gtld-servers.net.
> com.                    172800  IN      NS      g.gtld-servers.net.
> com.                    172800  IN      NS      h.gtld-servers.net.
> com.                    172800  IN      NS      i.gtld-servers.net.
> com.                    172800  IN      NS      j.gtld-servers.net.
> com.                    172800  IN      NS      k.gtld-servers.net.
> com.                    172800  IN      NS      l.gtld-servers.net.
> com.                    172800  IN      NS      m.gtld-servers.net.
> ;; Received 495 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 445 ms
>
> microsoft.com.          172800  IN      NS      ns1.msft.net.
> microsoft.com.          172800  IN      NS      ns2.msft.net.
> microsoft.com.          172800  IN      NS      ns3.msft.net.
> microsoft.com.          172800  IN      NS      ns4.msft.net.
> microsoft.com.          172800  IN      NS      ns5.msft.net.
> ;; Received 213 bytes from 192.5.6.30#53(a.gtld-servers.net) in 494 ms
>
> www.microsoft.com.      0       IN      CNAME   toggle.www.ms.akadns.net.
> ;; Received 73 bytes from 207.68.160.190#53(ns1.msft.net) in 538 ms
>
> root : vistres - ~>
> root : vistres - ~> dig @127.0.0.1 www.microsoft.com
>
> ; <<>> DiG 9.3.5-P2 <<>> @127.0.0.1 www.microsoft.com
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
> root : vistres - ~>
>
> It has only happened with microsoft.com so far.
>
> Any idea ?
>
>   
Do you have any port or source-address restrictions for outgoing 
queries, in named.conf? Perhaps there's a connectivity problem between 
those ports and/or source-addresses and the nameservers that named is 
trying to talk to.

When you do +trace, the only thing that dig is fetching from 127.0.0.1 
are the root NS records, non-recursively. That doesn't require your 
named to talk to anything else, so the connectivity issue, if any, won't 
show up in that test.

                                                                         
                           - Kevin

More information about the bind-users mailing list