I can't resolve one domain: nhs.uk
Andrew Benton
b3nton at gmail.com
Fri Jun 17 11:10:21 UTC 2011
Hello World!
I have installed bind-9.8.0-P2. I configured it with:
./configure --prefix=/usr --disable-static --enable-shared --enable-threads \
--with-libtool --with-libxml2=yes --sysconfdir=/etc --localstatedir=/var
I have created a user named and a group named, gave named somewhere to play:
mkdir -p /var/named/{dev,etc/namedb/{slave,pz},usr/lib/engines,var/run}
mknod /var/named/dev/null c 1 3
mknod /var/named/dev/random c 1 8
chmod 666 /var/named/dev/{null,random}
cp /usr/lib/engines/libgost.so /var/named/usr/lib/engines
cp /etc/localtime /var/named/etc
cp root.hints /var/named/etc/namedb/root.hints
echo > /var/named/managed-keys.bind
cp named.conf /var/named/etc/named.conf
cp rndc.conf /etc/rndc.conf
chown -R named:named /var/named
The bootscript starts named like this:
named -u named -t /var/named -c /etc/named.conf
And it works well for every domain on the internet. Except for
www.nhs.uk - I can't resolve nhs.uk
named.conf looks like this:
key "rndc-key" {
algorithm hmac-md5;
secret "nothing to see here, move along";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "." {
type hint;
file "/etc/root.hints";
};
logging {
category default { default_syslog; };
channel default_syslog { syslog daemon; severity debug; };
};
And root.hints looks like this:
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
. 3600000 IN NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
. 3600000 IN NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
. 3600000 IN NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
. 3600000 IN NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
. 3600000 IN NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
. 3600000 IN NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
. 3600000 IN NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
. 3600000 IN NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
. 3600000 IN NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
. 3600000 IN NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
. 3600000 IN NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
. 3600000 IN NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
When I try to dig nhs.uk it sits there for about 10 seconds and then I
get:
andy:~$ dig nhs.uk
; <<>> DiG 9.8.0-P2 <<>> nhs.uk
;; global options: +cmd
;; connection timed out; no servers could be reached
andy:~$
It then leaves this in /var/sys.log:
Jun 17 11:49:42 eccles named[4689]: createfetch: pop.gmail.com A
Jun 17 11:49:43 eccles named[4689]: createfetch: gmail-pop.l.google.com A
Jun 17 11:49:43 eccles named[4689]: createfetch: gmail-pop.l.google.com AAAA
Jun 17 12:02:08 eccles named[4689]: createfetch: nhs.uk A
Jun 17 12:02:10 eccles named[4689]: createfetch: nsa.nhs.uk AAAA
Jun 17 12:02:10 eccles named[4689]: createfetch: nsb.nhs.uk AAAA
Jun 17 12:02:10 eccles named[4689]: decrement_reference: delete from rbt: 0x7ff273d21328 ns2.fengnet.com
Jun 17 12:02:10 eccles named[4689]: decrement_reference: delete from rbt: 0x7ff273d21010 ns1.zjinfo.gov.cn
Jun 17 12:02:13 eccles named[4689]: createfetch: nhs.uk A
Jun 17 12:02:18 eccles named[4689]: createfetch: nhs.uk A
Jun 17 12:02:38 eccles named[4689]: client 127.0.0.1#36651: query failed (SERVFAIL) for nhs.uk/IN/A at query.c:6199
As I say, for any other domain/website on the internet it works great;
instant response, rapid page loadingbut this one domain I just can't
resolve. I can work around the problem by adding google's nameservers
to /etc/resolv.conf; they work, why doesn't mine? It's very annoying.
Can anyone offer me some pointers how to move forward with debugging
this problem?
Andy
More information about the bind-users
mailing list