I can dig a domain but named won't resolve it.
Keith Burgoyne
keith at silverorange.com
Thu Sep 22 00:02:01 UTC 2011
Hi there,
I have a potentially BIND related problem and I'm positively stuck. I've
posted this question on Server Fault
(http://serverfault.com/questions/306997/cant-seem-to-resolve-domain-but-can-dig-it)
with little exposure. The jist of it is:
My name server (24.222.7.12) refuses to resolve any domains belonging to
and including extremehosting.ca. It turns out that named can't get the A
record for their name servers (204.15.193.163 - ns2.extremehosting.ca
and 204.15.193.162 - ns1.extremehosting.ca).
Running dig on the name server produces this:
====================================================================
dig extremehosting.ca +trace
; <<>> DiG 9.3.4-P1 <<>> extremehosting.ca +trace
;; global options: printcmd
. 412349 IN NS b.root-servers.net.
. 412349 IN NS c.root-servers.net.
. 412349 IN NS d.root-servers.net.
. 412349 IN NS e.root-servers.net.
. 412349 IN NS f.root-servers.net.
. 412349 IN NS g.root-servers.net.
. 412349 IN NS h.root-servers.net.
. 412349 IN NS i.root-servers.net.
. 412349 IN NS j.root-servers.net.
. 412349 IN NS k.root-servers.net.
. 412349 IN NS l.root-servers.net.
. 412349 IN NS m.root-servers.net.
. 412349 IN NS a.root-servers.net.
;; Received 512 bytes from 24.222.7.12#53(24.222.7.12) in 2 ms
ca. 172800 IN NS e.ca-servers.ca.
ca. 172800 IN NS l.ca-servers.ca.
ca. 172800 IN NS a.ca-servers.ca.
ca. 172800 IN NS sns-pb.isc.org.
ca. 172800 IN NS j.ca-servers.ca.
ca. 172800 IN NS c.ca-servers.ca.
ca. 172800 IN NS k.ca-servers.ca.
ca. 172800 IN NS f.ca-servers.ca.
ca. 172800 IN NS z.ca-servers.ca.
ca. 172800 IN NS m.ca-servers.ca.
;; Received 434 bytes from 192.228.79.201#53(b.root-servers.net) in 105 ms
extremehosting.ca. 86400 IN NS ns1.extremehosting.ca.
extremehosting.ca. 86400 IN NS ns2.extremehosting.ca.
;; Received 103 bytes from 192.228.30.9#53(e.ca-servers.ca) in 37 ms
dig: couldn't get address for 'ns1.extremehosting.ca': failure
====================================================================
And yet, if I run the following command, everything works:
dig @204.15.193.162 extremehosting.ca
; <<>> DiG 9.3.4-P1 <<>> @204.15.193.162 extremehosting.ca
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46828
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;extremehosting.ca. IN A
;; ANSWER SECTION:
extremehosting.ca. 3600 IN A 204.15.193.162
;; AUTHORITY SECTION:
extremehosting.ca. 3600 IN NS ns1.extremehosting.ca.
extremehosting.ca. 3600 IN NS ns2.extremehosting.ca.
;; ADDITIONAL SECTION:
ns1.extremehosting.ca. 3600 IN A 204.15.193.162
ns2.extremehosting.ca. 3600 IN A 204.15.193.163
;; Query time: 35 msec
;; SERVER: 204.15.193.162#53(204.15.193.162)
;; WHEN: Wed Sep 21 20:54:52 2011
;; MSG SIZE rcvd: 119
Initially I thought it was a source-natting issue that I had noticed on
my firewall. DNS packets coming from my firewall were being
source-natted to port 53 and had broken the ability to dig
@204.15.193.162. I've since removed the source-natting, allowing full
dig-aility. And yet, I can't dig +trace, and I suspect that's the reason
why I can't perform a recursive lookup on my name server.
I'm running BIND-9.3.4. Old, I know. The server is scheduled to be
replaced, but I need to get this working in the meantime.
Any advice would be massively appreciated.
Thank you,
Keith
More information about the bind-users
mailing list