Strange problem resolving yahoo.com
Mark Andrews
Mark_Andrews at isc.org
Thu Oct 28 22:54:20 UTC 2004
> Jeffrey Keil <keilj_33 at yahoo.com> wrote:
> > Greetings:
>
> > We're running bind on a Macintosh OS X server. There is never any
> > problem with DNS except for one domain. We have problems with
> > yahoo.com and no other domain that I am aware of.
>
> > As you can see from the output below, we can resolve yahoo.com with
> > dig and nslookup, but we can't check email at yahoo because we can't
> > resolve mail.yahoo.com or login.yahoo.com:
>
> You should use appropiate tools, nslookup is not one of these.
>
> > dig mail.yahoo.com
>
> ; <<>> DiG 8.3 <<>> mail.yahoo.com
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 11, ADDITIONAL: 11
> ;; QUERY SECTION:
> ;; mail.yahoo.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> mail.yahoo.com. 30M IN CNAME login.yahoo.com.
> login.yahoo.com. 5M IN CNAME login.yahoo.akadns.net.
> login.yahoo.akadns.net. 1M IN A 66.218.75.184
>
> ;; AUTHORITY SECTION:
> akadns.net. 1d22h51m30s IN NS asia3.akam.net.
> akadns.net. 1d22h51m30s IN NS eur3.akam.net.
> akadns.net. 1d22h51m30s IN NS use2.akam.net.
> akadns.net. 1d22h51m30s IN NS use4.akam.net.
> akadns.net. 1d22h51m30s IN NS usw5.akam.net.
> akadns.net. 1d22h51m30s IN NS usw6.akam.net.
> akadns.net. 1d22h51m30s IN NS usw7.akam.net.
> akadns.net. 1d22h51m30s IN NS za.akadns.org.
> akadns.net. 1d22h51m30s IN NS zc.akadns.org.
> akadns.net. 1d22h51m30s IN NS zf.akadns.org.
> akadns.net. 1d22h51m30s IN NS zh.akadns.org.
>
> ;; ADDITIONAL SECTION:
> asia3.akam.net. 23h4m37s IN A 193.108.154.9
> eur3.akam.net. 1d22h51m30s IN A 193.45.1.103
> use2.akam.net. 1d22h51m30s IN A 63.209.170.136
> use4.akam.net. 23h4m37s IN A 80.67.67.182
> usw5.akam.net. 23h4m37s IN A 63.241.73.214
> usw6.akam.net. 1d22h51m30s IN A 206.132.100.108
> usw7.akam.net. 1d22h51m30s IN A 65.203.234.27
> za.akadns.org. 4h11m30s IN A 208.185.132.176
> zc.akadns.org. 4h11m30s IN A 63.241.199.54
> zf.akadns.org. 4h11m30s IN A 63.241.29.161
> zh.akadns.org. 4h11m30s IN A 63.208.48.46
>
> ;; Total query time: 297 msec
> ;; FROM: zap.hk.ipsec.se to SERVER: default -- 192.168.99.5
> ;; WHEN: Thu Oct 28 23:21:20 2004
> ;; MSG SIZE sent: 32 rcvd: 511
>
> >
>
>
> ( this was 'dig' )
>
>
> > ~ root at osx2 # nslookup yahoo.com
> > Server: ns2.gcs-usa.com
> > Address: 192.168.1.42
>
> > Name: yahoo.com
> > Addresses: 66.94.234.13, 216.109.112.135
>
> > ~ root at osx2 # nslookup mail.yahoo.com
> > Server: ns2.gcs-usa.com
> > Address: 192.168.1.42
>
> > *** ns2.gcs-usa.com can't find mail.yahoo.com: Non-existent
> > host/domain
> > ~ root at osx2 # nslookup login.yahoo.com
> > Server: ns2.gcs-usa.com
> > Address: 192.168.1.42
>
> > *** ns2.gcs-usa.com can't find login.yahoo.com: Non-existent
> > host/domain
>
>
> > ~ root at osx2 # dig login.yahoo.com
>
> > ; <<>> DiG 8.3 <<>> login.yahoo.com
> > ;; res options: init recurs defnam dnsrch
> > ;; res_nsend to server default -- 192.168.1.42: Operation timed out
>
> This is not what i get :
> > dig login.yahoo.com
>
> ; <<>> DiG 8.3 <<>> login.yahoo.com
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 11, ADDITIONAL: 11
> ;; QUERY SECTION:
> ;; login.yahoo.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> login.yahoo.com. 3M IN CNAME login.yahoo.akadns.net.
> login.yahoo.akadns.net. 1M IN A 66.218.75.184
>
> ;; AUTHORITY SECTION:
> akadns.net. 1d22h49m30s IN NS asia3.akam.net.
> akadns.net. 1d22h49m30s IN NS eur3.akam.net.
> akadns.net. 1d22h49m30s IN NS use2.akam.net.
> akadns.net. 1d22h49m30s IN NS use4.akam.net.
> akadns.net. 1d22h49m30s IN NS usw5.akam.net.
> akadns.net. 1d22h49m30s IN NS usw6.akam.net.
> akadns.net. 1d22h49m30s IN NS usw7.akam.net.
> akadns.net. 1d22h49m30s IN NS za.akadns.org.
> akadns.net. 1d22h49m30s IN NS zc.akadns.org.
> akadns.net. 1d22h49m30s IN NS zf.akadns.org.
> akadns.net. 1d22h49m30s IN NS zh.akadns.org.
>
> ;; ADDITIONAL SECTION:
> asia3.akam.net. 23h2m37s IN A 193.108.154.9
> eur3.akam.net. 1d22h49m30s IN A 193.45.1.103
> use2.akam.net. 1d22h49m30s IN A 63.209.170.136
> use4.akam.net. 23h2m37s IN A 80.67.67.182
> usw5.akam.net. 23h2m37s IN A 63.241.73.214
> usw6.akam.net. 1d22h49m30s IN A 206.132.100.108
> usw7.akam.net. 1d22h49m30s IN A 65.203.234.27
> za.akadns.org. 4h9m30s IN A 208.185.132.176
> zc.akadns.org. 4h9m30s IN A 63.241.199.54
> zf.akadns.org. 4h9m30s IN A 63.241.29.161
> zh.akadns.org. 4h9m30s IN A 63.208.48.46
>
> ;; Total query time: 409 msec
> ;; FROM: zap.hk.ipsec.se to SERVER: default -- 192.168.99.5
> ;; WHEN: Thu Oct 28 23:23:20 2004
> ;; MSG SIZE sent: 33 rcvd: 493
>
>
> > ~ root at osx2 # dig yahoo.com
>
> > ; <<>> DiG 8.3 <<>> yahoo.com
> > ;; res options: init recurs defnam dnsrch
> > ;; got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL:
> > 5
> > ;; QUERY SECTION:
> > ;; yahoo.com, type = A, class = IN
>
> > ;; ANSWER SECTION:
> > yahoo.com. 5M IN A 66.94.234.13
> > yahoo.com. 5M IN A 216.109.112.135
>
> > ;; AUTHORITY SECTION:
> > yahoo.com. 1d23h29m53s IN NS ns1.yahoo.com.
> > yahoo.com. 1d23h29m53s IN NS ns2.yahoo.com.
> > yahoo.com. 1d23h29m53s IN NS ns3.yahoo.com.
> > yahoo.com. 1d23h29m53s IN NS ns4.yahoo.com.
> > yahoo.com. 1d23h29m53s IN NS ns5.yahoo.com.
>
> > ;; ADDITIONAL SECTION:
> > ns1.yahoo.com. 1d4h6m3s IN A 66.218.71.63
> > ns2.yahoo.com. 1d4h6m3s IN A 66.163.169.170
> > ns3.yahoo.com. 1d4h6m3s IN A 217.12.4.104
> > ns4.yahoo.com. 1d4h6m3s IN A 63.250.206.138
> > ns5.yahoo.com. 1d4h6m3s IN A 216.109.116.17
>
> > ;; Total query time: 101 msec
> > ;; FROM: osx2 to SERVER: default -- 192.168.1.42
> > ;; WHEN: Wed Oct 27 10:56:09 2004
> > ;; MSG SIZE sent: 27 rcvd: 238
>
>
> > This is a problem that is getting worse. I can't even pull up yahoo's
> > web site in a browser now. I'm not sure what the problem is. Any help
> > or suggestions would be greatly appreciatedly.
>
> > Thanks,
> > Jeff
>
> You might have a problem yoth your ISP's routing. Is the problem persistent ?
>
>
>
>
>
> --
> Peter Håkanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
There is a firewall blocking the answer to the following EDNS
query. Note the answer size > 512 bytes. It takes time for
named to detect this and recover.
The COM/NET zones just added IPv6 support so more referral answers
like this one will exceed 512 bytes.
The correct fix is to upgrade / configure your firewall to
understand EDNS. Talk to your firewall vendor.
A short term work around is to add "edns-udp-size 512;" to
options. edns-udp-size is available in 9.3.0 / 8.4.0.
; <<>> DiG 9.3.1prerelease <<>> login.yahoo.com @ns1.yahoo.com +dnssec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18832
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 16
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;login.yahoo.com. IN A
;; ANSWER SECTION:
login.yahoo.com. 300 IN CNAME login.yahoo.akadns.net.
;; AUTHORITY SECTION:
net. 7370 IN NS A.GTLD-SERVERS.net.
net. 7370 IN NS G.GTLD-SERVERS.net.
net. 7370 IN NS H.GTLD-SERVERS.net.
net. 7370 IN NS C.GTLD-SERVERS.net.
net. 7370 IN NS I.GTLD-SERVERS.net.
net. 7370 IN NS B.GTLD-SERVERS.net.
net. 7370 IN NS D.GTLD-SERVERS.net.
net. 7370 IN NS L.GTLD-SERVERS.net.
net. 7370 IN NS F.GTLD-SERVERS.net.
net. 7370 IN NS J.GTLD-SERVERS.net.
net. 7370 IN NS K.GTLD-SERVERS.net.
net. 7370 IN NS E.GTLD-SERVERS.net.
net. 7370 IN NS M.GTLD-SERVERS.net.
;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net. 7370 IN A 192.5.6.30
A.GTLD-SERVERS.net. 7370 IN AAAA 2001:503:a83e::2:30
G.GTLD-SERVERS.net. 7370 IN A 192.42.93.30
H.GTLD-SERVERS.net. 7370 IN A 192.54.112.30
C.GTLD-SERVERS.net. 7370 IN A 192.26.92.30
I.GTLD-SERVERS.net. 7370 IN A 192.43.172.30
B.GTLD-SERVERS.net. 7370 IN A 192.33.14.30
B.GTLD-SERVERS.net. 7370 IN AAAA 2001:503:231d::2:30
D.GTLD-SERVERS.net. 7370 IN A 192.31.80.30
L.GTLD-SERVERS.net. 7370 IN A 192.41.162.30
F.GTLD-SERVERS.net. 7370 IN A 192.35.51.30
J.GTLD-SERVERS.net. 7370 IN A 192.48.79.30
K.GTLD-SERVERS.net. 7370 IN A 192.52.178.30
E.GTLD-SERVERS.net. 7370 IN A 192.12.94.30
M.GTLD-SERVERS.net. 7370 IN A 192.55.83.30
;; Query time: 186 msec
;; SERVER: 66.218.71.63#53(66.218.71.63)
;; WHEN: Fri Oct 29 08:42:16 2004
;; MSG SIZE rcvd: 565
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list