connection timed out; no servers could be reached
Bill Landry
bill at inetmsg.com
Sun Mar 8 01:44:33 UTC 2009
Hi list,
I have to admit that I am a bit baffled by this one. I can query
against my bandwidth providers name servers (Comcast) and get name
resolution just fine for the hostname www.malware.com.br:
dig @68.87.78.130 www.malware.com.br +short
server10.hiperlinks.com.br.
66.79.164.43
dig @68.87.85.98 www.malware.com.br +short
server10.hiperlinks.com.br.
66.79.164.43
dig @68.87.69.146 www.malware.com.br +short
server10.hiperlinks.com.br.
66.79.164.43
Full response for www.malware.com.br:
www.malware.com.br. 85091 IN CNAME server10.hiperlinks.com.br.
server10.hiperlinks.com.br. 84478 IN A 66.79.164.43
I can resolve the cname from Comcast's name servers, as well:
dig @68.87.69.146 server10.hiperlinks.com.br +short
66.79.164.43
However, when I attempt to resolve it from my own name servers, I get:
dig www.malware.com.br
; <<>> DiG 9.5.1-P1-RedHat-9.5.1-1.P1.fc10 <<>> www.malware.com.br
;; global options: printcmd
;; connection timed out; no servers could be reached
A tshark packet capture sees this:
1 3.362200 10.20.30.25 -> 192.228.79.201 DNS Standard query A
www.malware.com.br
2 3.405447 192.228.79.201 -> 10.20.30.25 DNS Standard query response
3 3.406198 10.20.30.25 -> 200.160.0.10 DNS Standard query A
www.malware.com.br
4 3.639178 200.160.0.10 -> 10.20.30.25 DNS Standard query response
5 3.639707 10.20.30.25 -> 207.210.65.98 DNS Standard query A
www.malware.com.br
6 4.440080 10.20.30.25 -> 207.210.106.74 DNS Standard query A
www.malware.com.br
7 5.240344 10.20.30.25 -> 207.210.65.98 DNS Standard query A
www.malware.com.br
8 6.040619 10.20.30.25 -> 207.210.106.74 DNS Standard query A
www.malware.com.br
9 6.840736 10.20.30.25 -> 207.210.65.98 DNS Standard query A
www.malware.com.br
10 7.815988 10.20.30.25 -> 161.53.3.7 DNS Standard query PTR
130.6.53.161.in-addr.arpa
11 8.024571 161.53.3.7 -> 10.20.30.25 DNS Standard query response
12 8.440845 10.20.30.25 -> 207.210.106.74 DNS Standard query A
www.malware.com.br
13 10.041156 10.20.30.25 -> 207.210.65.98 DNS Standard query A
www.malware.com.br
14 13.241255 10.20.30.25 -> 207.210.106.74 DNS Standard query A
www.malware.com.br
15 16.441690 10.20.30.25 -> 207.210.65.98 DNS Standard query A
www.malware.com.br
I can't seem to get the "A" record back. However, I can ping the IP
address associate with www.malware.com.br (and the cname):
ping 66.79.164.43
PING 66.79.164.43 (66.79.164.43) 56(84) bytes of data.
64 bytes from 66.79.164.43: icmp_seq=1 ttl=52 time=35.2 ms
64 bytes from 66.79.164.43: icmp_seq=2 ttl=52 time=35.1 ms
64 bytes from 66.79.164.43: icmp_seq=3 ttl=52 time=35.6 ms
and http://66.79.164.43 to the web site works fine, as well.
So I decided to add this forwarder to my named.conf:
zone "malware.com.br" IN {
type forward;
forward only;
forwarders { 68.87.69.146; 68.87.85.98; 68.87.78.130; };
};
Now tshark sees this:
1 0.000000 10.20.30.25 -> 68.87.78.130 DNS Standard query A
www.malware.com.br
2 0.026561 68.87.78.130 -> 10.20.30.25 DNS Standard query response
CNAME server10.hiperlinks.com.br A 66.79.164.43
3 0.028011 10.20.30.25 -> 198.41.0.4 DNS Standard query A
server10.hiperlinks.com.br
4 0.063503 198.41.0.4 -> 10.20.30.25 DNS Standard query response
5 0.064289 10.20.30.25 -> 200.219.154.10 DNS Standard query A
server10.hiperlinks.com.br
6 0.094948 200.219.154.10 -> 10.20.30.25 DNS Standard query response
7 0.095515 10.20.30.25 -> 207.210.65.98 DNS Standard query A
server10.hiperlinks.com.br
8 0.895835 10.20.30.25 -> 207.210.106.74 DNS Standard query A
server10.hiperlinks.com.br
9 1.695917 10.20.30.25 -> 207.210.65.98 DNS Standard query A
server10.hiperlinks.com.br
10 2.496138 10.20.30.25 -> 207.210.106.74 DNS Standard query A
server10.hiperlinks.com.br
11 3.296429 10.20.30.25 -> 207.210.65.98 DNS Standard query A
server10.hiperlinks.com.br
12 4.896444 10.20.30.25 -> 207.210.106.74 DNS Standard query A
server10.hiperlinks.com.br
13 6.496551 10.20.30.25 -> 207.210.65.98 DNS Standard query A
server10.hiperlinks.com.br
14 9.696652 10.20.30.25 -> 207.210.106.74 DNS Standard query A
server10.hiperlinks.com.br
15 12.896772 10.20.30.25 -> 207.210.65.98 DNS Standard query A
server10.hiperlinks.com.br
16 19.296915 10.20.30.25 -> 207.210.106.74 DNS Standard query A
server10.hiperlinks.com.br
Can't get the "A" record back from the cname (same IP as the hostname,
so that doesn't surprise me).
So I add this forwarder to my named.conf, as well:
zone "hiperlinks.com.br" IN {
type forward;
forward only;
forwarders { 68.87.69.146; 68.87.85.98; 68.87.78.130; };
};
And now I can get full name resolution. Now tshark sees this:
1 0.000000 10.20.30.25 -> 68.87.69.146 DNS Standard query A
www.malware.com.br
2 0.019721 68.87.69.146 -> 10.20.30.25 DNS Standard query response
CNAME server10.hiperlinks.com.br A 66.79.164.43
3 0.021319 10.20.30.25 -> 68.87.85.98 DNS Standard query A
server10.hiperlinks.com.br
4 0.060083 68.87.85.98 -> 10.20.30.25 DNS Standard query response
A 66.79.164.43
Beautiful! Taking both of the forwards out and placing this one in
named.conf works as well:
zone "com.br" IN {
type forward;
forward only;
forwarders { 68.87.69.146; 68.87.85.98; 68.87.78.130; };
};
But I'm still wondering why I can't seem to get name resolution for the
www.malware.com.br myself? I run SpamAssassin, rsync, http, ftp, smtp,
imap on this server as well, and this is the only hostname I have found
that I cannot resolve myself.
Why can my ISP, Comcast, resolve the host name but I can't? Any
explanation would be greatly appreciated, and any suggestion on how to
resolve this without using forwarders would be nice too.
Thanks!
Bill
More information about the bind-users
mailing list