Page 2 - (LONG) I can find my virtualhosted site on my lan, but not on internet

Dev Shed Forums Sponsor:

#16

July 4th, 2003, 07:32 PM

DJ Radius

Junior Member

Join Date: Jul 2003

Location: Pacific Northwest, USA

Posts: 12

Time spent in forums: < 1 sec
Reputation Power: 0

Well, geez I just can't stop playing with this whole issue.

I tried some stuff with DNS Crawler and tidied up my named.djradiuspdx.com file, and now this query to my nameserver ns.fuzzybundles.com can resolve djradiuspdx.com to an IP:

http://www.dollardns.net/cgi-bin/dn...ype=A&submit=DS

Same query with TCP UN-checked won't work, as it times out:

http://www.dollardns.net/cgi-bin/dn...ype=A&submit=DS

Does this mean that my firewall needs a hole poked for incoming udp on port 53?

Also, since the TCP-protocol query to ns.fuzzybundles.com resolved djradiuspdx.com to an IP, can anyone out there actually connect to www.djradiuspdx.com as a website and see it go live?

All the machines I can get to have got stuff cached, so I'm not sure if I've finally gone live yet or not to a 1st time browser of www.djradiuspdx.com.

Last edited by SilentRage : August 5th, 2004 at 12:21 AM. Reason: updated links

#17

July 5th, 2003, 08:01 AM

SilentRage

DNS/BIND Guru

Join Date: Jun 2003

Location: OH, USA

Posts: 4,195

Time spent in forums: 1 Week 5 Days 15 h 53 m 4 sec
Reputation Power: 77

yep, looks like it. You allow TCP traffic but not UDP. TCP is used only rarely for responses that are very long, or for Zone Transfers, or when some user sees a little TCP checkbox and decides to play with it. ;-)

So you need to forward the UDP port 53 to your server.

__________________
Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts

#18

July 5th, 2003, 08:29 AM

alexgreg

Full Access

Join Date: Jun 2000

Location: London, UK

Posts: 2,019

Time spent in forums: 3 sec
Reputation Power: 11

Quote:

Does this mean that my firewall needs a hole poked for incoming udp on port 53?

Yes

Quote:

Jeez, still problems getting djradiuspdx.com to even point to ns.fuzzybundles.com as the authority on djradiuspdx.com's IP.

Ah. I have just realised something that was confusing me.

A whois query on djradiuspdx.com shows ns.fuzzybundles.com as one of the authorative servers, which is fine. However, a lookup on ns.fuzzybundles.com (the DNS records for this are served by the your fuzzybundles.com registrar's DNS servers - the secureserver.net servers) returns NXDOMAIN (i.e. "I haven't heard of this domain"). It looks like your fuzzybundles.com registrar's isn't doing the delegation properly. All the GTLD servers are in agreement on this:

Code:

[root@vaio dns]# cat servers
A.GTLD-SERVERS.NET
B.GTLD-SERVERS.NET
C.GTLD-SERVERS.NET
D.GTLD-SERVERS.NET
E.GTLD-SERVERS.NET
F.GTLD-SERVERS.NET
G.GTLD-SERVERS.NET
H.GTLD-SERVERS.NET
I.GTLD-SERVERS.NET
J.GTLD-SERVERS.NET
K.GTLD-SERVERS.NET
L.GTLD-SERVERS.NET
M.GTLD-SERVERS.NET
[root@vaio dns]# for server in `cat servers`; do dnstrace a ns.fuzzybundles.com $server | dnstracesort > $server; echo $server; done
A.GTLD-SERVERS.NET
B.GTLD-SERVERS.NET
C.GTLD-SERVERS.NET
D.GTLD-SERVERS.NET
E.GTLD-SERVERS.NET
F.GTLD-SERVERS.NET
G.GTLD-SERVERS.NET
H.GTLD-SERVERS.NET
I.GTLD-SERVERS.NET
J.GTLD-SERVERS.NET
K.GTLD-SERVERS.NET
L.GTLD-SERVERS.NET
M.GTLD-SERVERS.NET
[root@vaio dns]# ls -l
total 56
-rw-r--r--    1 root     root         3134 Jul  5 14:08 A.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3136 Jul  5 14:08 B.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3136 Jul  5 14:08 C.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3136 Jul  5 14:08 D.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3136 Jul  5 14:08 E.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3136 Jul  5 14:08 F.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3136 Jul  5 14:08 G.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3137 Jul  5 14:08 H.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3137 Jul  5 14:08 I.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3136 Jul  5 14:09 J.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3137 Jul  5 14:09 K.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3137 Jul  5 14:09 L.GTLD-SERVERS.NET
-rw-r--r--    1 root     root         3136 Jul  5 14:09 M.GTLD-SERVERS.NET
-rw-r--r--    1 root     root          247 Jul  5 13:44 servers
[root@vaio dns]# head -5 *.NET
==> A.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.5.6.30       172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> B.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.33.14.30     172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> C.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.26.92.30     172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> D.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.31.80.30     172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> E.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.12.94.30     172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> F.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.35.51.30     172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> G.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.42.93.30     172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> H.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.54.112.30    172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> I.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.43.172.30    172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> J.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.48.79.30     172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> K.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.52.178.30    172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> L.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.41.162.30    172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN


==> M.GTLD-SERVERS.NET <==

1 ns.fuzzybundles.com 192.55.83.30     172800 A 12.206.3.66
1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN

[root@vaio dns]#

So, the problem appears to be with your fuzzybundles.com registrar's publication of your ns.fuzzybundles.com record. However, as of now (14:14 GMT) I can resolve ns.fuzzybundles.com to 12.206.3.66.

What confuses me more is this:

Code:

[root@vaio dns]# dnsqr a ns.fuzzybundles.com
1 ns.fuzzybundles.com:
109 bytes, 1+1+2+0 records, response, noerror
query: 1 ns.fuzzybundles.com
answer: ns.fuzzybundles.com 168675 A 12.206.3.66
authority: fuzzybundles.com 168675 NS park7.secureserver.net
authority: fuzzybundles.com 168675 NS park8.secureserver.net
[root@vaio dns]# dnsq a ns.fuzzybundles.com park7.secureserver.net
1 ns.fuzzybundles.com:
105 bytes, 1+0+1+0 records, response, authoritative, nxdomain
query: 1 ns.fuzzybundles.com
authority: fuzzybundles.com 3600 SOA park7.secureserver.net dns.jomax.net 2003070101 10800 3600 604800 3600
[root@vaio dns]# dnsq a ns.fuzzybundles.com park8.secureserver.net
1 ns.fuzzybundles.com:
105 bytes, 1+0+1+0 records, response, authoritative, nxdomain
query: 1 ns.fuzzybundles.com
authority: fuzzybundles.com 3600 SOA park7.secureserver.net dns.jomax.net 2003070101 10800 3600 604800 3600
[root@vaio dns]#

So I can resolve ns.fuzzybundles.com to 12.206.3.66. I couldn't do this a couple of days ago when I last tried to solve this problem. Probably the record is in a DNS cache. The authorities for the ns.fuzzybundles.com record are park[78].secureserver.net. When I ask them the same query, they return NXDOMAIN ("Haven't heard of this domain"). However, they must have been providing authorative information at some time for the record to end a DNS cache!

In short, I believe the issue is with the ns.fuzzybundles.com delegation. It seems to be erratic, to say the least...

However, you should definately still make that incoming UDP on port 53 hole in your firewall.

__________________
Alex
(http://www.alex-greg.com)

#19

July 5th, 2003, 11:53 AM

SilentRage

DNS/BIND Guru

Join Date: Jun 2003

Location: OH, USA

Posts: 4,195

Time spent in forums: 1 Week 5 Days 15 h 53 m 4 sec
Reputation Power: 77

yes, that IS wierd. ns.fuzzybundles.com should not resolve as it does not exist in the zone file for either server that were returned by all GTLD servers:

http://www.dollardns.net/cgi-bin/dn...=axfr&submit=DS

http://www.dollardns.net/cgi-bin/dn...=axfr&submit=DS

The IP you provided does indeed return a different zone file:

http://www.dollardns.net/cgi-bin/dn...ss=IN&submit=DS

Last edited by SilentRage : August 5th, 2004 at 12:25 AM.

#20

July 5th, 2003, 01:22 PM

alexgreg

Full Access

Join Date: Jun 2000

Location: London, UK

Posts: 2,019

Time spent in forums: 3 sec
Reputation Power: 11

Conclusion: fuzzybundles.com has lame name servers (or name servers that are lame part of the time...)

(Lame: a name server designated as authorative for a domain which does not provide authorative information for it).

#21

July 5th, 2003, 08:11 PM

DJ Radius

Junior Member

Join Date: Jul 2003

Location: Pacific Northwest, USA

Posts: 12

Time spent in forums: < 1 sec
Reputation Power: 0

I've poked the UDP port 53 hole, and now the DNS Crawler can get information from ns.fuzzybundles.com about djradiuspdx.com with either the UDP or TCP protocols.

Looks like now I just have to call godaddy and tell them to get their park[7-8]* servers to start being authoritative. From the testing it seems all other pieces are in place (i.e. ns.fuzzybundles.com can give an IP for djradiuspdx.com, and djradiuspdx.com lists ns.fuzzybundles.com as it's nameserver). Only broken piece remaining is the partk[7-8]* servers.

I'll definitely keep them on the phone (godaddy support) until they take action to fix it (rather than give the wait 24hr answer). I want to demonstrate to the support people themselves that they also can reproduce the problem that after the GTLD servers direct the lookup to park[7-8]*, that park[7-8]* return NXDOMAIN and break the lookup chain.

I'll post how it turns out. Thanks for all your help and testing so far!

#22

July 7th, 2003, 01:30 PM

DJ Radius

Junior Member

Join Date: Jul 2003

Location: Pacific Northwest, USA

Posts: 12

Time spent in forums: < 1 sec
Reputation Power: 0

Well, it's monday now and the www.djradiuspdx.com site seems to be up. So things seem to have worked themselves out with multiple extra days of time for the info to propagate.

Does www.djradiuspdx.com load up for any of you guys now?

#23

July 7th, 2003, 02:08 PM

SilentRage

DNS/BIND Guru

Join Date: Jun 2003

Location: OH, USA

Posts: 4,195

Time spent in forums: 1 Week 5 Days 15 h 53 m 4 sec
Reputation Power: 77

works fine

#24

July 7th, 2003, 02:31 PM

alexgreg

Full Access

Join Date: Jun 2000

Location: London, UK

Posts: 2,019

Time spent in forums: 3 sec
Reputation Power: 11

Yep, it's working fine for me too.

Opening up incoming port 53 UDP was what did the trick. Without that, DNS queries couldn't reach your computer.

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: