|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
June 4th, 2009, 11:00 AM
|
|||
|
|||
|
Problem resolving certain domains...
Can anyone give me a suggestion on what might be wrong in the following scenrario:
I have two FreeBSD based machines running bind. One is inside my network and one is out "in the wild" They are running slightly different versions of FreeBSD and Bind however I do not think that is the root of the problem. The problem is that when I try to look up certain domains (example below shows crlcares.com lookup) it fails on my internal machine but works fine on the machine in the wild. This only happens for a few domains, most domains resolve fine from both machines. I am thinking this is some kind of ISP routing or blocking issue but am having difficulty pinning it down. Any suggestions on how to determine the cause of the problem? Failure using BIND 9.6.0-P1 on FreeBSD 7.1 # dig +trace crlcares.com ; <<>> DiG 9.4.2-P2 <<>> +trace crlcares.com ;; global options: printcmd . 516539 IN NS I.ROOT-SERVERS.NET. . 516539 IN NS B.ROOT-SERVERS.NET. . 516539 IN NS H.ROOT-SERVERS.NET. . 516539 IN NS L.ROOT-SERVERS.NET. . 516539 IN NS A.ROOT-SERVERS.NET. . 516539 IN NS E.ROOT-SERVERS.NET. . 516539 IN NS C.ROOT-SERVERS.NET. . 516539 IN NS J.ROOT-SERVERS.NET. . 516539 IN NS K.ROOT-SERVERS.NET. . 516539 IN NS F.ROOT-SERVERS.NET. . 516539 IN NS D.ROOT-SERVERS.NET. . 516539 IN NS G.ROOT-SERVERS.NET. . 516539 IN NS M.ROOT-SERVERS.NET. ;; Received 456 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms com. 172800 IN NS F.GTLD-SERVERS.NET. com. 172800 IN NS E.GTLD-SERVERS.NET. com. 172800 IN NS L.GTLD-SERVERS.NET. com. 172800 IN NS K.GTLD-SERVERS.NET. com. 172800 IN NS M.GTLD-SERVERS.NET. com. 172800 IN NS A.GTLD-SERVERS.NET. com. 172800 IN NS H.GTLD-SERVERS.NET. com. 172800 IN NS B.GTLD-SERVERS.NET. com. 172800 IN NS C.GTLD-SERVERS.NET. com. 172800 IN NS G.GTLD-SERVERS.NET. com. 172800 IN NS D.GTLD-SERVERS.NET. com. 172800 IN NS J.GTLD-SERVERS.NET. com. 172800 IN NS I.GTLD-SERVERS.NET. ;; Received 502 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 250 ms crlcares.com. 172800 IN NS ns1.megahosters.com. crlcares.com. 172800 IN NS ns2.megahosters.com. ;; Received 110 bytes from 192.52.178.30#53(K.GTLD-SERVERS.NET) in 113 ms dig: couldn't get address for 'ns1.megahosters.com': not found Success using BIND 9.5.0-P1 FreeBSD 6.1 %dig +trace crlcares.com ; <<>> DiG 9.5.0-P1 <<>> +trace crlcares.com ;; global options: printcmd . 271831 IN NS K.ROOT-SERVERS.NET. . 271831 IN NS A.ROOT-SERVERS.NET. . 271831 IN NS B.ROOT-SERVERS.NET. . 271831 IN NS G.ROOT-SERVERS.NET. . 271831 IN NS D.ROOT-SERVERS.NET. . 271831 IN NS H.ROOT-SERVERS.NET. . 271831 IN NS C.ROOT-SERVERS.NET. . 271831 IN NS M.ROOT-SERVERS.NET. . 271831 IN NS J.ROOT-SERVERS.NET. . 271831 IN NS L.ROOT-SERVERS.NET. . 271831 IN NS F.ROOT-SERVERS.NET. . 271831 IN NS E.ROOT-SERVERS.NET. . 271831 IN NS I.ROOT-SERVERS.NET. ;; Received 288 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms com. 172800 IN NS I.GTLD-SERVERS.NET. com. 172800 IN NS M.GTLD-SERVERS.NET. com. 172800 IN NS H.GTLD-SERVERS.NET. com. 172800 IN NS F.GTLD-SERVERS.NET. com. 172800 IN NS G.GTLD-SERVERS.NET. com. 172800 IN NS D.GTLD-SERVERS.NET. com. 172800 IN NS K.GTLD-SERVERS.NET. com. 172800 IN NS C.GTLD-SERVERS.NET. com. 172800 IN NS L.GTLD-SERVERS.NET. com. 172800 IN NS A.GTLD-SERVERS.NET. com. 172800 IN NS E.GTLD-SERVERS.NET. com. 172800 IN NS J.GTLD-SERVERS.NET. com. 172800 IN NS B.GTLD-SERVERS.NET. ;; Received 490 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 74 ms crlcares.com. 172800 IN NS ns1.megahosters.com. crlcares.com. 172800 IN NS ns2.megahosters.com. ;; Received 110 bytes from 192.48.79.30#53(J.GTLD-SERVERS.NET) in 130 ms crlcares.com. 900 IN A 64.92.111.151 crlcares.com. 86400 IN NS ns1.megahosters.com. crlcares.com. 86400 IN NS ns2.megahosters.com. crlcares.com. 86400 IN NS ns3.megahosters.com. ;; Received 160 bytes from 64.92.111.149#53(ns1.megahosters.com) in 3 ms % Just for reference here is a lookup that works fine from the internal machine for ibm.com # dig +trace ibm.com ; <<>> DiG 9.4.2-P2 <<>> +trace ibm.com ;; global options: printcmd . 514332 IN NS C.ROOT-SERVERS.NET. . 514332 IN NS A.ROOT-SERVERS.NET. . 514332 IN NS H.ROOT-SERVERS.NET. . 514332 IN NS M.ROOT-SERVERS.NET. . 514332 IN NS B.ROOT-SERVERS.NET. . 514332 IN NS G.ROOT-SERVERS.NET. . 514332 IN NS F.ROOT-SERVERS.NET. . 514332 IN NS K.ROOT-SERVERS.NET. . 514332 IN NS J.ROOT-SERVERS.NET. . 514332 IN NS L.ROOT-SERVERS.NET. . 514332 IN NS I.ROOT-SERVERS.NET. . 514332 IN NS E.ROOT-SERVERS.NET. . 514332 IN NS D.ROOT-SERVERS.NET. ;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms com. 172800 IN NS A.GTLD-SERVERS.NET. com. 172800 IN NS B.GTLD-SERVERS.NET. com. 172800 IN NS C.GTLD-SERVERS.NET. com. 172800 IN NS D.GTLD-SERVERS.NET. com. 172800 IN NS E.GTLD-SERVERS.NET. com. 172800 IN NS F.GTLD-SERVERS.NET. com. 172800 IN NS G.GTLD-SERVERS.NET. com. 172800 IN NS H.GTLD-SERVERS.NET. com. 172800 IN NS I.GTLD-SERVERS.NET. com. 172800 IN NS J.GTLD-SERVERS.NET. com. 172800 IN NS K.GTLD-SERVERS.NET. com. 172800 IN NS L.GTLD-SERVERS.NET. com. 172800 IN NS M.GTLD-SERVERS.NET. ;; Received 485 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 88 ms ibm.com. 172800 IN NS internet-server.zurich.ibm.com. ibm.com. 172800 IN NS ns.almaden.ibm.com. ibm.com. 172800 IN NS ns.austin.ibm.com. ibm.com. 172800 IN NS ns.watson.ibm.com. ;; Received 199 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 82 ms ibm.com. 21600 IN A 129.42.18.103 ibm.com. 21600 IN A 129.42.16.103 ibm.com. 21600 IN A 129.42.17.103 ibm.com. 3600 IN NS ns.watson.ibm.com. ibm.com. 3600 IN NS ns.austin.ibm.com. ibm.com. 3600 IN NS ns.almaden.ibm.com. ibm.com. 3600 IN NS internet-server.zurich.ibm.com. ;; Received 231 bytes from 192.35.232.34#53(ns.austin.ibm.com) in 66 ms # Last edited by chris8051 : June 4th, 2009 at 11:16 AM. Reason: update
|
|
#2
June 4th, 2009, 06:46 PM
|
|||
|
|||
|
Just a guess, did you setup your firewall for DNS to your internal LAN bind server?
__________________
====== Doug G ====== I didn't attend the funeral, but I sent a nice letter saying I approved of it. --Mark Twain
|
|
#3
June 5th, 2009, 06:37 AM
|
|||
|
|||
|
Checked firewall DNS settings
Yes my firewall DNS settings point at my internal DNS servers. I am not sure why that would be a problem... but in any case I switched them to use public outside DNS servers and it did not seem to help. I am using a Sonicwall PRO 2040 Enhanced firewall. Based on some additional testing I did without this firewall it does appear to be a firewall issue. But I am still puzzled as to why only certain domains would fail to resolve. More interestingly one of the examples I gave above showed dig being unable to resolve ns1.megahosters.com (inside the dig of crlcares.com) but if I dig that domain by itself it does resolve...
|
|
#4
June 5th, 2009, 09:14 AM
|
|||
|
|||
|
I'm just throwing this idea out there because I've used a Pro 2040 and it can be a bit of a pain, but are you sure NAT is setup and working properly? I don't know if this is the problem, and it may very well not be, but if you're having sporadic problems it could be related to NAT?
|
|
#5
June 5th, 2009, 09:53 AM
|
|||
|
|||
|
re NAT
Yea not a NAT problem that is working fine. The nature of the problem is very repeatable. Certain domains (crlcares.com for example) will never resolve, while the vast majority of domains will always resolve. If it was some kind of NAT issue I would expect random results not consistent repeatable results. But thanks for the suggestion.
|
|
| Viewing: Dev Shed Forums > System Administration > DNS > Problem resolving certain domains... |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
