Page 2 of 2 First 12
  • Jump to page:
    #16
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    Pacific Northwest, USA
    Posts
    12
    Rep Power
    0
    Well, geez I just can't stop playing with this whole issue.

    I tried some stuff with DNS Crawler and tidied up my named.djradiuspdx.com file, and now this query to my nameserver ns.fuzzybundles.com can resolve djradiuspdx.com to an IP:


    http://www.dollardns.net/cgi-bin/dns...pe=A&submit=DS

    Same query with TCP UN-checked won't work, as it times out:


    http://www.dollardns.net/cgi-bin/dns...pe=A&submit=DS


    Does this mean that my firewall needs a hole poked for incoming udp on port 53?


    Also, since the TCP-protocol query to ns.fuzzybundles.com resolved djradiuspdx.com to an IP, can anyone out there actually connect to www.djradiuspdx.com as a website and see it go live?

    All the machines I can get to have got stuff cached, so I'm not sure if I've finally gone live yet or not to a 1st time browser of www.djradiuspdx.com.
    Last edited by SilentRage; August 5th, 2004 at 12:21 AM. Reason: updated links
  2. #17
  3. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    yep, looks like it. You allow TCP traffic but not UDP. TCP is used only rarely for responses that are very long, or for Zone Transfers, or when some user sees a little TCP checkbox and decides to play with it. ;-)

    So you need to forward the UDP port 53 to your server.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  4. #18
  5. Full Access
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jun 2000
    Location
    London, UK
    Posts
    2,019
    Rep Power
    17
    Does this mean that my firewall needs a hole poked for incoming udp on port 53?
    Yes
    Jeez, still problems getting djradiuspdx.com to even point to ns.fuzzybundles.com as the authority on djradiuspdx.com's IP.
    Ah. I have just realised something that was confusing me.

    A whois query on djradiuspdx.com shows ns.fuzzybundles.com as one of the authorative servers, which is fine. However, a lookup on ns.fuzzybundles.com (the DNS records for this are served by the your fuzzybundles.com registrar's DNS servers - the secureserver.net servers) returns NXDOMAIN (i.e. "I haven't heard of this domain"). It looks like your fuzzybundles.com registrar's isn't doing the delegation properly. All the GTLD servers are in agreement on this:
    Code:
    [root@vaio dns]# cat servers
    A.GTLD-SERVERS.NET
    B.GTLD-SERVERS.NET
    C.GTLD-SERVERS.NET
    D.GTLD-SERVERS.NET
    E.GTLD-SERVERS.NET
    F.GTLD-SERVERS.NET
    G.GTLD-SERVERS.NET
    H.GTLD-SERVERS.NET
    I.GTLD-SERVERS.NET
    J.GTLD-SERVERS.NET
    K.GTLD-SERVERS.NET
    L.GTLD-SERVERS.NET
    M.GTLD-SERVERS.NET
    [root@vaio dns]# for server in `cat servers`; do dnstrace a ns.fuzzybundles.com $server | dnstracesort > $server; echo $server; done
    A.GTLD-SERVERS.NET
    B.GTLD-SERVERS.NET
    C.GTLD-SERVERS.NET
    D.GTLD-SERVERS.NET
    E.GTLD-SERVERS.NET
    F.GTLD-SERVERS.NET
    G.GTLD-SERVERS.NET
    H.GTLD-SERVERS.NET
    I.GTLD-SERVERS.NET
    J.GTLD-SERVERS.NET
    K.GTLD-SERVERS.NET
    L.GTLD-SERVERS.NET
    M.GTLD-SERVERS.NET
    [root@vaio dns]# ls -l
    total 56
    -rw-r--r--    1 root     root         3134 Jul  5 14:08 A.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3136 Jul  5 14:08 B.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3136 Jul  5 14:08 C.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3136 Jul  5 14:08 D.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3136 Jul  5 14:08 E.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3136 Jul  5 14:08 F.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3136 Jul  5 14:08 G.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3137 Jul  5 14:08 H.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3137 Jul  5 14:08 I.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3136 Jul  5 14:09 J.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3137 Jul  5 14:09 K.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3137 Jul  5 14:09 L.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root         3136 Jul  5 14:09 M.GTLD-SERVERS.NET
    -rw-r--r--    1 root     root          247 Jul  5 13:44 servers
    [root@vaio dns]# head -5 *.NET
    ==> A.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.5.6.30       172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> B.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.33.14.30     172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> C.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.26.92.30     172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> D.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.31.80.30     172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> E.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.12.94.30     172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> F.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.35.51.30     172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> G.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.42.93.30     172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> H.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.54.112.30    172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> I.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.43.172.30    172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> J.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.48.79.30     172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> K.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.52.178.30    172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> L.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.41.162.30    172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    
    ==> M.GTLD-SERVERS.NET <==
    
    1 ns.fuzzybundles.com 192.55.83.30     172800 A 12.206.3.66
    1 ns.fuzzybundles.com 64.202.161.138   NXDOMAIN
    1 ns.fuzzybundles.com 64.202.163.10    NXDOMAIN
    
    [root@vaio dns]#
    So, the problem appears to be with your fuzzybundles.com registrar's publication of your ns.fuzzybundles.com record. However, as of now (14:14 GMT) I can resolve ns.fuzzybundles.com to 12.206.3.66.

    What confuses me more is this:
    Code:
    [root@vaio dns]# dnsqr a ns.fuzzybundles.com
    1 ns.fuzzybundles.com:
    109 bytes, 1+1+2+0 records, response, noerror
    query: 1 ns.fuzzybundles.com
    answer: ns.fuzzybundles.com 168675 A 12.206.3.66
    authority: fuzzybundles.com 168675 NS park7.secureserver.net
    authority: fuzzybundles.com 168675 NS park8.secureserver.net
    [root@vaio dns]# dnsq a ns.fuzzybundles.com park7.secureserver.net
    1 ns.fuzzybundles.com:
    105 bytes, 1+0+1+0 records, response, authoritative, nxdomain
    query: 1 ns.fuzzybundles.com
    authority: fuzzybundles.com 3600 SOA park7.secureserver.net dns.jomax.net 2003070101 10800 3600 604800 3600
    [root@vaio dns]# dnsq a ns.fuzzybundles.com park8.secureserver.net
    1 ns.fuzzybundles.com:
    105 bytes, 1+0+1+0 records, response, authoritative, nxdomain
    query: 1 ns.fuzzybundles.com
    authority: fuzzybundles.com 3600 SOA park7.secureserver.net dns.jomax.net 2003070101 10800 3600 604800 3600
    [root@vaio dns]#
    So I can resolve ns.fuzzybundles.com to 12.206.3.66. I couldn't do this a couple of days ago when I last tried to solve this problem. Probably the record is in a DNS cache. The authorities for the ns.fuzzybundles.com record are park[78].secureserver.net. When I ask them the same query, they return NXDOMAIN ("Haven't heard of this domain"). However, they must have been providing authorative information at some time for the record to end a DNS cache!

    In short, I believe the issue is with the ns.fuzzybundles.com delegation. It seems to be erratic, to say the least...

    However, you should definately still make that incoming UDP on port 53 hole in your firewall.
    Alex
    (http://www.alex-greg.com)
  6. #19
  7. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    yes, that IS wierd. ns.fuzzybundles.com should not resolve as it does not exist in the zone file for either server that were returned by all GTLD servers:

    http://www.dollardns.net/cgi-bin/dns...axfr&submit=DS

    http://www.dollardns.net/cgi-bin/dns...axfr&submit=DS

    The IP you provided does indeed return a different zone file:

    http://www.dollardns.net/cgi-bin/dns...s=IN&submit=DS
    Last edited by SilentRage; August 5th, 2004 at 12:25 AM.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  8. #20
  9. Full Access
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jun 2000
    Location
    London, UK
    Posts
    2,019
    Rep Power
    17
    Conclusion: fuzzybundles.com has lame name servers (or name servers that are lame part of the time...)

    (Lame: a name server designated as authorative for a domain which does not provide authorative information for it).
    Alex
    (http://www.alex-greg.com)
  10. #21
  11. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    Pacific Northwest, USA
    Posts
    12
    Rep Power
    0
    I've poked the UDP port 53 hole, and now the DNS Crawler can get information from ns.fuzzybundles.com about djradiuspdx.com with either the UDP or TCP protocols.

    Looks like now I just have to call godaddy and tell them to get their park[7-8]* servers to start being authoritative. From the testing it seems all other pieces are in place (i.e. ns.fuzzybundles.com can give an IP for djradiuspdx.com, and djradiuspdx.com lists ns.fuzzybundles.com as it's nameserver). Only broken piece remaining is the partk[7-8]* servers.

    I'll definitely keep them on the phone (godaddy support) until they take action to fix it (rather than give the wait 24hr answer). I want to demonstrate to the support people themselves that they also can reproduce the problem that after the GTLD servers direct the lookup to park[7-8]*, that park[7-8]* return NXDOMAIN and break the lookup chain.

    I'll post how it turns out. Thanks for all your help and testing so far!
  12. #22
  13. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    Pacific Northwest, USA
    Posts
    12
    Rep Power
    0
    Well, it's monday now and the www.djradiuspdx.com site seems to be up. So things seem to have worked themselves out with multiple extra days of time for the info to propagate.

    Does www.djradiuspdx.com load up for any of you guys now?
  14. #23
  15. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    works fine
  16. #24
  17. Full Access
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jun 2000
    Location
    London, UK
    Posts
    2,019
    Rep Power
    17
    Yep, it's working fine for me too.

    Opening up incoming port 53 UDP was what did the trick. Without that, DNS queries couldn't reach your computer.
    Alex
    (http://www.alex-greg.com)
Page 2 of 2 First 12
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo