Can't resolve hotmail.com, everything else is fine

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Dec 3 22:34:31 UTC 2002


> This is very weird. I'm running BIND 9.2.1 on Solaris 8 and have a
> caching only server on my internet DMZ. I can resolve pretty much
> everything I need, apart from any records for hotmail.com. I can see
> the hotmail.com NS records in the cache but my server isn't getting
> any response when it tries to query these servers.
> 
> I've read a lot in here about EDNS, but I've tried switching it off
> and also using dig with and without EDNS, and neither work.
> 
> The queries are going out through Checkpoint FW-1 (I can see them in
> the log).
> 
> I have got around the problem by setting up a conditional forwarding
> statement that just forwards any hotmail.com queries out to my ISP DNS
> servers, and this seems to work, but it's a bit of a bodge as I'd
> rather have my server use the internet roots.
> 
> Anyone got any ideas? Here's what I get:

	Try verifing basic IP reachability from your server (e.g.
	ping ns1.hotmail.com, traceroute ns1.hotmail.com).

	Mark
 
> <with forwarder>
> 
> mr0cds01$ ./dig @127.0.0.1 mx hotmail.com.
> 
> ; <<>> DiG 9.2.1 <<>> @127.0.0.1 mx hotmail.com.
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20791
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 10
> 
> ;; QUESTION SECTION:
> ;hotmail.com.                   IN      MX
> 
> ;; ANSWER SECTION:
> hotmail.com.            2362    IN      MX      5 mx2.hotmail.com.
> hotmail.com.            2362    IN      MX      5 mx3.hotmail.com.
> hotmail.com.            2362    IN      MX      5 mx4.hotmail.com.
> hotmail.com.            2362    IN      MX      5 mx1.hotmail.com.
> 
> ;; AUTHORITY SECTION:
> hotmail.com.            3462    IN      NS      ns1.hotmail.com.
> hotmail.com.            3462    IN      NS      ns2.hotmail.com.
> hotmail.com.            3462    IN      NS      ns3.hotmail.com.
> hotmail.com.            3462    IN      NS      ns4.hotmail.com.
> 
> ;; ADDITIONAL SECTION:
> mx1.hotmail.com.        2362    IN      A       65.54.252.99
> mx1.hotmail.com.        2362    IN      A       65.54.254.129
> mx1.hotmail.com.        2362    IN      A       65.54.166.99
> mx2.hotmail.com.        2362    IN      A       65.54.166.230
> mx2.hotmail.com.        2362    IN      A       65.54.252.230
> mx2.hotmail.com.        2362    IN      A       65.54.254.145
> mx3.hotmail.com.        2362    IN      A       65.54.253.99
> mx3.hotmail.com.        2362    IN      A       65.54.254.140
> mx4.hotmail.com.        2362    IN      A       65.54.254.151
> mx4.hotmail.com.        2362    IN      A       65.54.253.230
> 
> ;; Query time: 16 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Tue Dec  3 11:42:02 2002
> ;; MSG SIZE  rcvd: 341
> 
> <without forwarder>
> 
> mr0cds01$ ./dig @127.0.0.1 mx hotmail.com.
> 
> ; <<>> DiG 9.2.1 <<>> @127.0.0.1 mx hotmail.com.
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
> 
> but lycos.com works fine:
> 
> mr0cds01$ ./dig @127.0.0.1 mx lycos.com.
> 
> ; <<>> DiG 9.2.1 <<>> @127.0.0.1 mx lycos.com.
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63337
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 7
> 
> ;; QUESTION SECTION:
> ;lycos.com.                     IN      MX
> 
> ;; ANSWER SECTION:
> lycos.com.              3592    IN      MX      10 mx.mail.lycos.com.
> lycos.com.              3592    IN      MX      20 mx1.mail.lycos.com.
> 
> ;; AUTHORITY SECTION:
> lycos.com.              172792  IN      NS      ns2.hotwired.com.
> lycos.com.              172792  IN      NS      ns3.hotwired.com.
> lycos.com.              172792  IN      NS      ns4.hotwired.com.
> lycos.com.              172792  IN      NS      ns5.hotwired.com.
> lycos.com.              172792  IN      NS      ns1.hotwired.com.
> 
> ;; ADDITIONAL SECTION:
> mx.mail.lycos.com.      592     IN      A       209.202.220.99
> mx1.mail.lycos.com.     592     IN      A       209.202.220.137
> mx1.mail.lycos.com.     592     IN      A       209.202.220.138
> mx1.mail.lycos.com.     592     IN      A       209.202.220.139
> mx1.mail.lycos.com.     592     IN      A       209.202.220.223
> mx1.mail.lycos.com.     592     IN      A       209.202.220.135
> mx1.mail.lycos.com.     592     IN      A       209.202.220.136
> 
> ;; Query time: 3 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Tue Dec  3 13:31:02 2002
> ;; MSG SIZE  rcvd: 282
> 
> Regards,
> 
> Paul Roberts
> DNS Architect - Core Network Design
> Hutchison3G
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list