problems reaching name server from different locations
Niek Baakman
niek at packetstorm.nu
Tue Dec 10 01:18:38 UTC 2002
> When I query the nameserver from mailhost.nettwerk.com on my
> network I get
>
> # dig @mailhost.nettwerk.com atkinslawco.com
>
> ; <<>> DiG 9.2.1 <<>> @mailhost.nettwerk.com atkinslawco.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44869
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;atkinslawco.com. IN A
>
> ;; ANSWER SECTION:
> atkinslawco.com. 83588 IN A 205.209.16.85
>
> ;; AUTHORITY SECTION:
> atkinslawco.com. 83588 IN NS ns.atkinslawco.com.
>
> ;; ADDITIONAL SECTION:
> ns.atkinslawco.com. 83588 IN A 205.209.16.85
>
> ;; Query time: 0 msec
> ;; SERVER: 209.17.154.5#53(mailhost.nettwerk.com)
> ;; WHEN: Mon Dec 9 16:03:33 2002
> ;; MSG SIZE rcvd: 82
>
> Then when I try to query their authoritative nameserver
> directly I get:
>
> # dig @ns.atkinslawco.com atkinslawco.com
> dig: Couldn't find server 'ns.atkinslawco.com': Name or
> service not known
>
>
> However if I dig directly to their IP it works fine:
>
> # dig @205.209.16.85 atkinslawco.com
>
> ; <<>> DiG 9.2.1 <<>> @205.209.16.85 atkinslawco.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49637
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
> ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;atkinslawco.com. IN A
>
> ;; ANSWER SECTION:
> atkinslawco.com. 86400 IN A 205.209.16.85
>
> ;; AUTHORITY SECTION:
> atkinslawco.com. 86400 IN NS ns.atkinslawco.com.
>
> ;; ADDITIONAL SECTION:
> ns.atkinslawco.com. 86400 IN A 205.209.16.85
>
> ;; Query time: 277 msec
> ;; SERVER: 205.209.16.85#53(205.209.16.85)
> ;; WHEN: Mon Dec 9 16:07:33 2002
> ;; MSG SIZE rcvd: 82
>
>
> And if I do a lookup of ns.atkinslawco.com it works fine:
>
> dig @mailhost.nettwerk.com ns.atkinslawco.com
>
> ; <<>> DiG 9.2.1 <<>> @mailhost.nettwerk.com
> ns.atkinslawco.com ;; global options: printcmd ;; Got
> answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
> 34410 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
> ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ns.atkinslawco.com. IN A
>
> ;; ANSWER SECTION:
> ns.atkinslawco.com. 83276 IN A 205.209.16.85
>
> ;; AUTHORITY SECTION:
> atkinslawco.com. 83276 IN NS ns.atkinslawco.com.
>
> ;; Query time: 0 msec
> ;; SERVER: 209.17.154.5#53(mailhost.nettwerk.com)
> ;; WHEN: Mon Dec 9 16:08:45 2002
> ;; MSG SIZE rcvd: 66
>
>
>
> However if I goto another computer on another network and
> query ns.atkinslawco.com it works fine.
>
> dig @ns.atkinslawco.com atkinslawco.com
>
> ; <<>> DiG 9.1.2 <<>> @ns.atkinslawco.com atkinslawco.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3727
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
> ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;atkinslawco.com. IN A
>
> ;; ANSWER SECTION:
> atkinslawco.com. 86400 IN A 205.209.16.85
>
> ;; AUTHORITY SECTION:
> atkinslawco.com. 86400 IN NS ns.atkinslawco.com.
>
> ;; ADDITIONAL SECTION:
> ns.atkinslawco.com. 86400 IN A 205.209.16.85
>
> ;; Query time: 94 msec
> ;; SERVER: 205.209.16.85#53(ns.atkinslawco.com)
> ;; WHEN: Mon Dec 9 16:07:19 2002
> ;; MSG SIZE rcvd: 82
>
>
>
> ANywbody have any ideas what's going on here. On top of all this it
> only happens to
> our network some of the time. ie) Sometimes
> ns.atkinslawco.com can be
> queryed
> no problem...
Hi,
The fact that the problem is intermittent, probably points to dns servers
with problemos. Suppose you use 2 dns servers on that system
(/etc/resolv.conf), and 1 is having problems. Then sometimes you have no
problem doing:
dig @ns.atkinslawco.com atkinslawco.com
and sometimes you do (because the faulty DNS you're using doesn't look up
the ip for ns.atkinslawco.com.
This is the most logical explanation, so check if the name servers in your
resolv.conf are really functioning.
Regards,
Niek
More information about the bind-users
mailing list