DNS Resolution Issues
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Fri Jul 12 15:43:59 UTC 2002
Timothy W. Foreman <timf at nikita.anansi-web.com> wrote:
> We are running Solaris 8 BIND 9.2.1 name servers that are authoritative for
> our ibsys.com domain.
> Many of our users on the internet are having trouble resolving names on these
> servers.
> The primary problem appears to be with the record for images.ibsys.com. (Yes,
> I know it's a chained CNAME. I can't do anything about that.)
> We are at the point where my boss want's to downgrade the servers to v8.x
> (thus losing the Views feature that we went to 9.x for.)
> I need some help with this.
1/ Server dns3.ibsys.com (66.187.192.1) does not answer TCP queries.
Possibly a faulty fw rule.
2/ your default TTL ( 600s ) is _way_ to low. This destroys caching
out there. In addition you have a larger value ( 3600) on negative TTL
3/ your nameservers seems to be very close topologically. This will
make them all unavilable whenever i glitch occurs.
4/ images.ibsys.com. shows up as :
;; ANSWER SECTION:
images.ibsys.com. 10M IN CNAME www.ibsys.com.edgesuite.net.
www.ibsys.com.edgesuite.net. 6H IN CNAME a1844.g.akamai.net.
a1844.g.akamai.net. 20S IN A 193.45.14.134
a1844.g.akamai.net. 20S IN A 193.45.14.136
And yes, even shorter TTL on akamai's 'A' records. Might work
on a LAN but i would say it could create problems on Internet.
5/
edgesuite.net. is served by akamai, and have 7 out of 12 NS
refusing to answer TCP queries. This might vause problems.
> Thanks.
> --
> Timothy W. Foreman - timf(at)anansi-web.com
> Finger me for more information!
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list