Even Stranger Incorrect DNS Query Results

Allie M Hopkins allie at lsu.edu
Wed Dec 8 20:47:34 UTC 2004

You guys are great.  That certainly enable me to run dig @ns1.ntwo.net
successfully.  However, I still am not able to do lookups just straight
from my server.  IOW, when I try to find the domain bergstedtandmount.com
from my nameserver I time out still.  Originally I wasn't even able to run
the dig off of ns1.ntwo.net.  At least I can do that.  But why am I still
timing out?

Steps I took to achieve successful digs off ns1.ntwo.net:

Increased upd ttl (no -o udp_ttl=128)
Increased tcp mss ( no -o tcp_mssdflt=1440)  the default is 512

Only the udp ttl increase was really needed, but in trying to get the dig
to work using our nameservers I increased the tcp mss.

Anybody willing to brainstorm with me?  The dig at ns1.ntwo.net does take a
pretty long time.  Are my queries off my box just not getting back fast
enough?  Can I change this setting somewhere?

|         |           Ronan Flood      |
|         |           <ronan at noc.ulcc.a|
|         |           c.uk>            |
|         |           Sent by:         |
|         |           bind-users-bounce|
|         |           @isc.org         |
|         |                            |
|         |                            |
|         |           12/08/2004 10:29 |
|         |           AM               |
  |                                                                                                                                                  |
  |       To:       comp-protocols-dns-bind at isc.org                                                                                                  |
  |       cc:       (bcc: Allie M Hopkins/allie/LSU)                                                                                                 |
  |       Subject:  Re: Even Stranger Incorrect DNS Query Results                                                                                    |

Allie M Hopkins <allie at lsu.edu> wrote:

> ANY aix machine that I run dig @ns1.ntwo.net any.thing.com times out.  I
> have tried 6 different aix machines with varying hardware, os version,
> software, administrators, etc.  All fail.  On ANY other os that I try:
> windows, openbsd, fedora, gentoo, this lookup is successful.  How strange
> is that?????  I dug a little deeper.  When I traceroute to that
> it never reaches it from our network.

> traceroute to ( from (,
> hops max

Looks like ns1.ntwo.net is more than 30 hops from your machines.
AIX apparently uses an initial TTL of 30 in UDP, see


That references the AIX command "no", so look into that.

                      Ronan Flood <R.Flood at noc.ulcc.ac.uk>
                        working for but not speaking for
             Network Services, University of London Computer Centre
     (which means: don't bother ULCC if I've said something you don't like)

More information about the bind-users mailing list