Even Stranger Incorrect DNS Query Results
    Allie M Hopkins 
    allie at lsu.edu
       
    Wed Dec  8 20:47:34 UTC 2004
    
    
  
You guys are great.  That certainly enable me to run dig @ns1.ntwo.net
successfully.  However, I still am not able to do lookups just straight
from my server.  IOW, when I try to find the domain bergstedtandmount.com
from my nameserver I time out still.  Originally I wasn't even able to run
the dig off of ns1.ntwo.net.  At least I can do that.  But why am I still
timing out?
Steps I took to achieve successful digs off ns1.ntwo.net:
Increased upd ttl (no -o udp_ttl=128)
Increased tcp mss ( no -o tcp_mssdflt=1440)  the default is 512
Only the udp ttl increase was really needed, but in trying to get the dig
to work using our nameservers I increased the tcp mss.
Anybody willing to brainstorm with me?  The dig at ns1.ntwo.net does take a
pretty long time.  Are my queries off my box just not getting back fast
enough?  Can I change this setting somewhere?
|---------+---------------------------->
|         |           Ronan Flood      |
|         |           <ronan at noc.ulcc.a|
|         |           c.uk>            |
|         |           Sent by:         |
|         |           bind-users-bounce|
|         |           @isc.org         |
|         |                            |
|         |                            |
|         |           12/08/2004 10:29 |
|         |           AM               |
|---------+---------------------------->
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                                  |
  |       To:       comp-protocols-dns-bind at isc.org                                                                                                  |
  |       cc:       (bcc: Allie M Hopkins/allie/LSU)                                                                                                 |
  |       Subject:  Re: Even Stranger Incorrect DNS Query Results                                                                                    |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
Allie M Hopkins <allie at lsu.edu> wrote:
> ANY aix machine that I run dig @ns1.ntwo.net any.thing.com times out.  I
> have tried 6 different aix machines with varying hardware, os version,
> software, administrators, etc.  All fail.  On ANY other os that I try:
> windows, openbsd, fedora, gentoo, this lookup is successful.  How strange
> is that?????  I dug a little deeper.  When I traceroute to that
nameserver,
> it never reaches it from our network.
> traceroute to 207.191.33.2 (207.191.33.2) from 130.39.3.5 (130.39.3.5),
30
> hops max
Looks like ns1.ntwo.net is more than 30 hops from your machines.
AIX apparently uses an initial TTL of 30 in UDP, see
  http://secfr.nerim.net/docs/fingerprint/en/ttl_default.html
That references the AIX command "no", so look into that.
--
                      Ronan Flood <R.Flood at noc.ulcc.ac.uk>
                        working for but not speaking for
             Network Services, University of London Computer Centre
     (which means: don't bother ULCC if I've said something you don't like)
    
    
More information about the bind-users
mailing list