Fw: Even Stranger Incorrect DNS Query Results

Allie M Hopkins allie at lsu.edu
Wed Dec 8 21:54:43 UTC 2004





NM on that last email.  I had to stop and restart bind for the "no"
commands to take effect.

Once again.... THANK YOU.

Allie M Hopkins
Office of Computing Services
Louisiana State University
225/578-3700
----- Forwarded by Allie M Hopkins/allie/LSU on 12/08/2004 03:53 PM -----
|---------+---------------------------->
|         |           Allie M Hopkins  |
|         |                            |
|         |           12/08/2004 02:47 |
|         |           PM               |
|---------+---------------------------->
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                                  |
  |       To:      Ronan Flood <ronan at noc.ulcc.ac.uk>                                                                                                |
  |       cc:      bind-users-bounce at isc.org, comp-protocols-dns-bind at isc.org                                                                        |
  |       Subject: Re: Even Stranger Incorrect DNS Query Results(Document link: Allie M Hopkins)                                                     |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|



You guys are great.  That certainly enable me to run dig @ns1.ntwo.net
successfully.  However, I still am not able to do lookups just straight
from my server.  IOW, when I try to find the domain bergstedtandmount.com
from my nameserver I time out still.  Originally I wasn't even able to run
the dig off of ns1.ntwo.net.  At least I can do that.  But why am I still
timing out?

Steps I took to achieve successful digs off ns1.ntwo.net:

Increased upd ttl (no -o udp_ttl=128)
Increased tcp mss ( no -o tcp_mssdflt=1440)  the default is 512

Only the udp ttl increase was really needed, but in trying to get the dig
to work using our nameservers I increased the tcp mss.

Anybody willing to brainstorm with me?  The dig at ns1.ntwo.net does take a
pretty long time.  Are my queries off my box just not getting back fast
enough?  Can I change this setting somewhere?




|---------+---------------------------->
|         |           Ronan Flood      |
|         |           <ronan at noc.ulcc.a|
|         |           c.uk>            |
|         |           Sent by:         |
|         |           bind-users-bounce|
|         |           @isc.org         |
|         |                            |
|         |                            |
|         |           12/08/2004 10:29 |
|         |           AM               |
|---------+---------------------------->
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                                  |
  |       To:       comp-protocols-dns-bind at isc.org                                                                                                  |
  |       cc:       (bcc: Allie M Hopkins/allie/LSU)                                                                                                 |
  |       Subject:  Re: Even Stranger Incorrect DNS Query Results                                                                                    |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|




Allie M Hopkins <allie at lsu.edu> wrote:

> ANY aix machine that I run dig @ns1.ntwo.net any.thing.com times out.  I
> have tried 6 different aix machines with varying hardware, os version,
> software, administrators, etc.  All fail.  On ANY other os that I try:
> windows, openbsd, fedora, gentoo, this lookup is successful.  How strange
> is that?????  I dug a little deeper.  When I traceroute to that
nameserver,
> it never reaches it from our network.

> traceroute to 207.191.33.2 (207.191.33.2) from 130.39.3.5 (130.39.3.5),
30
> hops max

Looks like ns1.ntwo.net is more than 30 hops from your machines.
AIX apparently uses an initial TTL of 30 in UDP, see

  http://secfr.nerim.net/docs/fingerprint/en/ttl_default.html

That references the AIX command "no", so look into that.

--
                      Ronan Flood <R.Flood at noc.ulcc.ac.uk>
                        working for but not speaking for
             Network Services, University of London Computer Centre
     (which means: don't bother ULCC if I've said something you don't like)






More information about the bind-users mailing list