Why "dig foo" fails but "dig +trace foo" succeeds?
Mark Andrews
Mark_Andrews at isc.org
Wed Nov 17 05:16:25 UTC 2004
> Is there anyone who can explain this behavior to me?
>
> # dig www.powweb.com
> <...waits patiently...>
> ; <<>> DiG 9.2.4rc6 <<>> www.powweb.com
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
> #
Firstly you should not be running 9.2.4rc6 as 9.2.4 is
available.
Next you want to eliminate a broken/misconfigured firewall
from the problem space. You should be able to get a answer
to both of these queries. If you don't you need to fix your
firewall to handle EDNS queries.
dig +bufsiz=4096 www.powweb.com @a.root-servers.net
dig www.powweb.com @a.root-servers.net
Referrals to the COM/NET servers from the root servers now
exceed 512 octets using EDNS.
You can workaround this by using the following in 9.3.0.
options { edns-udp-size 512; };
After that do one of the following:
* get IPv6 connectivity
* rebuild without IPv6 disabled (configure --disable-ipv6)
* upgrade to 9.3.0 and run 'named -4'
(runtime equivalent to configure --disable-ipv6).
The RTT estimates for the IPv6 addresses for A.GTLD-SERVERS.NET
and B.GTLD-SERVERS.NET are not being penalised on network/host
unreachable causing the initial lookups for COM/NET names
to timeout as these addresses get lower and lower RTT estimates.
This will be fixed in 9.3.1/9.2.5.
If after doing all that you still have problems post packet
traces.
> # dig +trace www.powweb.com
>
> ; <<>> DiG 9.2.4rc6 <<>> +trace www.powweb.com
> ;; global options: printcmd
> . 502538 IN NS K.ROOT-SERVERS.NET.
> . 502538 IN NS L.ROOT-SERVERS.NET.
> . 502538 IN NS M.ROOT-SERVERS.NET.
> . 502538 IN NS A.ROOT-SERVERS.NET.
> . 502538 IN NS B.ROOT-SERVERS.NET.
> . 502538 IN NS C.ROOT-SERVERS.NET.
> . 502538 IN NS D.ROOT-SERVERS.NET.
> . 502538 IN NS E.ROOT-SERVERS.NET.
> . 502538 IN NS F.ROOT-SERVERS.NET.
> . 502538 IN NS G.ROOT-SERVERS.NET.
> . 502538 IN NS H.ROOT-SERVERS.NET.
> . 502538 IN NS I.ROOT-SERVERS.NET.
> . 502538 IN NS J.ROOT-SERVERS.NET.
> ;; Received 372 bytes from 147.160.1.6#53(147.160.1.6) in 1 ms
>
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS b.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS j.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> ;; Received 504 bytes from 193.0.14.129#53(K.ROOT-SERVERS.NET) in 87 ms
>
> powweb.com. 172800 IN NS ns2.powweb.com.
> powweb.com. 172800 IN NS ns3.powweb.com.
> ;; Received 100 bytes from 192.5.6.30#53(a.gtld-servers.net) in 22 ms
>
> www.powweb.com. 3600 IN A 66.152.97.130
> powweb.com. 3600 IN NS ns3.powweb.com.
> powweb.com. 3600 IN NS ns2.powweb.com.
> ;; Received 116 bytes from 66.152.97.4#53(ns2.powweb.com) in 81 ms
>
> If it matters, this is on RHEL 3.0.
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list