Name servers that are offline, resolve for other carriers?

IronWolve harty at
Wed Oct 20 05:43:11 UTC 2004

Mark Andrews wrote:
>>I just was informed that was not able to
>>resolve, I traced it back to nameservers are offline,
>> and ns2.
> 	Also how did you determine that they were offline?  You
> 	can't ping them.  (I really don't know what the point of
> 	blocking icmp echo to externally advertised services. It
> 	doesn't hide the machine, icmp echo to unicast addresses
> 	is not a security threat and it just makes remote diagnostics
> 	harder.)
> 	I would be looking for routing problems.
<massive snips>

When I did dig on multiple networks, it appeared to be down. But I asked 
some other people it worked.  I was at a loss, as I tried different 
networks using dig.

I just tried on my home box and was able to get through when I set the 
server directly..  I couldnt telnet to port 53, so I guess its using 
udp. My normal favorite it to telnet to port 53, since icmp seems to be 
filtered all the time.

I tried dig from the root down to the authorative server, and ns1/ns2 
was blocked returing no answer, figured it was down.

Guess it is a routing issue.  Has to be just the subnet, maybe routing 
issue. For all I know we could have a dedicated connection and maybe 
routing traffic return traffic over it, its happened in the past.

Ya thanks, I'll check routing, wierd that only the authorative is 
blocked, (or not getting return traffic).. I bet thats it.


More information about the bind-users mailing list