Name servers that are offline, resolve for other carriers?
IronWolve
harty at ironwolve.com
Wed Oct 20 05:43:11 UTC 2004
Mark Andrews wrote:
>>I just was informed that cadoj-gwwa.doj.ca.gov was not able to
>>resolve, I traced it back to doj.ca.gov nameservers are offline,
>>ns1.doj.ca.gov and ns2.
> Also how did you determine that they were offline? You
> can't ping them. (I really don't know what the point of
> blocking icmp echo to externally advertised services. It
> doesn't hide the machine, icmp echo to unicast addresses
> is not a security threat and it just makes remote diagnostics
> harder.)
>
> I would be looking for routing problems.
>
>
<massive snips>
When I did dig on multiple networks, it appeared to be down. But I asked
some other people it worked. I was at a loss, as I tried different
networks using dig.
I just tried on my home box and was able to get through when I set the
server directly.. I couldnt telnet to port 53, so I guess its using
udp. My normal favorite it to telnet to port 53, since icmp seems to be
filtered all the time.
I tried dig from the root down to the authorative server, and ns1/ns2
was blocked returing no answer, figured it was down.
Guess it is a routing issue. Has to be just the subnet, maybe routing
issue. For all I know we could have a dedicated connection and maybe
routing traffic return traffic over it, its happened in the past.
Ya thanks, I'll check routing, wierd that only the authorative is
blocked, (or not getting return traffic).. I bet thats it.
Thanks,
-Brook
More information about the bind-users
mailing list