Why would BIND timeout on only 'A' results?
Barry Margolin
barmar at alum.mit.edu
Sat Aug 13 00:59:56 UTC 2005
In article <ddjep6$2ss5$1 at sf1.isc.org>,
Merton Campbell Crockett <mcc at CATO.GD-AIS.COM> wrote:
> On Fri, 12 Aug 2005, Dave Clark wrote:
>
> > Check out this strangeness. Keep in mind I am not the owner of this
> > domain.
> > I'm just helping this guy with diagnosing the problem with his dns server:
> >
> > dig cawunited.com (times out)
> > http://www.dollardns.net/cgi-bin/dnscrawler/index.pl?name=cawunited.com&lr=6
> > &submit=BU
> >
> > Now, maybe it isn't BIND's fault. Maybe there is an intermediate gateway
> > or
> > router that is specifically blocking these kinds of responses, but that
> > would be very strange. Looking for ideas on the explanation.
>
> It may be more of a problem with DNS Crawler. It works fine with dig and
> my home brew equivalent of DNS Crawler.
I see the same timeout when I try to use dig from home (on Comcast).
$ dig cawunited.com a @ns1.cawunited.com
; <<>> DiG 9.2.2 <<>> cawunited.com a @ns1.cawunited.com
;; global options: printcmd
;; connection timed out; no servers could be reached
$ dig cawunited.com a @ns1.cawunited.com +vc
; <<>> DiG 9.2.2 <<>> cawunited.com a @ns1.cawunited.com +vc
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51646
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;cawunited.com. IN A
;; ANSWER SECTION:
cawunited.com. 86400 IN A 67.171.102.148
;; AUTHORITY SECTION:
cawunited.com. 86400 IN NS ns1.cawunited.com.
cawunited.com. 86400 IN NS ns2.cawunited.com.
;; ADDITIONAL SECTION:
ns1.cawunited.com. 86400 IN A 67.171.102.148
ns2.cawunited.com. 86400 IN A 67.171.102.148
;; Query time: 36 msec
;; SERVER: 67.171.102.148#53(ns1.cawunited.com)
;; WHEN: Fri Aug 12 20:54:38 2005
;; MSG SIZE rcvd: 115
$ dig cawunited.com any @ns1.cawunited.com
; <<>> DiG 9.2.2 <<>> cawunited.com any @ns1.cawunited.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61578
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;cawunited.com. IN ANY
;; ANSWER SECTION:
cawunited.com. 86400 IN TXT "v=spf1 mx ptr ~all"
cawunited.com. 86400 IN A 67.171.102.148
cawunited.com. 86400 IN SOA ns1.cawunited.com.
support.cawunited.com. 2005081007 10800 3600 604800 86400
cawunited.com. 86400 IN NS ns2.cawunited.com.
cawunited.com. 86400 IN NS ns1.cawunited.com.
cawunited.com. 86400 IN MX 10 mail.cawunited.com.
;; ADDITIONAL SECTION:
ns1.cawunited.com. 86400 IN A 67.171.102.148
ns2.cawunited.com. 86400 IN A 67.171.102.148
mail.cawunited.com. 86400 IN A 67.171.102.148
;; Query time: 36 msec
;; SERVER: 67.171.102.148#53(ns1.cawunited.com)
;; WHEN: Fri Aug 12 20:55:29 2005
;; MSG SIZE rcvd: 227
> This is a good example of why you don't want both name servers for a
> domain on the same network.
His configuration is even worse. ns1.cawunited.com and
ns2.cawunited.com have the same address. And his registrar (Go Daddy)
let him register both of them like this.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list