DNS client failing to query a particular domain only.

Barry Margolin barmar at alum.mit.edu
Sat Apr 1 01:28:28 UTC 2006


In article <e0k2fc$1asj$1 at sf1.isc.org>, Bill Larson <wllarso at swcp.com> 
wrote:

> Could be, but without further information, who knows.  The "dig... 
> +trace" command should be able to identify this type of problem.  If 
> there is cache poisoning you will see unusual servers being queried 
> along the way.

dig +trace is totally useless for troubleshooting cache poisoning, 
because it doesn't use your caching server.  It causes dig to perform 
its own iteration rather than using your server (except that it uses 
your server to get the root servers).

The really strange thing is that the OP said:

> I thought it could be a 
> problem
> with their DNS & I did a lookup using other name servers on the same
> client machine, but still getting the same DNS Timed out errors.

So the problem seems to be with the client machine or their network, not 
their server.  Maybe they have a firewall that doesn't like something 
about this.  The thing to do is put a sniffer outside the firewall, 
capturing DNS traffic to see if the queries and replies show up.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list