Nslookup Times Out on A Lookup To Well-Known Hosts
Barry Finkel
b19141 at achilles.ctd.anl.gov
Wed Oct 4 14:39:41 UTC 2006
"Will" <westes-usc at noemail.nospam> wrote, in part:
>From one of our internal machines, here is what I see when I dig on a domain
>we can resolve:
>
>[c:\etc]dig @192.168.11.11 -t soa earthlink.net
>
>; <<>> DiG 9.3.2-P1 <<>> @192.168.11.11 -t soa earthlink.net
>; (1 server found)
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1071
>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
>;; QUESTION SECTION:
>;earthlink.net. IN SOA
>
>;; ANSWER SECTION:
>earthlink.net. 1800 IN SOA itchy.earthlink.net.
>hostmaster.earthlink.net. 2006092203 3600 300 2592000 1800
>
>;; AUTHORITY SECTION:
>earthlink.net. 1800 IN NS itchy.earthlink.net.
>earthlink.net. 1800 IN NS scratchy.earthlink.net.
>
>;; ADDITIONAL SECTION:
>itchy.earthlink.net. 154455 IN A 207.69.188.196
>scratchy.earthlink.net. 154455 IN A 207.69.188.197
>
>I'm not sure why, but the request for just SOA records above also returns to
>the name server records, followed by the name server's IP addresses.
>
>I issue the same dig command on cox.net, I get a pur timeout with:
>
>[c:\etc]dig @192.168.11.11 -t soa cox.net
>
>; <<>> DiG 9.3.2-P1 <<>> @192.168.11.11 -t soa cox.net
>; (1 server found)
>;; global options: printcmd
>;; connection timed out; no servers could be reached
>
>Using a sniffer on the server I am digging to, what I see are cox.net SOA
>records, and I also see NS records. I don't put together how those get
>there, but they do.
What you see in the output of "dig"
1) ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
There is no "aa" (Authoritative Answer) flag, so the data have come
from the cache of the nameserver to which you sent the query.
This packet represents a Query Reply (qr).
You Desired Recursion (rd); if need be, the DNS server you asked
should recurse to find the information.
And Recursion was Available (ra). But in this case, the server had
the information in its cache, so it did not have to recurse to find
the desired SOA record.
The DNS packet has 1 query section, 1 answer section,
2 authority sections, and 2 additional sections.
2) ;; QUESTION SECTION:
;earthlink.net. IN SOA
The query was for the SOA of earthlink.net .
3) ;; ANSWER SECTION:
earthlink.net. 1800 IN SOA itchy.earthlink.net.
hostmaster.earthlink.net. 2006092203 3600 300 2592000 1800
This is the one answer - the SOA record for which you queried.
4) ;; AUTHORITY SECTION:
earthlink.net. 1800 IN NS itchy.earthlink.net.
earthlink.net. 1800 IN NS scratchy.earthlink.net.
This authority section gives you the names of the authoritative
name servers. I believe that this authority section is not
required to be present.
5) ;; ADDITIONAL SECTION:
itchy.earthlink.net. 154455 IN A 207.69.188.196
scratchy.earthlink.net. 154455 IN A 207.69.188.197
As additional information, BIND is returning the addresses of the
two nameservers, in case you should need that information. I
believe that this additional section is not required to be present.
You asked one question, received one answer, and you were also given
additional information, in case you needed it for further queries.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list