Nslookup Times Out on A Lookup To Well-Known Hosts

Barry Finkel b19141 at achilles.ctd.anl.gov
Wed Oct 4 14:39:41 UTC 2006

"Will" <westes-usc at noemail.nospam> wrote, in part:

>From one of our internal machines, here is what I see when I dig on a domain
>we can resolve:
>[c:\etc]dig @ -t soa earthlink.net
>; <<>> DiG 9.3.2-P1 <<>> @  -t soa earthlink.net
>; (1 server found)
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1071
>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>;earthlink.net.                 IN      SOA
>earthlink.net.          1800    IN      SOA     itchy.earthlink.net.
>hostmaster.earthlink.net. 2006092203 3600 300 2592000 1800
>earthlink.net.          1800    IN      NS      itchy.earthlink.net.
>earthlink.net.          1800    IN      NS      scratchy.earthlink.net.
>itchy.earthlink.net.    154455  IN      A
>scratchy.earthlink.net. 154455  IN      A
>I'm not sure why, but the request for just SOA records above also returns to
>the name server records, followed by the name server's IP addresses.
>I issue the same dig command on cox.net, I get a pur timeout with:
>[c:\etc]dig @ -t soa cox.net
>; <<>> DiG 9.3.2-P1 <<>> @ -t soa cox.net
>; (1 server found)
>;; global options:  printcmd
>;; connection timed out; no servers could be reached
>Using a sniffer on the server I am digging to, what I see are cox.net SOA
>records, and I also see NS records.   I don't put together how those get
>there, but they do.

What you see in the output of "dig"

1) ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

   There is no "aa" (Authoritative Answer) flag, so the data have come
   from the cache of the nameserver to which you sent the query.

   This packet represents a Query Reply (qr).
   You Desired Recursion (rd); if need be, the DNS server you asked
       should recurse to find the information.
   And Recursion was Available (ra).  But in this case, the server had
   the information in its cache, so it did not have to recurse to find
   the desired SOA record.

   The DNS packet has 1 query section, 1 answer section, 
   2 authority sections, and 2 additional sections.

   ;earthlink.net.                 IN      SOA

   The query was for the SOA of earthlink.net .

   earthlink.net.          1800    IN      SOA     itchy.earthlink.net.
   hostmaster.earthlink.net. 2006092203 3600 300 2592000 1800

   This is the one answer - the SOA record for which you queried.

   earthlink.net.          1800    IN      NS      itchy.earthlink.net.
   earthlink.net.          1800    IN      NS      scratchy.earthlink.net.

   This authority section gives you the names of the authoritative
   name servers.  I believe that this authority section is not
   required to be present.

   itchy.earthlink.net.    154455  IN      A
   scratchy.earthlink.net. 154455  IN      A

   As additional information, BIND is returning the addresses of the
   two nameservers, in case you should need that information.  I
   believe that this additional section is not required to be present.

You asked one question, received one answer, and you were also given
additional information, in case you needed it for further queries.
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list