Nslookup Times Out on A Lookup To Well-Known Hosts

Steve Ingraham singraham at okcca.net
Fri Sep 29 17:02:52 UTC 2006

Will wrote:
>I have several well-known hosts that are failing A record lookups on
DNS >and I need help debugging this.

>We have the ISC Bind 9.3.0 set up on a box with a sendmail mail server,
>just to speed up the MX lookups on that box.   I go to the nslookup
command >line, and type something like the following:

>    type=mx
>    cox.net

>and what I get back is a timeout that lasts two seconds and then no

>I start a sniffer, and record while performing the above.   There is no
>question that the name server is issuing the query, and that the remote
>responds with the nameserver (NS) records for cox.net.

>At this point, the sniffer trace shows that there is a timeout on
>Address (A) record lookups to all nameservers for cox.net.

>I confirm that result from the command line by simple nslookup to
>ns.cox.net (for example) and this does time out.

>I jump over to a UNIX box outside our network and try the same queries,
>they all immediately work.

>What are some possible causes for this?    Could cox.net be
>many Internet hosts on their nameservers?

I am no expert on this as I am learning a great deal reading these posts
myself.  However, I did have a similar problem attempting an "nslookup".
In my case what I discovered was that I was attempting to do the lookup
while using my internal DNS server instead of an external DNS server
that was looking from outside my firewall.

If you have a similar setup with your domain you need to designate a DNS
server outside your firewall.  You can designate use of a specific DNS
server in nslookup by typing:

Nslookup - <IP address of external DNS>

Hope this helps.
Steve Ingraham

More information about the bind-users mailing list