Nslookup Times Out on A Lookup To Well-Known Hosts

Barry Margolin barmar at alum.mit.edu
Fri Sep 29 23:54:23 UTC 2006


In article <efjj4c$1cnp$1 at sf1.isc.org>,
 "Will" <westes-usc at noemail.nospam> wrote:

> I have several well-known hosts that are failing A record lookups on DNS and
> I need help debugging this.
> 
> We have the ISC Bind 9.3.0 set up on a box with a sendmail mail server, just
> to speed up the MX lookups on that box.   I go to the nslookup command line,
> and type something like the following:
> 
>     type=mx
>     cox.net
> 
> and what I get back is a timeout that lasts two seconds and then no
> response.
> 
> I start a sniffer, and record while performing the above.   There is no
> question that the name server is issuing the query, and that the remote DNS
> responds with the nameserver (NS) records for cox.net.
> 
> At this point, the sniffer trace shows that there is a timeout on simple
> Address (A) record lookups to all nameservers for cox.net.

You said you asked it to look up MX records, so why is it now doing A 
record lookups?  Although I doubt that the record type actually matters.

> 
> I confirm that result from the command line by simple nslookup to ns.cox.net
> (for example) and this does time out.

Is there a reason why you're using nslookup rather than dig for your 
troubleshooting?  Not that it really matters in this case, but you 
should fix your bad habits, as there are many times when nslookup gives 
misleading results.

> I jump over to a UNIX box outside our network and try the same queries, and
> they all immediately work.
> 
> What are some possible causes for this?    Could cox.net be blacklisting
> many Internet hosts on their nameservers?

That's a definite possibility.  Perhaps at one point some problem caused 
your server to bombard them with DNS queries, so they set up a filter to 
block it.

I suggest you contact them and ask if they're blocking DNS from your 
server's IP.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list