Problems resolving a domain name

Kevin Darcy kcd at daimlerchrysler.com
Mon Jun 18 22:28:48 UTC 2007 

ns1.officelive.com and ns2.officelive.com appear to be load-balancer 
devices of some sort, and judging by the differing TTLs on the responses 
they give each one has at least 2 nameservers on the backend. I've also 
caught them giving out non-authoritative answers from time to time, so I 
suppose it's possible you could get timeouts sometimes (as BIND retries 
the queries, looking for an authoritative response), followed by BIND 
marking the whole "zone" as lame and returning SERVFAIL for a while.

Note that ANY queries are treated somewhat specially and therefore not 
always the best choice for troubleshooting DNS problems. Generally 
you're better off using NS queries if you're trying to trace out the 
delegation hierarchy, and A queries if you're just trying to mimic what 
a regular resolver would be looking up.

- Kevin

Majed Masari wrote:
> Hi All,
>
> One of our customers is trying to resolve www.ezexport.com using our DNS
> servers (ns1.awalnet.net.sa and ns2.awalnet.net.sa) getting DNS timeout
> messages. The customer can resolve the domain using other DNS servers.
> Indeed I tested it using open DNS resolver and connection with a
> different ISP and it resolves just fine. Here are the nslookup and dig
> commands +trace output using our DNS servers and an open DNS server:
>
> Nslookup debug set to d2 command output:
> ------------------------------------------------------------------------
>
> Default Server:  ns1.awalnet.net.sa
> Address:  212.93.192.4
>
>   
>> set d2
>> set type=any
>> www.ezexport.com
>>     
> Server:  ns1.awalnet.net.sa
> Address:  212.93.192.4
>
> ;; res_nmkquery(QUERY, www.ezexport.com, IN, ANY)
> ------------
> SendRequest(), len 34
>     HEADER:
>         opcode = QUERY, id = 9655, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0
>
>     QUESTIONS:
>         www.ezexport.com, type = ANY, class = IN
>
> ------------
> timeout
> timeout
> SendRequest failed
> ;; res_nmkquery(QUERY, www.ezexport.com.awalnet.net.sa, IN, ANY)
> ------------
> SendRequest(), len 49
>     HEADER:
>         opcode = QUERY, id = 9656, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0
>
>     QUESTIONS:
>         www.ezexport.com.awalnet.net.sa, type = ANY, class = IN
>
> ------------
> ------------
> Got answer (100 bytes):
>     HEADER:
>         opcode = QUERY, id = 9656, rcode = NXDOMAIN
>         header flags:  response, auth. answer, want recursion, recursion
> avail.
>         questions = 1,  answers = 0,  authority records = 1,  additional
> = 0
>
>     QUESTIONS:
>         www.ezexport.com.awalnet.net.sa, type = ANY, class = IN
>     AUTHORITY RECORDS:
>     ->  awalnet.net.sa
>         type = SOA, class = IN, dlen = 39
>         ttl = 600 (10M)
>         origin = ns1.awalnet.net.sa
>         mail addr = hostmaster.ns1.awalnet.net.sa
>         serial = 2007061601
>         refresh = 86400 (1D)
>         retry   = 7200 (2H)
>         expire  = 4233600 (7W)
>         minimum ttl = 600 (10M)
>
> ------------
> ;; res_nmkquery(QUERY, www.ezexport.com.net.sa, IN, ANY)
> ------------
> SendRequest(), len 41
>     HEADER:
>         opcode = QUERY, id = 9657, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0
>
>     QUESTIONS:
>         www.ezexport.com.net.sa, type = ANY, class = IN
>
> ------------
> ------------
> Got answer (96 bytes):
>     HEADER:
>         opcode = QUERY, id = 9657, rcode = NXDOMAIN
>         header flags:  response, auth. answer, want recursion, recursion
> avail.
>         questions = 1,  answers = 0,  authority records = 1,  additional
> = 0
>
>     QUESTIONS:
>         www.ezexport.com.net.sa, type = ANY, class = IN
>     AUTHORITY RECORDS:
>     ->  net.sa
>         type = SOA, class = IN, dlen = 43
>         ttl = 10412 (10412)
>         origin = ns1.nic.net.sa
>         mail addr = hostmaster.nic.net.sa
>         serial = 4421
>         refresh = 43200 (12H)
>         retry   = 7200 (2H)
>         expire  = 2419200 (4W)
>         minimum ttl = 172800 (2D)
>
> ------------
> *** ns1.awalnet.net.sa can't find www.ezexport.com: Non-existent
> host/domain
>   
>> Exit 
>>     
> ------------------------------------------------------------------------
> ----
> Dig command output:
> ------------------------------------------------------------------------
> ----
> root at ns1:/tmp # dig www.ezexport.com any
>
> ; <<>> DiG 9.3.0 <<>> www.ezexport.com any
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
> root at ns1:/ # dig www.ezexport.com any +trace
>
> ; <<>> DiG 9.3.0 <<>> www.ezexport.com any +trace
> ;; global options:  printcmd
> .                       461986  IN      NS      C.ROOT-SERVERS.NET.
> .                       461986  IN      NS      D.ROOT-SERVERS.NET.
> .                       461986  IN      NS      E.ROOT-SERVERS.NET.
> .                       461986  IN      NS      F.ROOT-SERVERS.NET.
> .                       461986  IN      NS      G.ROOT-SERVERS.NET.
> .                       461986  IN      NS      H.ROOT-SERVERS.NET.
> .                       461986  IN      NS      I.ROOT-SERVERS.NET.
> .                       461986  IN      NS      J.ROOT-SERVERS.NET.
> .                       461986  IN      NS      K.ROOT-SERVERS.NET.
> .                       461986  IN      NS      L.ROOT-SERVERS.NET.
> .                       461986  IN      NS      M.ROOT-SERVERS.NET.
> .                       461986  IN      NS      A.ROOT-SERVERS.NET.
> .                       461986  IN      NS      B.ROOT-SERVERS.NET.
> ;; Received 436 bytes from 212.93.192.4#53(212.93.192.4) in 1 ms
>
> com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
> ;; Received 494 bytes from 192.33.4.12#53(C.ROOT-SERVERS.NET) in 212 ms
>
> ezexport.com.           172800  IN      NS      ns1.officelive.com.
> ezexport.com.           172800  IN      NS      ns2.officelive.com.
> ;; Received 113 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 205 ms
>
> www.ezexport.com.       257     IN      A       207.46.222.14
> www.ezexport.com.       3257    IN      NS      ns1.officelive.com.
> www.ezexport.com.       3257    IN      NS      ns2.officelive.com.
> www.ezexport.com.       3257    IN      SOA     ns1.officelive.com.
> admin.msn.com. 2007063000 10800 1800 691200 3600
> www.ezexport.com.       3257    IN      MX      25 pamx1.hotmail.com.
> ;; Received 205 bytes from 207.46.222.20#53(ns1.officelive.com) in 267
> ms
> ------------------------------------------------------------------------
> ---------------
> ------------------------------------------------------------------------
> ---------------
> How can I fix this problem so we can resolve this domain using our DNS
> servers?
> Any help is appreciated. Thank you.
>
> --Majed Almasari 
>
>
>
>
>

More information about the bind-users mailing list