Problem with .org domain resolution
Kevin Darcy
kcd at chrysler.com
Wed Jun 3 16:38:55 UTC 2009
Since .org was recently DNSSEC-signed
(http://www.afilias.info/afilias+signs+org+zone), my guess would be that
you have a firewall, an intrusion-prevention device, or somesuch, that
is dropping the packets because it doesn't understand the DNSSEC records
contained in them.
- Kevin
Juan Rodríguez wrote:
> Hello.
> In my company we have a name server BIND 9.6 running on RedHat 4.7 ES.
> We've realized it don't resolve any
> .org domain. For example:
>
>
> [root at dnsint ~]# nslookup www.mirrorservice.org 10.20.29.22
> ;; connection timed out; no servers could be reached
>
> [root at dnsint ~]# nslookup www.madrid.org 10.20.29.22
> ;; connection timed out; no servers could be reached
>
> [root at dnsint ~]# nslookup www.wikipedia.org 10.20.29.22
> ;; connection timed out; no servers could be reached
>
> [root at dnsint ~]# nslookup www.marca.es 10.20.29.22
> Server: 10.20.29.22
> Address: 10.20.29.22#53
>
> Non-authoritative answer:
> Name: www.marca.es
> Address: 193.110.128.199
>
> [root at dnsint ~]# nslookup www.elpais.com 10.20.29.22
> Server: 10.20.29.22
> Address: 10.20.29.22#53
>
> Non-authoritative answer:
> www.elpais.com canonical name = elpais.es.edgesuite.net.
> elpais.es.edgesuite.net canonical name = a1749.g.akamai.net.
> Name: a1749.g.akamai.net
> Address: 77.67.20.195
> Name: a1749.g.akamai.net
> Address: 77.67.20.178
>
> [root at dnsint ~]# nslookup www.telefonica.net 10.20.29.22
> Server: 10.20.29.22
> Address: 10.20.29.22#53
>
> Non-authoritative answer:
> Name: www.telefonica.net
> Address: 213.4.130.95
>
> [root at dnsint ~]# nslookup www.intermonoxfam.org 10.20.29.22
> ;; connection timed out; no servers could be reached
>
> [root at dnsint ~]#
>
>
> This is a piece of the configuration:
> options {
> directory "/zonas"; // Working directory
> pid-file "/var/run/named.pid";
> statistics-file "/logs/named.stats";
> memstatistics-file "/logs/named.mem";
> dump-file "/logs/named.dump";
>
> version none;
> hostname none;
> server-id none;
>
> listen-on-v6 { none; };
> zone-statistics yes;
> recursive-clients 2000;
> cleaning-interval 300;
> max-cache-size 768M;
> notify explicit;
> allow-transfer { XXXXXXXXXXXXXX};
> also-notify { XXXXXXXXXXXXXXX};
> allow-query { XXXXXXXXXXXXXXXX};
> };
>
> zone "." {
> type hint;
> file "named.ca";
> };
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "named.local";
> };
>
> and various zones declared...........
>
> The file named.ca is the last updated one.
>
> Please, could you help me with this?
> Thank you very much.
> ------------------------------------------------------------------------
> Comparte tus fotos con tus amigos. Más fácil con Windows Live
> <http://download.live.com>
> ------------------------------------------------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list