Problem with .org domain resolution

Kevin Darcy kcd at chrysler.com
Wed Jun 3 16:38:55 UTC 2009 

Since .org was recently DNSSEC-signed 
(http://www.afilias.info/afilias+signs+org+zone), my guess would be that 
you have a firewall, an intrusion-prevention device, or somesuch, that 
is dropping the packets because it doesn't understand the DNSSEC records 
contained in them.

                                                                         
                              - Kevin

Juan Rodríguez wrote:
> Hello.
> In my company we have a name server BIND 9.6 running on RedHat 4.7 ES. 
> We've realized it don't resolve any
> .org domain. For example:
>
>
> [root at dnsint ~]# nslookup www.mirrorservice.org 10.20.29.22
> ;; connection timed out; no servers could be reached
>
> [root at dnsint ~]# nslookup www.madrid.org 10.20.29.22
> ;; connection timed out; no servers could be reached
>
> [root at dnsint ~]# nslookup www.wikipedia.org 10.20.29.22
> ;; connection timed out; no servers could be reached
>
> [root at dnsint ~]# nslookup www.marca.es 10.20.29.22
> Server:         10.20.29.22
> Address:        10.20.29.22#53
>
> Non-authoritative answer:
> Name:   www.marca.es
> Address: 193.110.128.199
>
> [root at dnsint ~]# nslookup www.elpais.com 10.20.29.22
> Server:         10.20.29.22
> Address:        10.20.29.22#53
>
> Non-authoritative answer:
> www.elpais.com  canonical name = elpais.es.edgesuite.net.
> elpais.es.edgesuite.net canonical name = a1749.g.akamai.net.
> Name:   a1749.g.akamai.net
> Address: 77.67.20.195
> Name:   a1749.g.akamai.net
> Address: 77.67.20.178
>
> [root at dnsint ~]# nslookup www.telefonica.net 10.20.29.22
> Server:         10.20.29.22
> Address:        10.20.29.22#53
>
> Non-authoritative answer:
> Name:   www.telefonica.net
> Address: 213.4.130.95
>
> [root at dnsint ~]# nslookup www.intermonoxfam.org 10.20.29.22
> ;; connection timed out; no servers could be reached
>
> [root at dnsint ~]#
>
>
> This is a piece of the configuration:
> options {
>         directory "/zonas";           // Working directory
>         pid-file "/var/run/named.pid";
>         statistics-file "/logs/named.stats";
>         memstatistics-file "/logs/named.mem";
>         dump-file "/logs/named.dump";
>
>         version         none;
>         hostname        none;
>         server-id       none;
>
>         listen-on-v6 { none; };
>         zone-statistics yes;
>         recursive-clients 2000;
>         cleaning-interval 300;
>         max-cache-size 768M;
>         notify explicit;
>         allow-transfer { XXXXXXXXXXXXXX};
>         also-notify { XXXXXXXXXXXXXXX};
>         allow-query { XXXXXXXXXXXXXXXX};
> };
>
> zone "." {
>         type hint;
>         file "named.ca";
> };
>
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "named.local";
> };
>
> and various zones declared...........
>
> The file named.ca is the last updated one.
>
> Please, could you help me with this?
> Thank you very much.
> ------------------------------------------------------------------------
> Comparte tus fotos con tus amigos. Más fácil con Windows Live 
> <http://download.live.com>
> ------------------------------------------------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list