Nslookup not working for external domain

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Nov 18 19:18:48 UTC 2010

>> On 17.11.10 11:10, Moore, Mark A. wrote:
>>> nslookup www.cnn.com
>>> ;; Got SERVFAIL reply from, trying next server

> On 11/18/2010 5:16 AM, Matus UHLAR - fantomas wrote:
>> This server apparently does not provide recursion for you.

On 18.11.10 12:44, Kevin Darcy wrote:
> The OP already found the problem - - apparently the hints file wasn't  
> being loaded properly.

it was after my reply ;-)

> However, for future reference in troubleshooting DNS problems through  
> interpretation of nslookup results, for the versions of nslookup I'm  
> familiar with, trying to do a lookup that requires recursion, from a  
> resolver that doesn't provide it, results in either
> a) a goofy-looking referral response, if no searchlisting is being  
> performed, or
> b) nslookup going off and doing searchlisted queries, and returning the  
> results of the *last* query it does (which is likely to be an NXDOMAIN  
> response, thus causing nslookup to mis-report the result of the overall  
> lookup as NXDOMAIN)
> In neither case would it return SERVFAIL. That usually points to some  
> other root cause. My guess would have been that the resolver had no  
> connectivity to the Internet and had marked all of the root nameservers  
> as "lame". Mis-loading of the hints file apparently has the same  
> symptoms, although to be honest I don't think I've seen that before.

Last versions of BIND do not even return root referrals to clients that are
not allowed to recurse. Accesing hint zone is understood as recursion too.

...you may remember issue with flooding some servers with UDP responses to
spoofed queries for "." some time ago...

Have you checked with such server? 

Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.

More information about the bind-users mailing list