Spotty Lookups on One of Our Networks

Martin McCormick martin at dc.cis.okstate.edu
Wed Oct 31 12:54:02 UTC 2012


I described a case where one of our remote campuses can't
resolve a number of remote domains. One example is noaa.gov. It
also successfully resolves random remote domains without
seemingly any rime or reason.

	Here is a bad dig trace for noaa.gov


; <<>> DiG 9.7.7 <<>> @localhost +trace noaa.gov
; (2 servers found)
;; global options: +cmd
.			453464	IN	NS	b.root-servers.net.
.			453464	IN	NS	l.root-servers.net.
.			453464	IN	NS	a.root-servers.net.
.			453464	IN	NS	i.root-servers.net.
.			453464	IN	NS	j.root-servers.net.
.			453464	IN	NS	f.root-servers.net.
.			453464	IN	NS	g.root-servers.net.
.			453464	IN	NS	e.root-servers.net.
.			453464	IN	NS	h.root-servers.net.
.			453464	IN	NS	d.root-servers.net.
.			453464	IN	NS	c.root-servers.net.
.			453464	IN	NS	k.root-servers.net.
.			453464	IN	NS	m.root-servers.net.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 320 ms

gov.			172800	IN	NS	b.gov-servers.net.
gov.			172800	IN	NS	a.gov-servers.net.
;; Received 133 bytes from 192.58.128.30#53(192.58.128.30) in 210 ms

noaa.gov.		86400	IN	NS	ns-e.noaa.gov.
noaa.gov.		86400	IN	NS	ns-mw.noaa.gov.
noaa.gov.		86400	IN	NS	ns-nw.noaa.gov.

	This trace took several minutes since no successful
resolution was made.

	Here is a good trace using our DNS.


; <<>> DiG 9.8.1-P1 <<>> +trace @localhost noaa.gov
; (2 servers found)
;; global options: +cmd
.			369104	IN	NS	d.root-servers.net.
.			369104	IN	NS	j.root-servers.net.
.			369104	IN	NS	b.root-servers.net.
.			369104	IN	NS	g.root-servers.net.
.			369104	IN	NS	i.root-servers.net.
.			369104	IN	NS	e.root-servers.net.
.			369104	IN	NS	l.root-servers.net.
.			369104	IN	NS	m.root-servers.net.
.			369104	IN	NS	h.root-servers.net.
.			369104	IN	NS	f.root-servers.net.
.			369104	IN	NS	c.root-servers.net.
.			369104	IN	NS	a.root-servers.net.
.			369104	IN	NS	k.root-servers.net.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 497 ms

gov.			172800	IN	NS	a.gov-servers.net.
gov.			172800	IN	NS	b.gov-servers.net.
;; Received 133 bytes from 192.112.36.4#53(192.112.36.4) in 439 ms

noaa.gov.		86400	IN	NS	ns-e.noaa.gov.
noaa.gov.		86400	IN	NS	ns-mw.noaa.gov.
noaa.gov.		86400	IN	NS	ns-nw.noaa.gov.
;; Received 133 bytes from 69.36.157.30#53(69.36.157.30) in 224 ms

noaa.gov.		86400	IN	A	140.90.200.21
noaa.gov.		86400	IN	A	140.172.17.21
noaa.gov.		86400	IN	A	129.15.96.21
noaa.gov.		86400	IN	NS	ns-e.noaa.gov.
noaa.gov.		86400	IN	NS	ns-mw.noaa.gov.
noaa.gov.		86400	IN	NS	ns-nw.noaa.gov.
;; Received 181 bytes from 140.90.33.237#53(140.90.33.237) in 37 ms

Barry Margolin writes:
> I'm not sure what you mean by that sentence about getting authoritative
> DNSs from X when it sbould be from Y. Can you post the actual dig?
> 
> BTW, @servername doesn't mean much when using +trace, since +trace
> queries the servers listed in NS records, not a resolver.



More information about the bind-users mailing list