Spotty Lookups on One of Our Networks
Martin McCormick
martin at dc.cis.okstate.edu
Wed Oct 31 12:54:02 UTC 2012
I described a case where one of our remote campuses can't
resolve a number of remote domains. One example is noaa.gov. It
also successfully resolves random remote domains without
seemingly any rime or reason.
Here is a bad dig trace for noaa.gov
; <<>> DiG 9.7.7 <<>> @localhost +trace noaa.gov
; (2 servers found)
;; global options: +cmd
. 453464 IN NS b.root-servers.net.
. 453464 IN NS l.root-servers.net.
. 453464 IN NS a.root-servers.net.
. 453464 IN NS i.root-servers.net.
. 453464 IN NS j.root-servers.net.
. 453464 IN NS f.root-servers.net.
. 453464 IN NS g.root-servers.net.
. 453464 IN NS e.root-servers.net.
. 453464 IN NS h.root-servers.net.
. 453464 IN NS d.root-servers.net.
. 453464 IN NS c.root-servers.net.
. 453464 IN NS k.root-servers.net.
. 453464 IN NS m.root-servers.net.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 320 ms
gov. 172800 IN NS b.gov-servers.net.
gov. 172800 IN NS a.gov-servers.net.
;; Received 133 bytes from 192.58.128.30#53(192.58.128.30) in 210 ms
noaa.gov. 86400 IN NS ns-e.noaa.gov.
noaa.gov. 86400 IN NS ns-mw.noaa.gov.
noaa.gov. 86400 IN NS ns-nw.noaa.gov.
This trace took several minutes since no successful
resolution was made.
Here is a good trace using our DNS.
; <<>> DiG 9.8.1-P1 <<>> +trace @localhost noaa.gov
; (2 servers found)
;; global options: +cmd
. 369104 IN NS d.root-servers.net.
. 369104 IN NS j.root-servers.net.
. 369104 IN NS b.root-servers.net.
. 369104 IN NS g.root-servers.net.
. 369104 IN NS i.root-servers.net.
. 369104 IN NS e.root-servers.net.
. 369104 IN NS l.root-servers.net.
. 369104 IN NS m.root-servers.net.
. 369104 IN NS h.root-servers.net.
. 369104 IN NS f.root-servers.net.
. 369104 IN NS c.root-servers.net.
. 369104 IN NS a.root-servers.net.
. 369104 IN NS k.root-servers.net.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 497 ms
gov. 172800 IN NS a.gov-servers.net.
gov. 172800 IN NS b.gov-servers.net.
;; Received 133 bytes from 192.112.36.4#53(192.112.36.4) in 439 ms
noaa.gov. 86400 IN NS ns-e.noaa.gov.
noaa.gov. 86400 IN NS ns-mw.noaa.gov.
noaa.gov. 86400 IN NS ns-nw.noaa.gov.
;; Received 133 bytes from 69.36.157.30#53(69.36.157.30) in 224 ms
noaa.gov. 86400 IN A 140.90.200.21
noaa.gov. 86400 IN A 140.172.17.21
noaa.gov. 86400 IN A 129.15.96.21
noaa.gov. 86400 IN NS ns-e.noaa.gov.
noaa.gov. 86400 IN NS ns-mw.noaa.gov.
noaa.gov. 86400 IN NS ns-nw.noaa.gov.
;; Received 181 bytes from 140.90.33.237#53(140.90.33.237) in 37 ms
Barry Margolin writes:
> I'm not sure what you mean by that sentence about getting authoritative
> DNSs from X when it sbould be from Y. Can you post the actual dig?
>
> BTW, @servername doesn't mean much when using +trace, since +trace
> queries the servers listed in NS records, not a resolver.
More information about the bind-users
mailing list