[SOLVED] Can't connect to ".fr" domains

kraig22 · 02-19-2010, 05:45 AM

Hi,

I'm on Debian Lenny/Gnome 2.22.3

Whatever the web browser I try, I can't connect to ".fr" websites.
ping and dig do nothing
dig : connection timed out; no servers could be reached
ping: unknown host google.fr

I still can access any other domain name with absolutely no problem.

What am I supposed to configure to allow .fr too ? Is it a DNS problem or something ?
Please tell me if any of you need more informations about this issue.

bathory · 02-19-2010, 06:06 AM

Hi,

How long is this happening?
What gives:

Code:

dig +trace lemonde.fr

cantab · 02-19-2010, 06:10 AM

It is most likely that this is a problem with your ISP.

kraig22 · 02-19-2010, 06:37 AM

It's happening since remote fresh install.

Here's the result :

Code:

~$ dig +trace lemonde.fr

; <<>> DiG 9.5.1-P3 <<>> +trace lemonde.fr
;; global options:  printcmd
.                       153505  IN      NS      E.ROOT-SERVERS.NET.
.                       153505  IN      NS      K.ROOT-SERVERS.NET.
.                       153505  IN      NS      F.ROOT-SERVERS.NET.
.                       153505  IN      NS      A.ROOT-SERVERS.NET.
.                       153505  IN      NS      J.ROOT-SERVERS.NET.
.                       153505  IN      NS      H.ROOT-SERVERS.NET.
.                       153505  IN      NS      D.ROOT-SERVERS.NET.
.                       153505  IN      NS      G.ROOT-SERVERS.NET.
.                       153505  IN      NS      I.ROOT-SERVERS.NET.
.                       153505  IN      NS      M.ROOT-SERVERS.NET.
.                       153505  IN      NS      L.ROOT-SERVERS.NET.
.                       153505  IN      NS      C.ROOT-SERVERS.NET.
.                       153505  IN      NS      B.ROOT-SERVERS.NET.
;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

fr.                     172800  IN      NS      C.NIC.fr.
fr.                     172800  IN      NS      B.EXT.NIC.fr.
fr.                     172800  IN      NS      F.EXT.NIC.fr.
fr.                     172800  IN      NS      D.EXT.NIC.fr.
fr.                     172800  IN      NS      E.EXT.NIC.fr.
fr.                     172800  IN      NS      A.NIC.fr.
fr.                     172800  IN      NS      D.NIC.fr.
fr.                     172800  IN      NS      G.EXT.NIC.fr.
;; Received 432 bytes from 192.33.4.12#53(C.ROOT-SERVERS.NET) in 81 ms

dig: couldn't get address for 'C.NIC.fr': not found

I'm not sure about this ISP issue, because no one else seems to complain about it. I guess my configuration is the cause.

Thnx

bathory · 02-19-2010, 07:11 AM

That's weird. What's in /etc/resolv.conf?
Check also with:

Code:

dig lemonde.fr +trace +all +recurse
dig lemonde.fr @208.67.222.222

kraig22 · 02-19-2010, 07:27 AM

Precision : Lenny has been installed and network configured by OVH. They're supposed not to configure anything else. I configured bind9 (and it works) and that's it. No particular rules in iptables... Maybe my weird resolv.conf will tell something?

Content of resolv.conf :

Code:

:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

dig lemonde.fr +trace +all +recurse
Gives :

Code:

~$ dig lemonde.fr +trace +all +recurse

; <<>> DiG 9.5.1-P3 <<>> lemonde.fr +trace +all +recurse
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43888
;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       150779  IN      NS      E.ROOT-SERVERS.NET.
.                       150779  IN      NS      M.ROOT-SERVERS.NET.
.                       150779  IN      NS      J.ROOT-SERVERS.NET.
.                       150779  IN      NS      B.ROOT-SERVERS.NET.
.                       150779  IN      NS      F.ROOT-SERVERS.NET.
.                       150779  IN      NS      H.ROOT-SERVERS.NET.
.                       150779  IN      NS      A.ROOT-SERVERS.NET.
.                       150779  IN      NS      I.ROOT-SERVERS.NET.
.                       150779  IN      NS      L.ROOT-SERVERS.NET.
.                       150779  IN      NS      K.ROOT-SERVERS.NET.
.                       150779  IN      NS      C.ROOT-SERVERS.NET.
.                       150779  IN      NS      D.ROOT-SERVERS.NET.
.                       150779  IN      NS      G.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     448305  IN      A       198.41.0.4
A.ROOT-SERVERS.NET.     448305  IN      AAAA    2001:503:ba3e::2:30
B.ROOT-SERVERS.NET.     448305  IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     448305  IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     448305  IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     448305  IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     448305  IN      A       192.5.5.241
F.ROOT-SERVERS.NET.     448305  IN      AAAA    2001:500:2f::f
G.ROOT-SERVERS.NET.     448305  IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     448305  IN      A       128.63.2.53
H.ROOT-SERVERS.NET.     448305  IN      AAAA    2001:500:1::803f:235
I.ROOT-SERVERS.NET.     448305  IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     237179  IN      A       192.58.128.30
J.ROOT-SERVERS.NET.     237179  IN      AAAA    2001:503:c27::2:30

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 19 14:17:58 2010
;; MSG SIZE  rcvd: 500

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40624
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 13

;; QUESTION SECTION:
;lemonde.fr.                    IN      A

;; AUTHORITY SECTION:
fr.                     172800  IN      NS      a.nic.fr.
fr.                     172800  IN      NS      b.ext.nic.fr.
fr.                     172800  IN      NS      c.nic.fr.
fr.                     172800  IN      NS      d.ext.nic.fr.
fr.                     172800  IN      NS      d.nic.fr.
fr.                     172800  IN      NS      e.ext.nic.fr.
fr.                     172800  IN      NS      f.ext.nic.fr.
fr.                     172800  IN      NS      g.ext.nic.fr.

;; ADDITIONAL SECTION:
a.nic.fr.               172800  IN      A       192.93.0.129
b.ext.nic.fr.           172800  IN      A       192.228.90.21
c.nic.fr.               172800  IN      A       192.134.0.129
d.ext.nic.fr.           172800  IN      A       204.152.184.85
d.nic.fr.               172800  IN      A       194.0.9.1
e.ext.nic.fr.           172800  IN      A       193.176.144.6
f.ext.nic.fr.           172800  IN      A       194.146.106.46
g.ext.nic.fr.           172800  IN      A       204.61.216.39
a.nic.fr.               172800  IN      AAAA    2001:660:3005:3::1:1
c.nic.fr.               172800  IN      AAAA    2001:660:3006:4::1:1
d.ext.nic.fr.           172800  IN      AAAA    2001:4f8:0:2::8
d.nic.fr.               172800  IN      AAAA    2001:678:c:1::1
g.ext.nic.fr.           172800  IN      AAAA    2001:500:14:6039:ad::1

;; Query time: 20 msec
;; SERVER: 193.0.14.129#53(K.ROOT-SERVERS.NET)
;; WHEN: Fri Feb 19 14:17:58 2010
;; MSG SIZE  rcvd: 434

dig: couldn't get address for 'a.nic.fr': not found

And dig lemonde.fr @208.67.222.222
Gives :

Code:

$ dig lemonde.fr @208.67.222.222

; <<>> DiG 9.5.1-P3 <<>> lemonde.fr @208.67.222.222
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52934
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lemonde.fr.                    IN      A

;; ANSWER SECTION:
lemonde.fr.             600     IN      A       195.154.120.129

;; Query time: 21 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Feb 19 14:19:33 2010
;; MSG SIZE  rcvd: 44

bathory · 02-19-2010, 07:42 AM

Since you're using your own nameserver, check (or post here) its configuration, flush cache and try again:

Code:

dig lemonde.fr

In the meantime you can use opendns (208.67.222.222) and/or google (8.8.8.8)

kraig22 · 02-19-2010, 09:01 AM

Checked all and it's ok... Still working on it. Could my bind9 configuration be in conflict with resolvconf ?

Code:

$ dig lemonde.fr

; <<>> DiG 9.5.1-P3 <<>> lemonde.fr
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31001
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lemonde.fr.                    IN      A

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 19 15:59:56 2010
;; MSG SIZE  rcvd: 28

bathory · 02-19-2010, 09:20 AM

How it's ok since you get a SERVFAIL. How did you setup bind? Is is a caching or a forwarding config?
Could you post named.conf?

kraig22 · 02-19-2010, 09:34 AM

It SEEMS ok I meant since named-checkconf report no errors. I know there is a problem somewhere.

Here is named.conf

Code:

$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";

Now named.conf.options :

Code:

$ cat /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

         forwarders {
                213.186.33.199;
         };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { ::1; };
        listen-on { any; };
        allow-recursion {127.0.0.1;213.186.33.199;};
        notify yes;
};

(where 213.186... is the secondary DNS )

And named.conf.local :

Code:

$ cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
zone "mydomain.com" {
        type master;
        file "/etc/bind/db.mydomain.com";
};

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

Any advice ?

kraig22 · 02-19-2010, 09:42 AM

Btw with the forwarders you can see in my last post :

Code:

$ dig lemonde.fr

; <<>> DiG 9.5.1-P3 <<>> lemonde.fr
;; global options:  printcmd
;; connection timed out; no servers could be reached

and ...

Code:

; <<>> DiG 9.5.1-P3 <<>> yahoo.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59511
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 2

;; QUESTION SECTION:
;yahoo.com.                     IN      A

;; ANSWER SECTION:
yahoo.com.              21600   IN      A       209.131.36.159
yahoo.com.              21600   IN      A       209.191.93.53
yahoo.com.              21600   IN      A       69.147.114.224

;; AUTHORITY SECTION:
yahoo.com.              172800  IN      NS      ns2.yahoo.com.
yahoo.com.              172800  IN      NS      ns3.yahoo.com.
yahoo.com.              172800  IN      NS      ns1.yahoo.com.
yahoo.com.              172800  IN      NS      ns8.yahoo.com.
yahoo.com.              172800  IN      NS      ns6.yahoo.com.
yahoo.com.              172800  IN      NS      ns4.yahoo.com.
yahoo.com.              172800  IN      NS      ns5.yahoo.com.

;; ADDITIONAL SECTION:
ns6.yahoo.com.          172800  IN      A       202.43.223.170
ns8.yahoo.com.          172800  IN      A       202.165.104.22

;; Query time: 247 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 19 16:43:58 2010
;; MSG SIZE  rcvd: 233

Still looking for answers on the net and on the server...

bathory · 02-19-2010, 09:46 AM

Ditch forwarders and see what happens

kraig22 · 02-19-2010, 09:55 AM

I thought I gave your last idea a try and I didn't. Now it works...

Code:

; <<>> DiG 9.5.1-P3 <<>> lemonde.fr
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15214
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;lemonde.fr.                    IN      A

;; ANSWER SECTION:
lemonde.fr.             600     IN      A       195.154.120.129

;; AUTHORITY SECTION:
lemonde.fr.             28800   IN      NS      nsa.bookmyname.com.
lemonde.fr.             28800   IN      NS      nsc.bookmyname.com.
lemonde.fr.             28800   IN      NS      nsb.bookmyname.com.

;; ADDITIONAL SECTION:
nsa.bookmyname.com.     172800  IN      A       88.191.249.135
nsb.bookmyname.com.     172800  IN      A       217.24.82.34
nsc.bookmyname.com.     172800  IN      A       195.154.228.229

;; Query time: 414 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 19 16:51:56 2010
;; MSG SIZE  rcvd: 160

Could you please explain me how ? And do I have to keep forwarders commented ? Actually I don't really get how it works, that's why I posted in the newbie section. Cause I am.

Thanks anyway.

bathory · 02-19-2010, 10:36 AM

Forwarding works like this:
When you query your dns, it will forward the query first to the forwarder(s) and if it does not find an answer, then your dns will try to do it by itself.
Since you have setup caching (that is the hint "." zone) you don't need any forwarders.

Glad to see it works now. You can mark the thread as "solved" using the thread tools

Cheers

kraig22 · 02-19-2010, 10:56 AM

Thanx a lot for your time and help =)