LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   DNS-BIND, got "BAD (HORIZONTAL) REFERRAL" error (https://www.linuxquestions.org/questions/linux-server-73/dns-bind-got-bad-horizontal-referral-error-844524/)

jeff14 11-16-2010 01:19 AM
DNS-BIND, got "BAD (HORIZONTAL) REFERRAL" error
 
hi all, my website is www.faisco.com, and work fine several days
but one of my new client said that they can't resolve my domain, meanwhile they can resolve other web site without any problem.
i run 'dig' on their machine, this is the result:
; <<>> DiG 9.4.0 <<>> www.faisco.com +trace
;; global options: printcmd
. 3600 IN NS m.root-servers.net.
. 3600 IN NS l.root-servers.net.
. 3600 IN NS k.root-servers.net.
. 3600 IN NS j.root-servers.net.
. 3600 IN NS i.root-servers.net.
. 3600 IN NS h.root-servers.net.
. 3600 IN NS g.root-servers.net.
. 3600 IN NS f.root-servers.net.
. 3600 IN NS e.root-servers.net.
. 3600 IN NS d.root-servers.net.
. 3600 IN NS c.root-servers.net.
. 3600 IN NS b.root-servers.net.
. 3600 IN NS a.root-servers.net.
;; Received 417 bytes from 192.168.0.10#53(192.168.0.10) in 0 ms

com. 165333 IN NS g.gtld-servers.net.
com. 165333 IN NS h.gtld-servers.net.
com. 165333 IN NS i.gtld-servers.net.
com. 165333 IN NS j.gtld-servers.net.
com. 165333 IN NS k.gtld-servers.net.
com. 165333 IN NS l.gtld-servers.net.
com. 165333 IN NS m.gtld-servers.net.
com. 165333 IN NS a.gtld-servers.net.
com. 165333 IN NS b.gtld-servers.net.
com. 165333 IN NS c.gtld-servers.net.
com. 165333 IN NS d.gtld-servers.net.
com. 165333 IN NS e.gtld-servers.net.
com. 165333 IN NS f.gtld-servers.net.
;; Received 464 bytes from 192.203.230.10#53(e.root-servers.net) in 284 ms

com. 165333 IN NS g.gtld-servers.net.
com. 165333 IN NS h.gtld-servers.net.
com. 165333 IN NS i.gtld-servers.net.
com. 165333 IN NS j.gtld-servers.net.
com. 165333 IN NS k.gtld-servers.net.
com. 165333 IN NS l.gtld-servers.net.
com. 165333 IN NS m.gtld-servers.net.
com. 165333 IN NS a.gtld-servers.net.
com. 165333 IN NS b.gtld-servers.net.
com. 165333 IN NS c.gtld-servers.net.
com. 165333 IN NS d.gtld-servers.net.
com. 165333 IN NS e.gtld-servers.net.
com. 165333 IN NS f.gtld-servers.net.
;; BAD (HORIZONTAL) REFERRAL
;; Received 464 bytes from 192.41.162.30#53(l.gtld-servers.net) in 383 ms

com. 165333 IN NS g.gtld-servers.net.
com. 165333 IN NS h.gtld-servers.net.
com. 165333 IN NS i.gtld-servers.net.
com. 165333 IN NS j.gtld-servers.net.
com. 165333 IN NS k.gtld-servers.net.
com. 165333 IN NS l.gtld-servers.net.
com. 165333 IN NS m.gtld-servers.net.
com. 165333 IN NS a.gtld-servers.net.
com. 165333 IN NS b.gtld-servers.net.
com. 165333 IN NS c.gtld-servers.net.
com. 165333 IN NS d.gtld-servers.net.
com. 165333 IN NS e.gtld-servers.net.
com. 165333 IN NS f.gtld-servers.net.
;; BAD (HORIZONTAL) REFERRAL
;; Received 464 bytes from 192.26.92.30#53(c.gtld-servers.net) in 329 ms

com. 165333 IN NS g.gtld-servers.net.
com. 165333 IN NS h.gtld-servers.net.
com. 165333 IN NS i.gtld-servers.net.
com. 165333 IN NS j.gtld-servers.net.
com. 165333 IN NS k.gtld-servers.net.
com. 165333 IN NS l.gtld-servers.net.
com. 165333 IN NS m.gtld-servers.net.
com. 165333 IN NS a.gtld-servers.net.
com. 165333 IN NS b.gtld-servers.net.
com. 165333 IN NS c.gtld-servers.net.
com. 165333 IN NS d.gtld-servers.net.
com. 165333 IN NS e.gtld-servers.net.
com. 165333 IN NS f.gtld-servers.net.
;; BAD (HORIZONTAL) REFERRAL
;; Received 464 bytes from 192.5.6.30#53(a.gtld-servers.net) in 466 ms

com. 165333 IN NS g.gtld-servers.net.
com. 165333 IN NS h.gtld-servers.net.
com. 165333 IN NS i.gtld-servers.net.
com. 165333 IN NS j.gtld-servers.net.
com. 165333 IN NS k.gtld-servers.net.
com. 165333 IN NS l.gtld-servers.net.
com. 165333 IN NS m.gtld-servers.net.
com. 165333 IN NS a.gtld-servers.net.
com. 165333 IN NS b.gtld-servers.net.
com. 165333 IN NS c.gtld-servers.net.
com. 165333 IN NS d.gtld-servers.net.
com. 165333 IN NS e.gtld-servers.net.
com. 165333 IN NS f.gtld-servers.net.
;; BAD (HORIZONTAL) REFERRAL
;; Received 464 bytes from 192.12.94.30#53(e.gtld-servers.net) in 383 ms

lots of 'BAD (HORIZONTAL) REFERRAL'???

and the correct result should be like this:
; <<>> DiG 9.4.0 <<>> www.faisco.com +trace
;; global options: printcmd
. 43757 IN NS a.root-servers.net.
. 43757 IN NS b.root-servers.net.
. 43757 IN NS c.root-servers.net.
. 43757 IN NS d.root-servers.net.
. 43757 IN NS e.root-servers.net.
. 43757 IN NS f.root-servers.net.
. 43757 IN NS g.root-servers.net.
. 43757 IN NS h.root-servers.net.
. 43757 IN NS i.root-servers.net.
. 43757 IN NS j.root-servers.net.
. 43757 IN NS k.root-servers.net.
. 43757 IN NS l.root-servers.net.
. 43757 IN NS m.root-servers.net.
;; Received 228 bytes from 192.168.1.254#53(192.168.1.254) in 156 ms

com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
;; Received 504 bytes from 192.203.230.10#53(e.root-servers.net) in 531 ms

faisco.com. 172800 IN NS dns1.faisco.cn.
faisco.com. 172800 IN NS dns2.faisco.cn.
;; Received 79 bytes from 192.12.94.30#53(e.gtld-servers.net) in 343 ms

www.faisco.com. 86400 IN CNAME serv01.faisco.com.
serv01.faisco.com. 86400 IN A 119.120.92.213
faisco.com. 86400 IN NS dns1.faisco.cn.
faisco.com. 86400 IN NS dns2.faisco.cn.
;; Received 116 bytes from 58.255.252.149#53(dns2.faisco.cn) in 203 ms

can any one help ? thanks!

bathory 11-16-2010 02:53 AM
Hi,

Looks like the name server running on 192.168.0.10 is badly configured, or there is a networking (router/firewall?) problem.
Does the following works?
Code:
dig www.faisco.com +trace +tcp

jeff14 11-16-2010 06:55 AM
hi,bathory
here is the result:
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www.faisco.com +trace +tcp
;; global options: printcmd
;; connection timed out; no servers could be reached

but the server ( which can resolve the domain correctly ) also got the same result

by the way, the client ( which use 192.168.0.10 as its name server) can resolve other domain without any problem, like www.google.com, www.facebook.com, www.amazone.com, www.linuxquestions.org....

bathory 11-16-2010 07:54 AM
Huh? When you use tcp you cannot contact the server?
Then I guess port 53/tcp is closed by a firewall running on the name server in question.
Can you telnet that server on port 53?

jeff14 11-17-2010 03:18 AM
yes, all client can telnet the server on port 53, but results of dig +tcp all the same:
here is the result:
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www.faisco.com +trace +tcp
;; global options: printcmd
;; connection timed out; no servers could be reached

bathory 11-17-2010 04:46 AM
Quote:
; <<>> DiG 9.7.2-P2 <<>> www.faisco.com +trace +tcp
;; global options: +cmd
. 428787 IN NS g.root-servers.net.
. 428787 IN NS c.root-servers.net.
. 428787 IN NS b.root-servers.net.
. 428787 IN NS e.root-servers.net.
. 428787 IN NS h.root-servers.net.
. 428787 IN NS d.root-servers.net.
. 428787 IN NS k.root-servers.net.
. 428787 IN NS i.root-servers.net.
. 428787 IN NS a.root-servers.net.
. 428787 IN NS f.root-servers.net.
. 428787 IN NS l.root-servers.net.
. 428787 IN NS m.root-servers.net.
. 428787 IN NS j.root-servers.net.
;; Received 356 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
;; Received 520 bytes from 128.8.10.90#53(d.root-servers.net) in 211 ms

faisco.com. 172800 IN NS dns1.faisco.cn.
faisco.com. 172800 IN NS dns2.faisco.cn.
;; Received 79 bytes from 192.54.112.30#53(h.gtld-servers.net) in 128 ms

www.faisco.com. 86400 IN CNAME serv01.faisco.com.
serv01.faisco.com. 86400 IN A 119.120.92.213
faisco.com. 86400 IN NS dns2.faisco.cn.
faisco.com. 86400 IN NS dns1.faisco.cn.
;; Received 116 bytes from 119.120.92.213#53(dns1.faisco.cn) in 498 ms
As you see I can resolve successfully that host, so there is a networking problem between your client and the nameserver that is 1st in /etc/resolv.conf.

jeff14 11-17-2010 07:02 AM
yes, i don't think there is any problem with the host, but what puzzles me is that the client can resolve all other websites except my website, so strange...

bathory 11-17-2010 07:23 AM
You can tell your client to change the 1st nameserver in /etc/resolv.conf and use google (8.8.8.8.8) or opendns (208.67.222.222)

Cheers


All times are GMT -5. The time now is 05:37 PM.