Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
At the last month i encountered with a strange error to resolve a single domain.
i tried any option that came on my mind with no luck, i will be happy to get some new idea\advice.
Code:
dig +trace nationwide.co.uk
; <<>> DiG 9.4-ESV-R2 <<>> +trace nationwide.co.uk
;; global options: printcmd
. 259734 IN NS m.root-servers.net.
. 259734 IN NS e.root-servers.net.
. 259734 IN NS b.root-servers.net.
. 259734 IN NS h.root-servers.net.
. 259734 IN NS i.root-servers.net.
. 259734 IN NS l.root-servers.net.
. 259734 IN NS j.root-servers.net.
. 259734 IN NS g.root-servers.net.
. 259734 IN NS c.root-servers.net.
. 259734 IN NS f.root-servers.net.
. 259734 IN NS d.root-servers.net.
. 259734 IN NS k.root-servers.net.
. 259734 IN NS a.root-servers.net.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
uk. 172800 IN NS ns3.nic.uk.
uk. 172800 IN NS ns6.nic.uk.
uk. 172800 IN NS ns2.nic.uk.
uk. 172800 IN NS ns5.nic.uk.
uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS ns4.nic.uk.
uk. 172800 IN NS ns1.nic.uk.
uk. 172800 IN NS ns7.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
;; Received 496 bytes from 192.33.4.12#53(c.root-servers.net) in 68 ms
nationwide.co.uk. 172800 IN NS ns1.nationet.net.
nationwide.co.uk. 172800 IN NS ns0.nationet.net.
;; Received 82 bytes from 217.79.164.131#53(ns2.nic.uk) in 58 ms
dig: isc_socket_create: address family not supported
Code:
dig +notcp +trace -4 nationwide.co.uk
; <<>> DiG 9.4-ESV-R2 <<>> +notcp +trace -4 nationwide.co.uk
;; global options: printcmd
. 67603 IN NS k.root-servers.net.
. 67603 IN NS e.root-servers.net.
. 67603 IN NS j.root-servers.net.
. 67603 IN NS i.root-servers.net.
. 67603 IN NS a.root-servers.net.
. 67603 IN NS f.root-servers.net.
. 67603 IN NS l.root-servers.net.
. 67603 IN NS h.root-servers.net.
. 67603 IN NS m.root-servers.net.
. 67603 IN NS b.root-servers.net.
. 67603 IN NS g.root-servers.net.
. 67603 IN NS c.root-servers.net.
. 67603 IN NS d.root-servers.net.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
uk. 172800 IN NS ns4.nic.uk.
uk. 172800 IN NS ns6.nic.uk.
uk. 172800 IN NS ns3.nic.uk.
uk. 172800 IN NS ns7.nic.uk.
uk. 172800 IN NS ns2.nic.uk.
uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
uk. 172800 IN NS ns5.nic.uk.
uk. 172800 IN NS ns1.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
;; Received 496 bytes from 192.33.4.12#53(c.root-servers.net) in 69 ms
nationwide.co.uk. 172800 IN NS ns1.nationet.net.
nationwide.co.uk. 172800 IN NS ns0.nationet.net.
;; Received 82 bytes from 195.66.240.130#53(ns1.nic.uk) in 69 ms
;; connection timed out; no servers could be reached
Bus error
when adding static host to /etc/hosts only with flag +trace i was able to resolve the domain.
no errors on the named log.
system os is CentOS release 5.5 (Final)
and bind version is Version: 9.4-ESV-R2.
dig +trace nationwide.co.uk
<snip>
dig: isc_socket_create: address family not supported
dig +notcp +trace -4 nationwide.co.uk
<snip>
;; connection timed out; no servers could be reached
Bus error
Try to adjust the edns/udp packets to the minimum size and see if it helps
Code:
edns-udp-size 512;
max-udp-size 512;
Otherwise, I guess you need to upgrade to a more recent bind/bind-utils version version.
This is what I get using bind-9.9.1-P1 (with no special dig options)
Code:
; <<>> DiG 9.9.1-P1 <<>> +trace nationwide.co.uk
;; global options: +cmd
. 518391 IN NS m.root-servers.net.
. 518391 IN NS b.root-servers.net.
. 518391 IN NS i.root-servers.net.
. 518391 IN NS a.root-servers.net.
. 518391 IN NS c.root-servers.net.
. 518391 IN NS d.root-servers.net.
. 518391 IN NS g.root-servers.net.
. 518391 IN NS h.root-servers.net.
. 518391 IN NS j.root-servers.net.
. 518391 IN NS k.root-servers.net.
. 518391 IN NS e.root-servers.net.
. 518391 IN NS f.root-servers.net.
. 518391 IN NS l.root-servers.net.
. 518393 IN RRSIG NS 8 0 518400 20120705000000 20120627230000 56158 . tS8hgd04zIZEjqtSL+XABLWcNTvZicStSyiNz13MvWNlnG1j8VyThqzD c+XDVY/Kq0HbtT3dXmZNkWZ1LuF49mP2vKNHsS+5Ct1itSqQtF3yfMxi f/+NCPbYFh+5YksmjpS30nYYbsgY1qupwK+ISO08uvBsEoE9xY2r2IcR P0Q=
;; Received 857 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
uk. 172800 IN NS ns4.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS ns2.nic.uk.
uk. 172800 IN NS ns6.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
uk. 172800 IN NS ns7.nic.uk.
uk. 172800 IN NS ns1.nic.uk.
uk. 172800 IN NS ns5.nic.uk.
uk. 172800 IN NS ns3.nic.uk.
uk. 86400 IN DS 15191 8 2 A057C8553B1DC6CF158A87CD2D0BAA2CDC9C6A14FA03DE02B19AB0DA 62AF279E
uk. 86400 IN RRSIG DS 8 1 86400 20120705000000 20120627230000 56158 . iMgJG95iepy+2uow8rhYJV76rVQQ+1QiI5HR9Z76WnJacbia5yHLhdiL LJca5dI0ccUnFIuMya4XOdcAs8d/ZWHounwAuS7HPz/XdVUHiezsuA+P QCxIctAxIUermYAaKaonxrIn1fdbGkmDTAYKQeUFCw/Dmp2RPWijkHQM FKY=
;; Received 714 bytes from 192.112.36.4#53(192.112.36.4) in 188 ms
nationwide.co.uk. 172800 IN NS ns1.nationet.net.
nationwide.co.uk. 172800 IN NS ns0.nationet.net.
G9F1KIIHM8M9VHJK7LRVETBQCEOGJIQP.co.uk. 10800 IN NSEC3 1 1 0 - G9RG9EFRT0T6A6NUS5DCFATL1C7GHL6D NS SOA RRSIG DNSKEY NSEC3PARAM TYPE65534
G9F1KIIHM8M9VHJK7LRVETBQCEOGJIQP.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20120731055359 20120626050105 33621 co.uk. ugWslu2iCK6AWy0qwmBG9L9JHLwz2Z2XzFif6n9j4S7Eu/7YbFiDeFyd U+Nli76eUyzXrCsb9/Nlk3+IQNngiSpH6PI2MhIv6kOHiWdaVCBnmzhC K4oh5OWRoRh3mhvkQO+FpcazVKZVWjhaAsiexTbIEg8TQoTOmWGrY78a zuA=
N0NTI2VD8HUC041CH0D36E5KIUQ3I5G5.co.uk. 10800 IN NSEC3 1 1 0 - N767KHOC9R3D42J8FV7QOTOIH7JTF1AL NS DS RRSIG
N0NTI2VD8HUC041CH0D36E5KIUQ3I5G5.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20120731013642 20120626013104 33621 co.uk. hhbQiks9IzlkwQvnbFaDjPK9Yi+zOEtBdCd76DJbHjcTCGSLhuxbgEk5 lIq1s8QaJqwfcN/6Tt8oEgdS7wpXt88RHk8oXiIhbtyE9IgV+8uOOpmT FKJZMgI84sgj4u/YYgLYWPNvv9RB6mO8kPtTBQ7fzlvKihBPVe6KL0GB x44=
;; Received 616 bytes from 213.248.254.130#53(213.248.254.130) in 98 ms
nationwide.co.uk. 7200 IN A 155.131.31.10
nationwide.co.uk. 7200 IN NS ns1.nationet.net.
nationwide.co.uk. 7200 IN NS ns0.nationet.net.
;; Received 141 bytes from 155.131.1.200#53(155.131.1.200) in 92 ms
Try to adjust the edns/udp packets to the minimum size and see if it helps
Code:
edns-udp-size 512;
max-udp-size 512;
Otherwise, I guess you need to upgrade to a more recent bind/bind-utils version version.
This is what I get using bind-9.9.1-P1 (with no special dig options)
Code:
; <<>> DiG 9.9.1-P1 <<>> +trace nationwide.co.uk
;; global options: +cmd
. 518391 IN NS m.root-servers.net.
. 518391 IN NS b.root-servers.net.
. 518391 IN NS i.root-servers.net.
. 518391 IN NS a.root-servers.net.
. 518391 IN NS c.root-servers.net.
. 518391 IN NS d.root-servers.net.
. 518391 IN NS g.root-servers.net.
. 518391 IN NS h.root-servers.net.
. 518391 IN NS j.root-servers.net.
. 518391 IN NS k.root-servers.net.
. 518391 IN NS e.root-servers.net.
. 518391 IN NS f.root-servers.net.
. 518391 IN NS l.root-servers.net.
. 518393 IN RRSIG NS 8 0 518400 20120705000000 20120627230000 56158 . tS8hgd04zIZEjqtSL+XABLWcNTvZicStSyiNz13MvWNlnG1j8VyThqzD c+XDVY/Kq0HbtT3dXmZNkWZ1LuF49mP2vKNHsS+5Ct1itSqQtF3yfMxi f/+NCPbYFh+5YksmjpS30nYYbsgY1qupwK+ISO08uvBsEoE9xY2r2IcR P0Q=
;; Received 857 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
uk. 172800 IN NS ns4.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS ns2.nic.uk.
uk. 172800 IN NS ns6.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
uk. 172800 IN NS ns7.nic.uk.
uk. 172800 IN NS ns1.nic.uk.
uk. 172800 IN NS ns5.nic.uk.
uk. 172800 IN NS ns3.nic.uk.
uk. 86400 IN DS 15191 8 2 A057C8553B1DC6CF158A87CD2D0BAA2CDC9C6A14FA03DE02B19AB0DA 62AF279E
uk. 86400 IN RRSIG DS 8 1 86400 20120705000000 20120627230000 56158 . iMgJG95iepy+2uow8rhYJV76rVQQ+1QiI5HR9Z76WnJacbia5yHLhdiL LJca5dI0ccUnFIuMya4XOdcAs8d/ZWHounwAuS7HPz/XdVUHiezsuA+P QCxIctAxIUermYAaKaonxrIn1fdbGkmDTAYKQeUFCw/Dmp2RPWijkHQM FKY=
;; Received 714 bytes from 192.112.36.4#53(192.112.36.4) in 188 ms
nationwide.co.uk. 172800 IN NS ns1.nationet.net.
nationwide.co.uk. 172800 IN NS ns0.nationet.net.
G9F1KIIHM8M9VHJK7LRVETBQCEOGJIQP.co.uk. 10800 IN NSEC3 1 1 0 - G9RG9EFRT0T6A6NUS5DCFATL1C7GHL6D NS SOA RRSIG DNSKEY NSEC3PARAM TYPE65534
G9F1KIIHM8M9VHJK7LRVETBQCEOGJIQP.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20120731055359 20120626050105 33621 co.uk. ugWslu2iCK6AWy0qwmBG9L9JHLwz2Z2XzFif6n9j4S7Eu/7YbFiDeFyd U+Nli76eUyzXrCsb9/Nlk3+IQNngiSpH6PI2MhIv6kOHiWdaVCBnmzhC K4oh5OWRoRh3mhvkQO+FpcazVKZVWjhaAsiexTbIEg8TQoTOmWGrY78a zuA=
N0NTI2VD8HUC041CH0D36E5KIUQ3I5G5.co.uk. 10800 IN NSEC3 1 1 0 - N767KHOC9R3D42J8FV7QOTOIH7JTF1AL NS DS RRSIG
N0NTI2VD8HUC041CH0D36E5KIUQ3I5G5.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20120731013642 20120626013104 33621 co.uk. hhbQiks9IzlkwQvnbFaDjPK9Yi+zOEtBdCd76DJbHjcTCGSLhuxbgEk5 lIq1s8QaJqwfcN/6Tt8oEgdS7wpXt88RHk8oXiIhbtyE9IgV+8uOOpmT FKJZMgI84sgj4u/YYgLYWPNvv9RB6mO8kPtTBQ7fzlvKihBPVe6KL0GB x44=
;; Received 616 bytes from 213.248.254.130#53(213.248.254.130) in 98 ms
nationwide.co.uk. 7200 IN A 155.131.31.10
nationwide.co.uk. 7200 IN NS ns1.nationet.net.
nationwide.co.uk. 7200 IN NS ns0.nationet.net.
;; Received 141 bytes from 155.131.1.200#53(155.131.1.200) in 92 ms
already tried to change the max size of udp, didn't helped...
on a different box i installed the last version of bind from source code, and i still got the same problem.
that problem drives my crazy, i can't figure what is the cause that this specific domain can't be resolved
on a different box i installed the last version of bind from source code, and i still got the same problem.
Why would you install from source if you have "yum" package manager to install it properly ?!
Code:
# yum info bind bind-chroot
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
* base: ftp.example.com
Installed Packages
Name : bind
Arch : i386
Epoch : 30
Version : 9.3.6
Release : 16.P1.el5
Size : 2.1 M
Repo : installed
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server.
URL : http://www.isc.org/products/BIND/
License : BSD-like
Description: BIND (Berkeley Internet Name Domain) is an implementation of the DNS
: (Domain Name System) protocols. BIND includes a DNS server (named),
: which resolves host names to IP addresses; a resolver library
: (routines for applications to use when interfacing with DNS); and
: tools for verifying that the DNS server is operating properly.
Name : bind-chroot
Arch : i386
Epoch : 30
Version : 9.3.6
Release : 16.P1.el5
Size : 0.0
Repo : installed
Summary : A chroot runtime environment for the ISC BIND DNS server, named(8)
URL : http://www.isc.org/products/BIND/
License : BSD-like
Description: This package contains a tree of files which can be used as a
: chroot(2) jail for the named(8) program from the BIND package.
: Based off code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
Available Packages
Name : bind
Arch : i386
Epoch : 30
Version : 9.3.6
Release : 20.P1.el5
Size : 981 k
Repo : base
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server.
URL : http://www.isc.org/products/BIND/
License : BSD-like
Description: BIND (Berkeley Internet Name Domain) is an implementation of the DNS
: (Domain Name System) protocols. BIND includes a DNS server (named),
: which resolves host names to IP addresses; a resolver library
: (routines for applications to use when interfacing with DNS); and
: tools for verifying that the DNS server is operating properly.
Name : bind-chroot
Arch : i386
Epoch : 30
Version : 9.3.6
Release : 20.P1.el5
Size : 47 k
Repo : base
Summary : A chroot runtime environment for the ISC BIND DNS server, named(8)
URL : http://www.isc.org/products/BIND/
License : BSD-like
Description: This package contains a tree of files which can be used as a
: chroot(2) jail for the named(8) program from the BIND package.
: Based off code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
so it states that a minor version update is available, then you do:
Code:
# yum check-update bind bind-chroot
and then update
# yum update bind bind-chroot
dig +short rs.dns-oarc.net txt
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"******* sent EDNS buffer size 512"
"Tested at 2012-07-02 11:52:30 UTC"
"****** DNS reply size limit is at least 490"
and this is from another network
dig +short rs.dns-oarc.net txt
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"Tested at 2012-07-02 11:57:04 UTC"
"******* sent EDNS buffer size 4096"
"****** DNS reply size limit is at least 3843"
the difference between them is the version and build of bind
Apparently you have a "local" server behind some router/gateway on 1st network, where your IP is 192.117.....
where you have "small" buffer size : "192.117... sent EDNS buffer size 512",
as the second one has 4096 !
What causes then not to resolve "nationwide.co.uk" I don't know, sorry.
On the site OARC test it has an option to try:
Quote:
Truncated, retrying in TCP mode
Some resolvers (e.g. BIND-9.6) send the bloated authority section back to dig. Since dig doesn't set an EDNS receive buffer size by default, the reply may be truncated. You can avoid this problem by telling dig to advertise a large receive buffer. For example:
Code:
$ dig +bufsize=1024 rs.dns-oarc.net txt
which would be good if you do with "nationwide...".
I get proper response from dig:
Code:
dig +notcp +trace -4 nationwide.co.uk
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> +notcp +trace -4 nationwide.co.uk
;; global options: printcmd
. 66378 IN NS h.root-servers.net.
. 66378 IN NS i.root-servers.net.
. 66378 IN NS j.root-servers.net.
. 66378 IN NS k.root-servers.net.
. 66378 IN NS l.root-servers.net.
. 66378 IN NS m.root-servers.net.
. 66378 IN NS a.root-servers.net.
. 66378 IN NS b.root-servers.net.
. 66378 IN NS c.root-servers.net.
. 66378 IN NS d.root-servers.net.
. 66378 IN NS e.root-servers.net.
. 66378 IN NS f.root-servers.net.
. 66378 IN NS g.root-servers.net.
;; Received 448 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
uk. 172800 IN NS ns1.nic.uk.
uk. 172800 IN NS ns2.nic.uk.
uk. 172800 IN NS ns3.nic.uk.
uk. 172800 IN NS ns4.nic.uk.
uk. 172800 IN NS ns5.nic.uk.
uk. 172800 IN NS ns6.nic.uk.
uk. 172800 IN NS ns7.nic.uk.
uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
;; Received 498 bytes from 128.63.2.53#53(h.root-servers.net) in 139 ms
nationwide.co.uk. 172800 IN NS ns0.nationet.net.
nationwide.co.uk. 172800 IN NS ns1.nationet.net.
;; Received 82 bytes from 195.66.240.130#53(ns1.nic.uk) in 65 ms
nationwide.co.uk. 7200 IN A 155.131.31.10
nationwide.co.uk. 7200 IN NS ns0.nationet.net.
nationwide.co.uk. 7200 IN NS ns1.nationet.net.
;; Received 130 bytes from 155.131.1.200#53(ns0.nationet.net) in 63 ms
what you may have is wrong "chaos" file or "root.hint" needs update or something.
Apparently you have a "local" server behind some router/gateway on 1st network, where your IP is 192.117.....
where you have "small" buffer size : "192.117... sent EDNS buffer size 512",
as the second one has 4096 !
What causes then not to resolve "nationwide.co.uk" I don't know, sorry.
On the site OARC test it has an option to try:
which would be good if you do with "nationwide...".
I get proper response from dig:
Code:
dig +notcp +trace -4 nationwide.co.uk
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> +notcp +trace -4 nationwide.co.uk
;; global options: printcmd
. 66378 IN NS h.root-servers.net.
. 66378 IN NS i.root-servers.net.
. 66378 IN NS j.root-servers.net.
. 66378 IN NS k.root-servers.net.
. 66378 IN NS l.root-servers.net.
. 66378 IN NS m.root-servers.net.
. 66378 IN NS a.root-servers.net.
. 66378 IN NS b.root-servers.net.
. 66378 IN NS c.root-servers.net.
. 66378 IN NS d.root-servers.net.
. 66378 IN NS e.root-servers.net.
. 66378 IN NS f.root-servers.net.
. 66378 IN NS g.root-servers.net.
;; Received 448 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms
uk. 172800 IN NS ns1.nic.uk.
uk. 172800 IN NS ns2.nic.uk.
uk. 172800 IN NS ns3.nic.uk.
uk. 172800 IN NS ns4.nic.uk.
uk. 172800 IN NS ns5.nic.uk.
uk. 172800 IN NS ns6.nic.uk.
uk. 172800 IN NS ns7.nic.uk.
uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
;; Received 498 bytes from 128.63.2.53#53(h.root-servers.net) in 139 ms
nationwide.co.uk. 172800 IN NS ns0.nationet.net.
nationwide.co.uk. 172800 IN NS ns1.nationet.net.
;; Received 82 bytes from 195.66.240.130#53(ns1.nic.uk) in 65 ms
nationwide.co.uk. 7200 IN A 155.131.31.10
nationwide.co.uk. 7200 IN NS ns0.nationet.net.
nationwide.co.uk. 7200 IN NS ns1.nationet.net.
;; Received 130 bytes from 155.131.1.200#53(ns0.nationet.net) in 63 ms
what you may have is wrong "chaos" file or "root.hint" needs update or something.
ok, now the problem become more weird
done the next steps
i ran tcp dump and saw that packets sent to the ns server
dig +trace nationwide.co.uk
; <<>> DiG 9.4-ESV-R2 <<>> +trace nationwide.co.uk
;; global options: printcmd
. 85752 IN NS h.root-servers.net.
. 85752 IN NS g.root-servers.net.
. 85752 IN NS c.root-servers.net.
. 85752 IN NS f.root-servers.net.
. 85752 IN NS a.root-servers.net.
. 85752 IN NS l.root-servers.net.
. 85752 IN NS d.root-servers.net.
. 85752 IN NS j.root-servers.net.
. 85752 IN NS m.root-servers.net.
. 85752 IN NS i.root-servers.net.
. 85752 IN NS b.root-servers.net.
. 85752 IN NS k.root-servers.net.
. 85752 IN NS e.root-servers.net.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
uk. 172800 IN NS ns1.nic.uk.
uk. 172800 IN NS ns2.nic.uk.
uk. 172800 IN NS ns3.nic.uk.
uk. 172800 IN NS ns4.nic.uk.
uk. 172800 IN NS ns5.nic.uk.
uk. 172800 IN NS ns6.nic.uk.
uk. 172800 IN NS ns7.nic.uk.
uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
;; Received 496 bytes from 198.41.0.4#53(a.root-servers.net) in 64 ms
nationwide.co.uk. 172800 IN NS ns1.nationet.net.
nationwide.co.uk. 172800 IN NS ns0.nationet.net.
;; Received 82 bytes from 156.154.103.3#53(nsd.nic.uk) in 58 ms
nationwide.co.uk. 7200 IN A 155.131.31.10
nationwide.co.uk. 7200 IN NS ns0.nationet.net.
nationwide.co.uk. 7200 IN NS ns1.nationet.net.
;; Received 130 bytes from 155.131.1.200#53(ns0.nationet.net) in 70 ms
dig +short rs.dns-oarc.net txt
<snip>
"****** DNS reply size limit is at least 490"
and this is from another network
dig +short rs.dns-oarc.net txt
<snip>
"****** DNS reply size limit is at least 3843"
The difference is that in the 1st test, the routers/switches/firewalls involved do not support edns or fragmented packets, while in the 2nd they do. You can disable edns completely and see if it helps.
Just after the options section in named.conf add:
Code:
server 0.0.0.0 {
edns no;
};
Another strange thing is that the authoritative nameservers do not support tcp queries (port 53/tcp is closed)
Quote:
DiG 9.9.1-P1 <<>> nationwide.co.uk @155.131.97.200 +tcp
;; global options: +cmd
;; connection timed out; no servers could be reached
; <<>> DiG 9.9.1-P1 <<>> nationwide.co.uk @155.131.1.200 +tcp
;; global options: +cmd
;; connection timed out; no servers could be reached
so you cannot fallback to tcp if udp fails due to the reasons above.
...
Another strange thing is that the authoritative nameservers do not support tcp queries (port 53/tcp is closed)
so you cannot fallback to tcp if udp fails due to the reasons above.
Right, DNS queries use UDP (very rarely I have seen TCP working) !
so you might have trouble routing UDP packets port 53 somewhere in your network if not on your server firewall.
Right, DNS queries use UDP (very rarely I have seen TCP working) !
so you might have trouble routing UDP packets port 53 somewhere in your network if not on your server firewall.
the admins of nationwide.co.uk properly closed the dns query in tcp so i don't think it's strange.
if it's a problem with routing the UDP packets in port 53 it's shouldn't work when i add the ip of the name servers to the hosts files...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
