LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-28-2012, 10:39 AM   #1
Eliransh
LQ Newbie
 
Registered: Jun 2012
Posts: 9

Rep: Reputation: Disabled
Dns cache server not resolving domain


Hi,
At the last month i encountered with a strange error to resolve a single domain.

i tried any option that came on my mind with no luck, i will be happy to get some new idea\advice.

Code:
dig +trace nationwide.co.uk

; <<>> DiG 9.4-ESV-R2 <<>> +trace nationwide.co.uk
;; global options:  printcmd
.                       259734  IN      NS      m.root-servers.net.
.                       259734  IN      NS      e.root-servers.net.
.                       259734  IN      NS      b.root-servers.net.
.                       259734  IN      NS      h.root-servers.net.
.                       259734  IN      NS      i.root-servers.net.
.                       259734  IN      NS      l.root-servers.net.
.                       259734  IN      NS      j.root-servers.net.
.                       259734  IN      NS      g.root-servers.net.
.                       259734  IN      NS      c.root-servers.net.
.                       259734  IN      NS      f.root-servers.net.
.                       259734  IN      NS      d.root-servers.net.
.                       259734  IN      NS      k.root-servers.net.
.                       259734  IN      NS      a.root-servers.net.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

uk.                     172800  IN      NS      ns3.nic.uk.
uk.                     172800  IN      NS      ns6.nic.uk.
uk.                     172800  IN      NS      ns2.nic.uk.
uk.                     172800  IN      NS      ns5.nic.uk.
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      ns4.nic.uk.
uk.                     172800  IN      NS      ns1.nic.uk.
uk.                     172800  IN      NS      ns7.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
;; Received 496 bytes from 192.33.4.12#53(c.root-servers.net) in 68 ms

nationwide.co.uk.       172800  IN      NS      ns1.nationet.net.
nationwide.co.uk.       172800  IN      NS      ns0.nationet.net.
;; Received 82 bytes from 217.79.164.131#53(ns2.nic.uk) in 58 ms

dig: isc_socket_create: address family not supported
Code:
dig +notcp +trace -4 nationwide.co.uk

; <<>> DiG 9.4-ESV-R2 <<>> +notcp +trace -4 nationwide.co.uk
;; global options:  printcmd
.                       67603   IN      NS      k.root-servers.net.
.                       67603   IN      NS      e.root-servers.net.
.                       67603   IN      NS      j.root-servers.net.
.                       67603   IN      NS      i.root-servers.net.
.                       67603   IN      NS      a.root-servers.net.
.                       67603   IN      NS      f.root-servers.net.
.                       67603   IN      NS      l.root-servers.net.
.                       67603   IN      NS      h.root-servers.net.
.                       67603   IN      NS      m.root-servers.net.
.                       67603   IN      NS      b.root-servers.net.
.                       67603   IN      NS      g.root-servers.net.
.                       67603   IN      NS      c.root-servers.net.
.                       67603   IN      NS      d.root-servers.net.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

uk.                     172800  IN      NS      ns4.nic.uk.
uk.                     172800  IN      NS      ns6.nic.uk.
uk.                     172800  IN      NS      ns3.nic.uk.
uk.                     172800  IN      NS      ns7.nic.uk.
uk.                     172800  IN      NS      ns2.nic.uk.
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
uk.                     172800  IN      NS      ns5.nic.uk.
uk.                     172800  IN      NS      ns1.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
;; Received 496 bytes from 192.33.4.12#53(c.root-servers.net) in 69 ms

nationwide.co.uk.       172800  IN      NS      ns1.nationet.net.
nationwide.co.uk.       172800  IN      NS      ns0.nationet.net.
;; Received 82 bytes from 195.66.240.130#53(ns1.nic.uk) in 69 ms

;; connection timed out; no servers could be reached
Bus error
when adding static host to /etc/hosts only with flag +trace i was able to resolve the domain.

no errors on the named log.

system os is CentOS release 5.5 (Final)
and bind version is Version: 9.4-ESV-R2.
 
Old 06-28-2012, 12:21 PM   #2
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Hi,

I don't really know what is wrong, but I don't like these kind of errors
Code:
;; connection timed out; no servers could be reached
Bus error
As one of my servers is also CentOS 5.4 (Final), I don't know how you got the Bind version 9.4-ESV...
but my "yum info bind" shows only
Code:
Version    : 9.3.6
Release    : 20.P1.el5
Maybe it is better to try to update it from your version 9.4... to any newer or to the "base" version on CentOS Base repo.

Last edited by lithos; 06-28-2012 at 12:23 PM.
 
Old 06-28-2012, 12:46 PM   #3
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,937

Rep: Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330
Quote:
dig +trace nationwide.co.uk
<snip>
dig: isc_socket_create: address family not supported

dig +notcp +trace -4 nationwide.co.uk
<snip>
;; connection timed out; no servers could be reached
Bus error
Try to adjust the edns/udp packets to the minimum size and see if it helps
Code:
edns-udp-size 512;
max-udp-size 512;
Otherwise, I guess you need to upgrade to a more recent bind/bind-utils version version.
This is what I get using bind-9.9.1-P1 (with no special dig options)
Code:
; <<>> DiG 9.9.1-P1 <<>> +trace nationwide.co.uk
;; global options: +cmd
.                       518391  IN      NS      m.root-servers.net.
.                       518391  IN      NS      b.root-servers.net.
.                       518391  IN      NS      i.root-servers.net.
.                       518391  IN      NS      a.root-servers.net.
.                       518391  IN      NS      c.root-servers.net.
.                       518391  IN      NS      d.root-servers.net.
.                       518391  IN      NS      g.root-servers.net.
.                       518391  IN      NS      h.root-servers.net.
.                       518391  IN      NS      j.root-servers.net.
.                       518391  IN      NS      k.root-servers.net.
.                       518391  IN      NS      e.root-servers.net.
.                       518391  IN      NS      f.root-servers.net.
.                       518391  IN      NS      l.root-servers.net.
.                       518393  IN      RRSIG   NS 8 0 518400 20120705000000 20120627230000 56158 . tS8hgd04zIZEjqtSL+XABLWcNTvZicStSyiNz13MvWNlnG1j8VyThqzD c+XDVY/Kq0HbtT3dXmZNkWZ1LuF49mP2vKNHsS+5Ct1itSqQtF3yfMxi f/+NCPbYFh+5YksmjpS30nYYbsgY1qupwK+ISO08uvBsEoE9xY2r2IcR P0Q=
;; Received 857 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms

uk.                     172800  IN      NS      ns4.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      ns2.nic.uk.
uk.                     172800  IN      NS      ns6.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
uk.                     172800  IN      NS      ns7.nic.uk.
uk.                     172800  IN      NS      ns1.nic.uk.
uk.                     172800  IN      NS      ns5.nic.uk.
uk.                     172800  IN      NS      ns3.nic.uk.
uk.                     86400   IN      DS      15191 8 2 A057C8553B1DC6CF158A87CD2D0BAA2CDC9C6A14FA03DE02B19AB0DA 62AF279E
uk.                     86400   IN      RRSIG   DS 8 1 86400 20120705000000 20120627230000 56158 . iMgJG95iepy+2uow8rhYJV76rVQQ+1QiI5HR9Z76WnJacbia5yHLhdiL LJca5dI0ccUnFIuMya4XOdcAs8d/ZWHounwAuS7HPz/XdVUHiezsuA+P QCxIctAxIUermYAaKaonxrIn1fdbGkmDTAYKQeUFCw/Dmp2RPWijkHQM FKY=
;; Received 714 bytes from 192.112.36.4#53(192.112.36.4) in 188 ms

nationwide.co.uk.       172800  IN      NS      ns1.nationet.net.
nationwide.co.uk.       172800  IN      NS      ns0.nationet.net.
G9F1KIIHM8M9VHJK7LRVETBQCEOGJIQP.co.uk. 10800 IN NSEC3 1 1 0 - G9RG9EFRT0T6A6NUS5DCFATL1C7GHL6D NS SOA RRSIG DNSKEY NSEC3PARAM TYPE65534
G9F1KIIHM8M9VHJK7LRVETBQCEOGJIQP.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20120731055359 20120626050105 33621 co.uk. ugWslu2iCK6AWy0qwmBG9L9JHLwz2Z2XzFif6n9j4S7Eu/7YbFiDeFyd U+Nli76eUyzXrCsb9/Nlk3+IQNngiSpH6PI2MhIv6kOHiWdaVCBnmzhC K4oh5OWRoRh3mhvkQO+FpcazVKZVWjhaAsiexTbIEg8TQoTOmWGrY78a zuA=
N0NTI2VD8HUC041CH0D36E5KIUQ3I5G5.co.uk. 10800 IN NSEC3 1 1 0 - N767KHOC9R3D42J8FV7QOTOIH7JTF1AL NS DS RRSIG
N0NTI2VD8HUC041CH0D36E5KIUQ3I5G5.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20120731013642 20120626013104 33621 co.uk. hhbQiks9IzlkwQvnbFaDjPK9Yi+zOEtBdCd76DJbHjcTCGSLhuxbgEk5 lIq1s8QaJqwfcN/6Tt8oEgdS7wpXt88RHk8oXiIhbtyE9IgV+8uOOpmT FKJZMgI84sgj4u/YYgLYWPNvv9RB6mO8kPtTBQ7fzlvKihBPVe6KL0GB x44=
;; Received 616 bytes from 213.248.254.130#53(213.248.254.130) in 98 ms

nationwide.co.uk.       7200    IN      A       155.131.31.10
nationwide.co.uk.       7200    IN      NS      ns1.nationet.net.
nationwide.co.uk.       7200    IN      NS      ns0.nationet.net.
;; Received 141 bytes from 155.131.1.200#53(155.131.1.200) in 92 ms
 
Old 07-02-2012, 02:41 AM   #4
Eliransh
LQ Newbie
 
Registered: Jun 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by bathory View Post
Try to adjust the edns/udp packets to the minimum size and see if it helps
Code:
edns-udp-size 512;
max-udp-size 512;

Otherwise, I guess you need to upgrade to a more recent bind/bind-utils version version.
This is what I get using bind-9.9.1-P1 (with no special dig options)
Code:
; <<>> DiG 9.9.1-P1 <<>> +trace nationwide.co.uk
;; global options: +cmd
.                       518391  IN      NS      m.root-servers.net.
.                       518391  IN      NS      b.root-servers.net.
.                       518391  IN      NS      i.root-servers.net.
.                       518391  IN      NS      a.root-servers.net.
.                       518391  IN      NS      c.root-servers.net.
.                       518391  IN      NS      d.root-servers.net.
.                       518391  IN      NS      g.root-servers.net.
.                       518391  IN      NS      h.root-servers.net.
.                       518391  IN      NS      j.root-servers.net.
.                       518391  IN      NS      k.root-servers.net.
.                       518391  IN      NS      e.root-servers.net.
.                       518391  IN      NS      f.root-servers.net.
.                       518391  IN      NS      l.root-servers.net.
.                       518393  IN      RRSIG   NS 8 0 518400 20120705000000 20120627230000 56158 . tS8hgd04zIZEjqtSL+XABLWcNTvZicStSyiNz13MvWNlnG1j8VyThqzD c+XDVY/Kq0HbtT3dXmZNkWZ1LuF49mP2vKNHsS+5Ct1itSqQtF3yfMxi f/+NCPbYFh+5YksmjpS30nYYbsgY1qupwK+ISO08uvBsEoE9xY2r2IcR P0Q=
;; Received 857 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms

uk.                     172800  IN      NS      ns4.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      ns2.nic.uk.
uk.                     172800  IN      NS      ns6.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
uk.                     172800  IN      NS      ns7.nic.uk.
uk.                     172800  IN      NS      ns1.nic.uk.
uk.                     172800  IN      NS      ns5.nic.uk.
uk.                     172800  IN      NS      ns3.nic.uk.
uk.                     86400   IN      DS      15191 8 2 A057C8553B1DC6CF158A87CD2D0BAA2CDC9C6A14FA03DE02B19AB0DA 62AF279E
uk.                     86400   IN      RRSIG   DS 8 1 86400 20120705000000 20120627230000 56158 . iMgJG95iepy+2uow8rhYJV76rVQQ+1QiI5HR9Z76WnJacbia5yHLhdiL LJca5dI0ccUnFIuMya4XOdcAs8d/ZWHounwAuS7HPz/XdVUHiezsuA+P QCxIctAxIUermYAaKaonxrIn1fdbGkmDTAYKQeUFCw/Dmp2RPWijkHQM FKY=
;; Received 714 bytes from 192.112.36.4#53(192.112.36.4) in 188 ms

nationwide.co.uk.       172800  IN      NS      ns1.nationet.net.
nationwide.co.uk.       172800  IN      NS      ns0.nationet.net.
G9F1KIIHM8M9VHJK7LRVETBQCEOGJIQP.co.uk. 10800 IN NSEC3 1 1 0 - G9RG9EFRT0T6A6NUS5DCFATL1C7GHL6D NS SOA RRSIG DNSKEY NSEC3PARAM TYPE65534
G9F1KIIHM8M9VHJK7LRVETBQCEOGJIQP.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20120731055359 20120626050105 33621 co.uk. ugWslu2iCK6AWy0qwmBG9L9JHLwz2Z2XzFif6n9j4S7Eu/7YbFiDeFyd U+Nli76eUyzXrCsb9/Nlk3+IQNngiSpH6PI2MhIv6kOHiWdaVCBnmzhC K4oh5OWRoRh3mhvkQO+FpcazVKZVWjhaAsiexTbIEg8TQoTOmWGrY78a zuA=
N0NTI2VD8HUC041CH0D36E5KIUQ3I5G5.co.uk. 10800 IN NSEC3 1 1 0 - N767KHOC9R3D42J8FV7QOTOIH7JTF1AL NS DS RRSIG
N0NTI2VD8HUC041CH0D36E5KIUQ3I5G5.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20120731013642 20120626013104 33621 co.uk. hhbQiks9IzlkwQvnbFaDjPK9Yi+zOEtBdCd76DJbHjcTCGSLhuxbgEk5 lIq1s8QaJqwfcN/6Tt8oEgdS7wpXt88RHk8oXiIhbtyE9IgV+8uOOpmT FKJZMgI84sgj4u/YYgLYWPNvv9RB6mO8kPtTBQ7fzlvKihBPVe6KL0GB x44=
;; Received 616 bytes from 213.248.254.130#53(213.248.254.130) in 98 ms

nationwide.co.uk.       7200    IN      A       155.131.31.10
nationwide.co.uk.       7200    IN      NS      ns1.nationet.net.
nationwide.co.uk.       7200    IN      NS      ns0.nationet.net.
;; Received 141 bytes from 155.131.1.200#53(155.131.1.200) in 92 ms
already tried to change the max size of udp, didn't helped...

on a different box i installed the last version of bind from source code, and i still got the same problem.

that problem drives my crazy, i can't figure what is the cause that this specific domain can't be resolved
 
Old 07-02-2012, 03:39 AM   #5
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Quote:
Originally Posted by Eliransh View Post
...

on a different box i installed the last version of bind from source code, and i still got the same problem.
Why would you install from source if you have "yum" package manager to install it properly ?!

Code:
# yum info bind  bind-chroot  
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
 * base: ftp.example.com
Installed Packages
Name       : bind
Arch       : i386
Epoch      : 30
Version    : 9.3.6
Release    : 16.P1.el5
Size       : 2.1 M
Repo       : installed
Summary    : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server.
URL        : http://www.isc.org/products/BIND/
License    : BSD-like
Description: BIND (Berkeley Internet Name Domain) is an implementation of the DNS
           : (Domain Name System) protocols. BIND includes a DNS server (named),
           : which resolves host names to IP addresses; a resolver library
           : (routines for applications to use when interfacing with DNS); and
           : tools for verifying that the DNS server is operating properly.

Name       : bind-chroot
Arch       : i386
Epoch      : 30
Version    : 9.3.6
Release    : 16.P1.el5
Size       : 0.0 
Repo       : installed
Summary    : A chroot runtime environment for the ISC BIND DNS server, named(8)
URL        : http://www.isc.org/products/BIND/
License    : BSD-like
Description: This package contains a tree of files which can be used as a
           : chroot(2) jail for the named(8) program from the BIND package.
           : Based off code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>

Available Packages
Name       : bind
Arch       : i386
Epoch      : 30
Version    : 9.3.6
Release    : 20.P1.el5
Size       : 981 k
Repo       : base
Summary    : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server.
URL        : http://www.isc.org/products/BIND/
License    : BSD-like
Description: BIND (Berkeley Internet Name Domain) is an implementation of the DNS
           : (Domain Name System) protocols. BIND includes a DNS server (named),
           : which resolves host names to IP addresses; a resolver library
           : (routines for applications to use when interfacing with DNS); and
           : tools for verifying that the DNS server is operating properly.

Name       : bind-chroot
Arch       : i386
Epoch      : 30
Version    : 9.3.6
Release    : 20.P1.el5
Size       : 47 k
Repo       : base
Summary    : A chroot runtime environment for the ISC BIND DNS server, named(8)
URL        : http://www.isc.org/products/BIND/
License    : BSD-like
Description: This package contains a tree of files which can be used as a
           : chroot(2) jail for the named(8) program from the BIND package.
           : Based off code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
so it states that a minor version update is available, then you do:
Code:
# yum check-update bind bind-chroot

and then update

# yum update bind bind-chroot

Last edited by lithos; 07-02-2012 at 03:44 AM.
 
Old 07-02-2012, 03:50 AM   #6
Eliransh
LQ Newbie
 
Registered: Jun 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by lithos View Post
Why would you install from source if you have "yum" package manager to install it properly ?!
i tried that also lol.
bind 9.3.6
bind 9.7.0-P2 with yum.

both of them didn't worked also...
 
Old 07-02-2012, 06:39 AM   #7
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,937

Rep: Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330
Quote:
already tried to change the max size of udp, didn't helped...
Do the test provided here and see what you get.
 
Old 07-02-2012, 06:57 AM   #8
Eliransh
LQ Newbie
 
Registered: Jun 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by bathory View Post
Do the test provided here and see what you get.
well this is from 1 network

dig +short rs.dns-oarc.net txt
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"******* sent EDNS buffer size 512"
"Tested at 2012-07-02 11:52:30 UTC"
"****** DNS reply size limit is at least 490"


and this is from another network
dig +short rs.dns-oarc.net txt
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"Tested at 2012-07-02 11:57:04 UTC"
"******* sent EDNS buffer size 4096"
"****** DNS reply size limit is at least 3843"

the difference between them is the version and build of bind

Last edited by Eliransh; 07-02-2012 at 07:29 AM.
 
Old 07-02-2012, 07:08 AM   #9
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Apparently you have a "local" server behind some router/gateway on 1st network, where your IP is 192.117.....
where you have "small" buffer size : "192.117... sent EDNS buffer size 512",
as the second one has 4096 !
What causes then not to resolve "nationwide.co.uk" I don't know, sorry.

On the site OARC test it has an option to try:
Quote:
Truncated, retrying in TCP mode

Some resolvers (e.g. BIND-9.6) send the bloated authority section back to dig. Since dig doesn't set an EDNS receive buffer size by default, the reply may be truncated. You can avoid this problem by telling dig to advertise a large receive buffer. For example:

Code:
$ dig +bufsize=1024 rs.dns-oarc.net txt
which would be good if you do with "nationwide...".


I get proper response from dig:
Code:
dig +notcp +trace -4 nationwide.co.uk

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> +notcp +trace -4 nationwide.co.uk
;; global options:  printcmd
.                       66378   IN      NS      h.root-servers.net.
.                       66378   IN      NS      i.root-servers.net.
.                       66378   IN      NS      j.root-servers.net.
.                       66378   IN      NS      k.root-servers.net.
.                       66378   IN      NS      l.root-servers.net.
.                       66378   IN      NS      m.root-servers.net.
.                       66378   IN      NS      a.root-servers.net.
.                       66378   IN      NS      b.root-servers.net.
.                       66378   IN      NS      c.root-servers.net.
.                       66378   IN      NS      d.root-servers.net.
.                       66378   IN      NS      e.root-servers.net.
.                       66378   IN      NS      f.root-servers.net.
.                       66378   IN      NS      g.root-servers.net.
;; Received 448 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms

uk.                     172800  IN      NS      ns1.nic.uk.
uk.                     172800  IN      NS      ns2.nic.uk.
uk.                     172800  IN      NS      ns3.nic.uk.
uk.                     172800  IN      NS      ns4.nic.uk.
uk.                     172800  IN      NS      ns5.nic.uk.
uk.                     172800  IN      NS      ns6.nic.uk.
uk.                     172800  IN      NS      ns7.nic.uk.
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
;; Received 498 bytes from 128.63.2.53#53(h.root-servers.net) in 139 ms

nationwide.co.uk.       172800  IN      NS      ns0.nationet.net.
nationwide.co.uk.       172800  IN      NS      ns1.nationet.net.
;; Received 82 bytes from 195.66.240.130#53(ns1.nic.uk) in 65 ms

nationwide.co.uk.       7200    IN      A       155.131.31.10
nationwide.co.uk.       7200    IN      NS      ns0.nationet.net.
nationwide.co.uk.       7200    IN      NS      ns1.nationet.net.
;; Received 130 bytes from 155.131.1.200#53(ns0.nationet.net) in 63 ms
what you may have is wrong "chaos" file or "root.hint" needs update or something.

Last edited by lithos; 07-02-2012 at 07:14 AM.
 
Old 07-02-2012, 07:26 AM   #10
Eliransh
LQ Newbie
 
Registered: Jun 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by lithos View Post
Apparently you have a "local" server behind some router/gateway on 1st network, where your IP is 192.117.....
where you have "small" buffer size : "192.117... sent EDNS buffer size 512",
as the second one has 4096 !
What causes then not to resolve "nationwide.co.uk" I don't know, sorry.

On the site OARC test it has an option to try:

which would be good if you do with "nationwide...".


I get proper response from dig:
Code:
dig +notcp +trace -4 nationwide.co.uk

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> +notcp +trace -4 nationwide.co.uk
;; global options:  printcmd
.                       66378   IN      NS      h.root-servers.net.
.                       66378   IN      NS      i.root-servers.net.
.                       66378   IN      NS      j.root-servers.net.
.                       66378   IN      NS      k.root-servers.net.
.                       66378   IN      NS      l.root-servers.net.
.                       66378   IN      NS      m.root-servers.net.
.                       66378   IN      NS      a.root-servers.net.
.                       66378   IN      NS      b.root-servers.net.
.                       66378   IN      NS      c.root-servers.net.
.                       66378   IN      NS      d.root-servers.net.
.                       66378   IN      NS      e.root-servers.net.
.                       66378   IN      NS      f.root-servers.net.
.                       66378   IN      NS      g.root-servers.net.
;; Received 448 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms

uk.                     172800  IN      NS      ns1.nic.uk.
uk.                     172800  IN      NS      ns2.nic.uk.
uk.                     172800  IN      NS      ns3.nic.uk.
uk.                     172800  IN      NS      ns4.nic.uk.
uk.                     172800  IN      NS      ns5.nic.uk.
uk.                     172800  IN      NS      ns6.nic.uk.
uk.                     172800  IN      NS      ns7.nic.uk.
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
;; Received 498 bytes from 128.63.2.53#53(h.root-servers.net) in 139 ms

nationwide.co.uk.       172800  IN      NS      ns0.nationet.net.
nationwide.co.uk.       172800  IN      NS      ns1.nationet.net.
;; Received 82 bytes from 195.66.240.130#53(ns1.nic.uk) in 65 ms

nationwide.co.uk.       7200    IN      A       155.131.31.10
nationwide.co.uk.       7200    IN      NS      ns0.nationet.net.
nationwide.co.uk.       7200    IN      NS      ns1.nationet.net.
;; Received 130 bytes from 155.131.1.200#53(ns0.nationet.net) in 63 ms
what you may have is wrong "chaos" file or "root.hint" needs update or something.
ok, now the problem become more weird
done the next steps

i ran tcp dump and saw that packets sent to the ns server
Code:
15:20:58.336478 IP (tos 0x0, ttl  64, id 47372, offset 0, flags [none], proto: UDP (17), length: 73) ***********.18811 > 155.131.97.200.53: [bad udp cksum 4a75!]  46520% [1au] A? ns1.nationet.net. ar: . OPT UDPsize=512 (45)

15:21:08.337758 IP (tos 0x0, ttl  64, id 55951, offset 0, flags [none], proto: UDP (17), length: 73) ********.53259 > 155.131.1.200.53: [bad udp cksum 43dc!]  34863% [1au] A? ns1.nationet.net. ar: . OPT UDPsize=512 (45)
no respond from nationet.net name servers

add to /etc/hosts
Code:
155.131.1.200 ns0.nationet.net
155.131.97.200 ns1.nationet.net
and then dig +trace works perfect
Code:
dig +trace nationwide.co.uk

; <<>> DiG 9.4-ESV-R2 <<>> +trace nationwide.co.uk
;; global options:  printcmd
.                       85752   IN      NS      h.root-servers.net.
.                       85752   IN      NS      g.root-servers.net.
.                       85752   IN      NS      c.root-servers.net.
.                       85752   IN      NS      f.root-servers.net.
.                       85752   IN      NS      a.root-servers.net.
.                       85752   IN      NS      l.root-servers.net.
.                       85752   IN      NS      d.root-servers.net.
.                       85752   IN      NS      j.root-servers.net.
.                       85752   IN      NS      m.root-servers.net.
.                       85752   IN      NS      i.root-servers.net.
.                       85752   IN      NS      b.root-servers.net.
.                       85752   IN      NS      k.root-servers.net.
.                       85752   IN      NS      e.root-servers.net.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

uk.                     172800  IN      NS      ns1.nic.uk.
uk.                     172800  IN      NS      ns2.nic.uk.
uk.                     172800  IN      NS      ns3.nic.uk.
uk.                     172800  IN      NS      ns4.nic.uk.
uk.                     172800  IN      NS      ns5.nic.uk.
uk.                     172800  IN      NS      ns6.nic.uk.
uk.                     172800  IN      NS      ns7.nic.uk.
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
;; Received 496 bytes from 198.41.0.4#53(a.root-servers.net) in 64 ms

nationwide.co.uk.       172800  IN      NS      ns1.nationet.net.
nationwide.co.uk.       172800  IN      NS      ns0.nationet.net.
;; Received 82 bytes from 156.154.103.3#53(nsd.nic.uk) in 58 ms

nationwide.co.uk.       7200    IN      A       155.131.31.10
nationwide.co.uk.       7200    IN      NS      ns0.nationet.net.
nationwide.co.uk.       7200    IN      NS      ns1.nationet.net.
;; Received 130 bytes from 155.131.1.200#53(ns0.nationet.net) in 70 ms
Code:
15:23:32.263118 IP (tos 0x0, ttl  64, id 47375, offset 0, flags [none], proto: UDP (17), length: 62) ******.57356 > 155.131.97.200.53: [bad udp cksum d38c!]  23805 A? nationwide.co.uk. (34)
15:23:33.264720 IP (tos 0x0, ttl  64, id 55952, offset 0, flags [none], proto: UDP (17), length: 62) **********.26156 > 155.131.1.200.53: [bad udp cksum b4c6!]  23805 A? nationwide.co.uk. (34)
15:23:38.266738 IP (tos 0x0, ttl  64, id 47376, offset 0, flags [none], proto: UDP (17), length: 62) ********.57356 > 155.131.97.200.53: [bad udp cksum d38c!]  23805 A? nationwide.co.uk. (34)
15:23:38.336635 IP (tos 0xb8, ttl 245, id 59348, offset 0, flags [DF], proto: UDP (17), length: 158) 155.131.97.200.53 > *******.57356: [udp sum ok]  23805*- q: A? nationwide.co.uk. 1/2/2 nationwide.co.uk. A 155.131.31.10 ns: nationwide.co.uk. NS ns0.nationet.net., nationwide.co.uk. NS ns1.nationet.net. ar: ns0.nationet.net. A 155.131.1.200, ns1.nationet.net. A 155.131.97.200 (130)
but without +trace it won't work
Code:
dig nationwide.co.uk

; <<>> DiG 9.4-ESV-R2 <<>> nationwide.co.uk
;; global options:  printcmd
;; connection timed out; no servers could be reached
Code:
15:24:51.121478 IP (tos 0x0, ttl  64, id 55953, offset 0, flags [none], proto: UDP (17), length: 73) ***********.14735 > 155.131.1.200.53: [bad udp cksum 1247!]  57224% [1au] A? nationwide.co.uk. ar: . OPT UDPsize=512 (45)
15:25:01.123274 IP (tos 0x0, ttl  64, id 47378, offset 0, flags [none], proto: UDP (17), length: 73) *********.63277 > 155.131.97.200.53: [bad udp cksum 68ba!]  61074% [1au] A? nationwide.co.uk. ar: . OPT UDPsize=512 (45)
 
Old 07-02-2012, 09:28 AM   #11
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,937

Rep: Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330
Quote:
well this is from 1 network

dig +short rs.dns-oarc.net txt
<snip>
"****** DNS reply size limit is at least 490"


and this is from another network
dig +short rs.dns-oarc.net txt
<snip>
"****** DNS reply size limit is at least 3843"
The difference is that in the 1st test, the routers/switches/firewalls involved do not support edns or fragmented packets, while in the 2nd they do. You can disable edns completely and see if it helps.
Just after the options section in named.conf add:
Code:
server 0.0.0.0 {
edns no;
};
Another strange thing is that the authoritative nameservers do not support tcp queries (port 53/tcp is closed)
Quote:
DiG 9.9.1-P1 <<>> nationwide.co.uk @155.131.97.200 +tcp
;; global options: +cmd
;; connection timed out; no servers could be reached

; <<>> DiG 9.9.1-P1 <<>> nationwide.co.uk @155.131.1.200 +tcp
;; global options: +cmd
;; connection timed out; no servers could be reached
so you cannot fallback to tcp if udp fails due to the reasons above.
 
Old 07-02-2012, 11:27 AM   #12
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Quote:
Originally Posted by bathory View Post
...
Another strange thing is that the authoritative nameservers do not support tcp queries (port 53/tcp is closed)

so you cannot fallback to tcp if udp fails due to the reasons above.
Right, DNS queries use UDP (very rarely I have seen TCP working) !
so you might have trouble routing UDP packets port 53 somewhere in your network if not on your server firewall.
 
Old 07-03-2012, 04:20 AM   #13
Eliransh
LQ Newbie
 
Registered: Jun 2012
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by lithos View Post
Right, DNS queries use UDP (very rarely I have seen TCP working) !
so you might have trouble routing UDP packets port 53 somewhere in your network if not on your server firewall.
the admins of nationwide.co.uk properly closed the dns query in tcp so i don't think it's strange.

if it's a problem with routing the UDP packets in port 53 it's shouldn't work when i add the ip of the name servers to the hosts files...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Managed DNS server lists and dnsmasq DNS cache nitrousoxide82 Linux - Networking 1 02-21-2014 10:34 PM
How can configure dns cache name server with slave domain?? Gran_Maestre Linux - Server 1 07-06-2010 06:18 AM
Named DNS Server Not Resolving Domain Short Names jviera Linux - Server 2 06-01-2009 04:33 PM
ftp.tma.com name not resolving on second dns server.? cwc Fedora 0 03-22-2008 09:54 AM
Caching DNS server error (lame server resolving) Iggyboo Linux - Networking 1 02-24-2005 03:43 AM


All times are GMT -5. The time now is 09:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration