DNS Troubleshooting ?
 

hello..
Can anyone here tell me about "How to test/troubleshoot DNS "..i have configured DNS on mandrake 10.1 seems working (Not sure )..so pls tell me how to check it ..what i have done so far is ..
to check it ..I edited the /etc/resolve.conf and disabled my ISP's DNS and placed The ip of my DNS server (192.168.2.2 ) in one of my lan pc (windowx xp pro) and and xp box is able to resolve. what i mam geting by command dig yahoo.com right now is as ..( Right now only my DSL modem is having ISP' dsn in it )
lan connection :


[admin@server1 admin]$ dig yahoo.com

; <<>> DiG 9.3.0 <<>> yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36234
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 2

;; QUESTION SECTION:
;yahoo.com. IN A

;; ANSWER SECTION:
yahoo.com. 300 IN A 66.94.234.13
yahoo.com. 300 IN A 216.109.112.135

;; AUTHORITY SECTION:
yahoo.com. 172154 IN NS ns1.yahoo.com.
yahoo.com. 172154 IN NS ns2.yahoo.com.
yahoo.com. 172154 IN NS ns3.yahoo.com.
yahoo.com. 172154 IN NS ns4.yahoo.com.
yahoo.com. 172154 IN NS ns5.yahoo.com.
yahoo.com. 172154 IN NS ns6.yahoo.com.
yahoo.com. 172154 IN NS ns8.yahoo.com.

;; ADDITIONAL SECTION:
ns6.yahoo.com. 172154 IN A 202.43.223.170
ns8.yahoo.com. 172154 IN A 202.165.104.22

;; Query time: 867 msec
;; SERVER: 192.168.2.2#53(192.168.2.2)
;; WHEN: Sat Aug 11 13:29:08 2007
;; MSG SIZE rcvd: 217

ok.. what i am concern about is the Query time taken .here you can see it is taking 867 msec for the first run and after that i get 4 msec..which fine..but using the ISP i was getting 56-57 msec ..

Now..
1. what are the advamtages with OWN DNS ?
2. I am having domain (say mydomain.linuxhome.org )with DynDns and want to run a webserver how this DNS could be useful ?
( Right now i am able to see my index.shtm by putting www.mydomain.linuxhome.com from my localhost/lan PC)

pls advice
Thanks

You are correct in using dig to troubleshoot DNS, but I don't think you have a very clear picture of DNS in the large scale. The reason I think that is because:

1) You can't control the address of mydomain.homelinux.com on anything except your LAN.
2) Your DSL modem's choice of DNS has nothing to do with your DNS servers DNS.
3) The query times are heavily effected by if they are cached or not.

I can't explain why your initial lookup of yahoo would take 867 ms. That is obscenely slow, and I would expect better time even off a phone modem. When you initially lookup a domain that your DNS server doesn't have in its cache, it needs to go all the way down the chain to the root servers, who point to the top level domain servers, who point you to the nameservers responsible for that domain. Though it should be very fast in human terms, it still takes time, so seeing an initial query take 100 ms is not at all alarming. Once the query is made, the DNS server that gives it the answer basically says, "this answer is good for the next X seconds." In your example, yahoo had given A records for 300 seconds. That tells your server not to ask them again for 300 seconds. Part of the reason your ISP servers seem so fast is because they probably hold all the answers you're asking for in their cache, that is somebody has already asked, and the answer they received is still valid. Most of the "big" sites keep their expiration short, so if google, yahoo, or cnn is having problems with a load balanced web server, they can just pull its record out of the DNS and repair it. Though yahoo, google and cnn all give a 300 second answer, other sites (like whitehouse.gov) give a 7200 second answer, which is good for 2 hours. Our beloved linuxquestions.org gives an answer that stays valid for 14400 seconds, which is 4 hours long. So if I wake up early in the morning and go to linuxquestions.org at 5 AM, everybody else that my ISP services will get an answer in the single ms range until 9 AM, when the ISP dns will again traverse the entire tree to get the answer from the authoritative DNS for linuxquestions.org again. Then there is another 4 hour window of single ms response times. Realistically, probably 90% + of your traffic is to "common" websites, that are already in the cache. It is only if you're looking at your cousin/friends/coworkers home web page that your ISP would actually have to go to the roots and find that site.

In answer to your questions:

1) There really isn't any in your current situation. You are far better relying on "solid" servers managed by your ISP than you are trying to run your own public DNS from home. The only reason to run your own public DNS is so that you can provide answers to your LAN:
i) allowing you to keep people away from certain websites by providing false DNS for them
ii) if your ISP doesn't allow loopback connections, so you can connect to your webserver at is local IP rather than internet IP
iii) so you can provide a hostname map, allowing you to ping/view any other computer on your LAN by hostname.

You don't have a good solid server at home, and you don't have multiple routes to be available to the internet all of the time, so you basically gain nothing by running your own server at the present time, except the experience of doing so.

2) As long as your site is mysite.dyndns.org, there is absolutely no reason to create your own DNS server, because no host on the internet will ever ask it for your address. When you do a lookup of mysite.dyndns.org, your query would go down to the root, then the top level domain servers, then to the dyndns DNS servers. They would give the answer. You're probably using the dyndns service because you are on a dynamic address to begin with, and it is a VERY bad idea to try and provide DNS service from a dynamic address. They have your changing address logged, and provide the mapping to it. Trying to add another DNS server into the search will just lengthen the lookup process, and not help in anyway. If you had mysite.com instead of mysite.sombody_elses_site.com, then you could run your own, but again, unless you have access to at least 2 servers in different geographic locations with solid internet connections, I don't advise running your own DNS unless you meet one of the criteria (i ii or iii) above.

Peace,
JimBass

Thanks for your such a nice explanation about DNS.
I am having some doubts :

1. How is resolve is going on as i have disabled the nameserver's in my resolve.conf.
because it is working and the output shows 192.168.2.2 as server means this has been resolved by my dns is it right ?
i am not trying to control the address for my domain.i can understand this, as it is not registered.

2. As you said the query time depends on cached information.So in my case when i am using my DNS ie. 192.168.2.2 i am getting high query time which means there wasnt any info in cache right about that perticular query ? ok.. now when i
executed dig any_new_url command on other pc in my lan using 192.168.2.2 as DNS and then the same dig is executed in my mandrake box using my own DNS why it show high query time (it should be less because it has cached the info ) ?

postfix configuration help
 

i am trying configure Postfix on mandrake 10.1
my telnet to port 25 shows

250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH GSSAPI
250-AUTH=GSSAPI
250 8BITMIME

Now what is
250-AUTH GSSAPI
250-AUTH=GSSAPI

Is it ok ?

For your DNS questions,

1) /etc/resolv.conf only states which name servers the computer uses for its queries. When you are running BIND, anything (another computer, a handheld) that asks for DNS info on port 53 will have BIND reply. BIND replies without consulting /etc/resolv.conf at all. Also, you can control an unregistered domain on your LAN through BIND. If you want to claim to be yahoo.com on your LAN, you can do it, but then you'd have a real problem trying to connect to the "real world" yahoo.com.

2) Are you sure the first query went to your DNS? If your router is giving your ISP DNS servers to your LAN instead of yours, that would effect it. Here is the way a cache typically behaves. the first query is an uncommon domain queried by one of the servers on my work network, then the 2nd is on the DNS box that answered the first query:

So the initial query took 95 ms, and the answer is good for 3600 seconds (1 hour). The second query, from the nameserver that replied to the first, only took 2 ms, because the data was cached, but it says the answer is good for the next 3590, basically telling you that I asked this time 10 seconds after the initial query. So in short, one of your machines isn't asking your DNS server, or something is seriously misconfigured in named.conf that is causing it not to cache data.

In regards to your postfix question, you should have started a new thread. People reading this thread are looking for DNS help or to help you with DNS. I don't use postfix myself, so I can't be of any help.

Peace,
JimBass

Sorry, double posted.

Thanks for your NICE Tutorial.

No problem. I hope it helps out.

Peace,
JimBass