Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
01-02-2014, 06:58 AM
|
#1
|
Member
Registered: Oct 2013
Posts: 531
Rep:
|
Why nslookup fails for certain domain?
When i do this:
Code:
nslookup -type=ns zlatapraha.cz
;; Got SERVFAIL reply from 8.8.8.8, trying next server
;; Got SERVFAIL reply from 8.8.8.8, trying next server
Server: 8.8.4.4
Address: 8.8.4.4#53
** server can't find zlatapraha.cz: SERVFAIL
I get an error, but in whois output of this domain im getting nameservers. Why it failed?
Here is another domain .cz which dont fails...
Code:
nslookup -type=ns seznam.cz
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
seznam.cz nameserver = ms.seznam.cz.
seznam.cz nameserver = ns.seznam.cz.
Authoritative answers can be found from:
Im interested how to fix the failure with first domain, why it dont output nameservers?
--
another serv fail im getting with domain: vpscorner.co.uk for example
|
|
|
01-02-2014, 07:49 AM
|
#2
|
Senior Member
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
|
My bold guess is that the ns server for zlatapraha.cz does not have any RR's for the domain itself. Its like going to a certain street and address to only found the house not beeing there.
Have ns.gransy.com to have valid resource records for zlataphra.cz.
|
|
|
01-02-2014, 08:34 PM
|
#3
|
Moderator
Registered: Mar 2008
Posts: 22,228
|
Use more dns server ip's. Best to use one in your area or country specific.
Worse comes to worse, use a hosts entry but don't forget it is there.
|
|
|
01-03-2014, 04:24 AM
|
#4
|
Member
Registered: Oct 2013
Posts: 531
Original Poster
Rep:
|
Quote:
Originally Posted by zhjim
does not have any RR's for the domain itself
|
What are RRs?
Quote:
Originally Posted by zhjim
Have ... to have valid resource records for ....
|
Please what are these resource records, i dont understand
Quote:
Originally Posted by jefro
Worse comes to worse, use a hosts entry but don't forget it is there.
|
I dont understand what you mean there
|
|
|
01-03-2014, 05:10 AM
|
#5
|
Member
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 875
|
Quote:
Originally Posted by postcd
When i do this:
Code:
nslookup -type=ns zlatapraha.cz
|
nslookup is a waste of time
Code:
michael@indigo:~$ dig +trace zlatapraha.cz
; <<>> DiG 9.9.3-P2 <<>> +trace zlatapraha.cz
;; global options: +cmd
. 516935 IN NS f.root-servers.net.
. 516935 IN NS k.root-servers.net.
. 516935 IN NS l.root-servers.net.
. 516935 IN NS j.root-servers.net.
. 516935 IN NS c.root-servers.net.
. 516935 IN NS b.root-servers.net.
. 516935 IN NS m.root-servers.net.
. 516935 IN NS a.root-servers.net.
. 516935 IN NS i.root-servers.net.
. 516935 IN NS d.root-servers.net.
. 516935 IN NS h.root-servers.net.
. 516935 IN NS e.root-servers.net.
. 516935 IN NS g.root-servers.net.
. 517673 IN RRSIG NS 8 0 518400 20140110000000 20140102230000 33655 . <RRSIG SNIPPED>
;; Received 857 bytes from 127.0.0.1#53(127.0.0.1) in 4 ms
cz. 172800 IN NS a.ns.nic.cz.
cz. 172800 IN NS c.ns.nic.cz.
cz. 172800 IN NS d.ns.nic.cz.
cz. 172800 IN NS b.ns.nic.cz.
cz. 86400 IN DS 54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386 869C8F06
cz. 86400 IN RRSIG DS 8 1 86400 20140110000000 20140102230000 33655 . <RRSIG SNIPPED>
;; Received 496 bytes from 192.5.5.241#53(f.root-servers.net) in 166 ms
zlatapraha.cz. 18000 IN NS ns.gransy.com.
zlatapraha.cz. 18000 IN NS ns2.gransy.com.
zlatapraha.cz. 18000 IN NS ns3.gransy.com.
zlatapraha.cz. 18000 IN NS ns4.gransy.com.
zlatapraha.cz. 18000 IN NS ns5.gransy.com.
u097cni3ftnhse37q4ghrjcvskj7qu6c.cz. 900 IN NSEC3 1 0 10 34215ABE4C2AF1F5 U0995C52JEJFKIRT9FP0EIPPO3BQ5ECA NS
u097cni3ftnhse37q4ghrjcvskj7qu6c.cz. 900 IN RRSIG NSEC3 10 2 900 20140110164137 20131227220727 40877 cz. <RRSIG SNIPPED>
;; Received 385 bytes from 194.0.13.1#53(b.ns.nic.cz) in 364 ms
;; Received 42 bytes from 89.187.132.100#53(ns2.gransy.com) in 349 ms
From this we get the DNS servers that are shown by the DNS system to be authoritative for the domain, but no actual response other than 42 bytes.
Perhaps if we query those servers directly and see what that response is :-
Code:
michael@indigo:~$ dig @ns.gransy.com zlatapraha.cz
; <<>> DiG 9.9.3-P2 <<>> @ns.gransy.com zlatapraha.cz
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 9744
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zlatapraha.cz. IN A
;; Query time: 386 msec
;; SERVER: 77.78.104.149#53(77.78.104.149)
;; WHEN: Fri Jan 03 20:00:11 EST 2014
;; MSG SIZE rcvd: 42
So now we can see that the server that has been listed as authoritative doesn't actually think that it is and since it denies recursion the lookup fails at that point.
To fix this you need to either change the whois DNS data to the real servers or contact the gransy.com administrators and get them to add the domain to their servers.
|
|
|
01-03-2014, 05:25 AM
|
#6
|
LQ Newbie
Registered: Jul 2010
Posts: 29
Rep:
|
When you look at http://www.intodns.com/seznam.cz and http://www.intodns.com/zlatapraha.cz you will see the DNS zones for the authoritative name servers defined at registrar end are missing for the domain zlatapraha.cz. It has to be addressed with creating DNS zone records (A records for ns name servers) at their respective host.
|
|
1 members found this post helpful.
|
01-03-2014, 08:52 AM
|
#7
|
Senior Member
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
|
Quote:
Originally Posted by postcd
What are RRs?
Please what are these resource records, i dont understand
|
RR = resource records
http://en.wikipedia.org/wiki/Resourc...source_records
Quote:
Originally Posted by postcd
I dont understand what you mean there
|
You have a /etc/hosts file that works as a basic name resolution thingy. man hosts for the rescue
*edit*
Thanks for sharing intodns. Looking nice.
|
|
|
01-03-2014, 10:35 AM
|
#8
|
LQ Newbie
Registered: Dec 2013
Posts: 11
Rep:
|
I am suspecting its an issue with EDNS.
This DNS query fails all the time for this domain or if you try few times,does it work?
|
|
|
01-03-2014, 02:06 PM
|
#9
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
|
n/m.
Speed posting, again.
ie. what jeffmonte "said"
Last edited by Habitual; 01-03-2014 at 02:09 PM.
|
|
|
01-04-2014, 03:40 PM
|
#10
|
Moderator
Registered: Mar 2008
Posts: 22,228
|
A method to fix name to ip resolution was common a very long time ago. It is a file called hosts. In that hosts file you can add in local machines or use to fix bad sites or correct dns by adding a name to ip.
Hosts file is always looked up first in every OS that I know of. There is one exception and that is when a proxy.pac file is used in browser. That over rides hosts.
If a country specific dns is used, it sometimes has more correct data. Use that dns server as first in order.
nslookup isn't a bad command at all. It along with dig can be used.
Last edited by jefro; 01-04-2014 at 03:42 PM.
|
|
|
01-05-2014, 03:00 AM
|
#11
|
Member
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 875
|
Quote:
Originally Posted by jefro
Hosts file is always looked up first in every OS that I know of. There is one exception and that is when a proxy.pac file is used in browser. That over rides hosts.
|
proxy.pac is just a automated method of setting up proxy servers.
The problem with hosts and any proxy server is the proxy server has to do the DNS lookup as well as the client and if that proxy server is some other machine then you will get the results that that machine gets instead of what the client thinks.
FYI the problem the OP has should not to be fixed with a host file as the domain is real and needs to be fixed properly not with some "hack"
|
|
|
01-05-2014, 11:00 AM
|
#12
|
Moderator
Registered: Mar 2008
Posts: 22,228
|
Hosts files are not a hack at all. They are a common task for admins. Almost OS for the last 30 years has a hosts and uses it. It is not there for wasting disk space.
His choice of dns and their reply is the problem isn't it? Sometimes the simple fixes are the best. If only one or two sites caused me issues, I'd not waste time trying to correct dns records above me.
Just saying that if the OP uses proxy.pac then they need to create a custom proxy.pac file that has a direct to match up the correct name to ip. Similar edit to what one would do in hosts file. I've used proxy.pac files for decades.
|
|
|
01-06-2014, 03:30 AM
|
#13
|
Member
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 875
|
Quote:
Originally Posted by jefro
His choice of dns and their reply is the problem isn't it? Sometimes the simple fixes are the best. If only one or two sites caused me issues, I'd not waste time trying to correct dns records above me.
|
The OP asked for a fix not a hack.
|
|
|
01-06-2014, 09:55 AM
|
#14
|
Member
Registered: Oct 2013
Posts: 531
Original Poster
Rep:
|
The domains im mentioning are not mine, so i cant do anything with them.....
I just wanted to know why it fails, and if i can fix it any other way from linux CLI, and to discover what are actual that domain nameservers. (except dig + trace)
Last edited by postcd; 01-08-2014 at 04:16 AM.
|
|
|
01-06-2014, 10:11 AM
|
#15
|
Moderator
Registered: Mar 2008
Posts: 22,228
|
To fix it use a hosts file entry. It is not a hack. If it were a hack, they you would not have a hosts file in every distro made.
The other way to fix it would be to use a dns server that offers correct name resolution.
The other way to fix it is to correct the dns server that you are using.
The other way to fix it is to create you own local dns server and use corrected ip addresses for some names.
Admin's tip.
By the way, to speed up internet use, one could put the names of the 200 (or more) most common web sites that they access. It takes much less time to access the hosts file than it does to access a dns server. The hosts file is ALWAYS looked up by default still.
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 10:51 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|