Dan Riley quickly came to the rescue with the below message. Thanks, Dan,
this one was killing me!!
-Bill Sadvary
>What does a traceroute to the stanford name servers look like? If
>it gets close to 30 hops, or ranges out at 30 hops,
>
>http://www.ornl.gov/its/archives/mailing-lists/tru64-unix-managers/2001/02/msg00
161.html
>
>may be relevant.
>--
>Dan Riley
---------- Original message ----------
Do I have a good one for you!
For some reason, our internal DNS (let's call it NS1) can not resolve the
site stanford.edu and probably a few other sites. It can resolve names
for a zillion other sites.
While logging packets on our edge router, we can see the packets being
sent to their primary DNS. But we get no response. I can ping from NS1
to their primary nameserver, no problem, it's very quick. Also, I can
connect to their primary server with the nslookup 'server' command but I
still can't resolve any names on their end.
What makes this really strange is that another host on our same LAN and
subnet that is running the same OS version (Tru64 v4.0G and patch kit #3)
and the same bind version (4.9.3-P1-plus-CA-98.05-patches) _CAN_ resolve
the stanford.edu name, even if I clear it's DNS cache.
It makes no sense. We ask ourselves, "why can one host do the lookups and
the other one just times out." We can ping their primary nameservers from
the NS1 host. Both bind configurations are exactly the same, same root
servers file, same named version, etc.
We have a few other AlphaServers that are acting exactly like NS1, they
too can not resolve stanford.edu. But we have the one host that can
resolve the names.. Very strange.
We have seen this exact same scenario a week or so ago with a few other
sites. Eventually, after five or so days, the site is resolvable and
everything is fine. Then a week or so later, another site or two become
unresolvable like it is now with stanford. In a day or so, stanford will
be resolvable, I would bet cash on it.
Can anyone come up with any clues as to why our DNS requests go answered
for these few hosts?
I currently have NS1 set to forward the requests to the working DNS but I
have another system that I can use for testing.
A sample nslookup is seen below.
Thanks!
-Bill Sadvary
Carlisle, PA
% nslookup
Default Server: localhost
Address: 127.0.0.1
> set debug
> stanford.edu
Server: localhost
Address: 127.0.0.1
timeout
timeout
timeout
timeout
------------
Got answer:
HEADER:
opcode = QUERY, id = 64008, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
stanford.edu.dickinson.edu, type = A, class = IN
AUTHORITY RECORDS:
-> dickinson.edu
ttl = 86400 (1 day)
origin = NS1.dickinson.edu
mail addr = POSTMASTER.ALPHA.dickinson.edu
serial = 20020208
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
minimum ttl = 86400 (1 day)
------------
*** localhost can't find stanford.edu: Non-existent host/domain
If I run the exact same sequence of commands on the "good" host, the
request is answered successfully.
Received on Mon Mar 18 2002 - 20:14:17 NZST