DNS problems at thought.org [was: Re: lynx failure....]
On Sat, 12 Dec 2009 10:21:15 -0800, Gary Kline kl...@thought.org wrote: On Sat, Dec 12, 2009 at 11:01:47AM +0200, Giorgos Keramidas wrote: On Sat, 12 Dec 2009 00:09:52 -0800, Gary Kline kl...@thought.org wrote: Using lynx: Looking up www.thought.org Unable to locate remote host www.thought.org. Alert!: Unable to connect to remote host. Obviously, something is wrong with how my new DBS, mAil, and web server, ethic, is configurated. Can anybody help me here? Are you sure DNS for the thought.org domain works? keram...@kobe:/home/keramida$ host www.thought.org Host www.thought.org not found: 3(NXDOMAIN) keram...@kobe:/home/keramida$ The more I think about it, no, I'm not sure. The guy who set up my new DNS was using the named in ports while I was using the one in /usr/sbin. That shouldn't be a problem. Both bind versions should be able to serve your zone files correctly. When you see 'weird' DNS errors from one place but they seem to magically disappear if you perform the same query from another place, it is _very_ often a good indication that there is _somewhere_ a stale SOA record and a stale copy of your zone files. Tracking down where the stale SOA record is cached may be a bit of work, but it's definitely doable... The name servers registered for your domain at `thought.org' are: : $ host -t ns thought.org 21 | expand | fgrep 'name server' | \ : awk '{print $NF}' : a.ns.celestial.com. : ns1.localhostservices.net. : b.ns.celestial.com. : d.ns.celestial.com. : ns2.secondary.com. : ns1.thought.org. : c.ns.celestial.com. : $ The IPv4 addresses of these hosts seem to be: : $ host -t ns thought.org 21 | expand | fgrep 'name server' | \ : awk '{print $NF}' | \ : while read name ; do \ : addrs=$( host ${name} 21 | fgrep 'has address' | \ : awk '{print $NF}' | sort ); \ : echo ${name} ${addrs} ; \ : done | tee thought.org-ns.txt : a.ns.celestial.com. 192.136.111.41 : ns1.localhostservices.net. 69.55.236.116 : ns1.thought.org. 209.180.213.210 : ns2.secondary.com. 198.133.199.4 : c.ns.celestial.com. 192.136.111.43 : b.ns.celestial.com. 192.136.111.42 : d.ns.celestial.com. 65.255.106.208 : $ So there are seven (7) different name servers that should have the same SOA record and the same version of your zone file. How many of them *do* have the same version though? : keram...@kobe:~$ while read nshost nsip ; do \ : echo ${nshost} [${nsip}] = ; \ : dig @${nsip} thought.org soa 21 | expand | \ : fgrep ' SOA ' | sed -e 's/.* SOA[ ]*//' ; \ : echo ; \ : done thought.org-ns.txt : : a.ns.celestial.com. [192.136.111.41] = : aristotle.thought.org. hostmaster.thought.org. 2008121902 10800 3600 604800 38400 : : ns1.localhostservices.net. [69.55.236.116] = : ethic.thought.org. hostmaster.thought.org. 2009120801 10800 3600 604800 38400 : : ns1.thought.org. [209.180.213.210] = : ethic.thought.org. hostmaster.thought.org. 2009120801 10800 3600 604800 38400 : : ns2.secondary.com. [198.133.199.4] = : : c.ns.celestial.com. [192.136.111.43] = : aristotle.thought.org. hostmaster.thought.org. 2008121902 10800 3600 604800 38400 : : b.ns.celestial.com. [192.136.111.42] = : aristotle.thought.org. hostmaster.thought.org. 2008121902 10800 3600 604800 38400 : : d.ns.celestial.com. [65.255.106.208] = : aristotle.thought.org. hostmaster.thought.org. 2008121902 10800 3600 604800 38400 : : keram...@kobe:~$ From this output you can now see that: * There is at least one name server in your NS list that does not have a SOA record at _all_ for your domain (ns2.secondary.com) * There are four name servers that have stale copy of your zone file from last year (a.ns.celestial.com, b.ns.celestial.com, c.ns.celestial.com, and d.ns.celestial.com). * There are two name servers that appear to have a copy from 2009-12-08 (ns1.thought.org and ns1.localhostservices.net) Trying to resolve `www.thought.org' through each one of these name servers, to find the ones that cause some of the DNS queries to fail, shows the following: : $ while read nshost nsip ; do \ : echo ${nshost} [${nsip}] = ; \ : dig @${nsip} www.thought.org a | expand | \ : grep '^www\.thought\.org' ; \ : echo ; \ : done thought.org-ns.txt : a.ns.celestial.com. [192.136.111.41] = : www.thought.org.38400 IN CNAME aristotle.thought.org. : : ns1.localhostservices.net. [69.55.236.116] = : www.thought.org.38400 IN CNAME ethic.thought.org. : : ns1.thought.org. [209.180.213.210] = : www.thought.org.38400 IN CNAME ethic.thought.org. : : ns2.secondary.com. [198.133.199.4] = : : c.ns.celestial.com. [192.136.111.43] = : www.thought.org.38400 IN CNAME aristotle.thought.org. : : b.ns.celestial.com. [192.136.111.42] = : www.thought.org.38400 IN CNAME aristotle.thought.org. : : d.ns.celestial.com. [65.255.106.208] = : www.thought.org.38400 IN
Re: DNS problems at thought.org
On Sat, 12 Dec 2009 19:25:43 -0800, Gary Kline kl...@thought.org wrote: On Sun, Dec 13, 2009 at 12:29:30AM +0200, Giorgos Keramidas wrote: You have some serious DNS issues with your current setup. I think you should start by: 1) *Removing* from the NS records of your domain the name servers that are not necessary (the celestial.com ones). 2) *Updating* the NS list of the same domain at the DNS registrar you are using to use ns1.thought.org and ns1.localhostservices.net. 3) Checking the firewall settings at ns1.thought.org to see why it does not respond to queries. Jon just got home ansd mailed me about my secondaries. With what he said, or tired to explain, and what you have below, the picture is pretty clear. Jon think I need to drop the ns2.secondary.com secondaries and others that are not consistent. Some point to aristotle; others to ethic. Yes, that makes perfect sense. It's the main reason why I wrote step 1 in the above list. When you *do* update the NS listing through your DNS registration service, point it _only_ at name servers that really have a valid copy of your zone files and are set up to serve as secondaries. After a while, when the changes propagate to all the name servers, your domain should work fine with bind (either the base-system or ports version). Thijngs may be happening. Since I have no webserver apps [GUI] I gave the gkg.net info to Jon and asked him to edit my files there. i use pfsense as my firewall. I'm still in learning mode about its fine points, but from what I understand, it points only to ethic ... I think in the past few days--two or three days. *Thanks* for filling in the blank spaces. No problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: In a bit of a bind - DNS problems and ipfw
Aaron Siegel [EMAIL PROTECTED] writes: Hello I am having problems with my FreeBSD 5.4 gateway/firewall. When I enable a custom firewall (ipfw) or the Simple firewall through rc.firewall my clients are unable to resolve DNS when DNS does work with the Open ruleset that is provide by rc.firewall. I create the custom firewall couple years ago and they work fine under 4.11 but after the upgrade I have not been able to get them to work. I sure I am doing something stupid but I am not smart enough to solve it at the moment. Thank you Aaron Siegel Custom firewall rules #Allow DNS $cmd 019 allow tcp from any to any 53 out via $pif $cmd 018 allow udp from any to any 53 out via $pif You need to let the replies back in. Try keep-state. /etc/rc.conf gateway_enable=YES firewall_enable=YES firewall_type=open natd_enable=YES natd_interface=dc0 ifconfig_dc0=192.168.0.2 #public interface ifconfig_fxp0=192.168.245.1 netmask 255.255.255.0 #private interface /etc/rc.conf I have commented out the following lines #${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} Why? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
In a bit of a bind - DNS problems and ipfw
Hello I am having problems with my FreeBSD 5.4 gateway/firewall. When I enable a custom firewall (ipfw) or the Simple firewall through rc.firewall my clients are unable to resolve DNS when DNS does work with the Open ruleset that is provide by rc.firewall. I create the custom firewall couple years ago and they work fine under 4.11 but after the upgrade I have not been able to get them to work. I sure I am doing something stupid but I am not smart enough to solve it at the moment. Thank you Aaron Siegel Custom firewall rules #Allow DNS $cmd 019 allow tcp from any to any 53 out via $pif $cmd 018 allow udp from any to any 53 out via $pif /etc/rc.conf gateway_enable=YES firewall_enable=YES firewall_type=open natd_enable=YES natd_interface=dc0 ifconfig_dc0=192.168.0.2 #public interface ifconfig_fxp0=192.168.245.1 netmask 255.255.255.0 #private interface /etc/rc.conf I have commented out the following lines #${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS problems
I am no expert by any means, but the problem I was having sounds simular. I had a fresh install on friday, I could get to the web but dns resolutions were incredibly, slow and timing out most of the time. But my box is now working perfectly. #1 you dns nameservers addresses need to be in /etc/resolv.conf this still did not solve my problem but it should. I had to cvsup my /usr/src and rebuild my world and everything works perfectly. I do not know if something changed in the sources but it worked for me. On Sunday 09 January 2005 01:39, Rajiv Krishnamurthy wrote: gentle people, apologies if this question should have been posted in the newbies list, but i saw a similar question in the archives of this mailing list, which did not quite answer my question. i'm trying to install FreeBSD for the first time. i'm installing it on my desktop. the installation has gone on pretty cleanly, i have a linksys firewall/wireless router behind which i have installed my freeBSD box. i have good connectivity and am able to ping, telnet to the internet. however DNS resolution is a problem. the browser does not work and for example dig www.freebsd.org also does not work. if i provide the nameserver,dig @server xxx.xxx.xxx - things are fine. any ideas. it has to be something really simple. during the configuration, when i configured my ethernet port, it cleanly gets the ip address from the linksys hub and also lists the nameserver correctly. what else do i have to configure ? ifconfig xl0 : flags=8843UP,BRODACAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=bRXCSUM,TXSUM,VLAN_MTU inet6 fe80::250:daff:fe8c:dcaa%x10 prefixlen 64 scopeid 0x1 inet 192.168.1.105 netmask 0xff00 broadcast 192.168.1.255 ether 00:50:da:8c:dc:aa media Ethernet autoselect (100baseTX full-duplex) status:active plip0: flags=8810POINTTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 inet6 :: 1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 netstat -nr Routing tables Internet: DestinationGateway Flags RefsUseNetif Expire default 192.168.1.1 UGS 00x10 127.0.0.1 127.0.0.1 UH 1 76 lo0 192.168.1 link#1 UC 0 0 xl0 192.168.1.1link#1 UHLW 1 0 xl0 192.168.1.105127.0.0.1 UGHS 0 0 lo0 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 2 xl0 /etc/resolve.conf is empty. /etc/hosts is empty. thanks rajiv. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
DNS problems
gentle people, apologies if this question should have been posted in the newbies list, but i saw a similar question in the archives of this mailing list, which did not quite answer my question. i'm trying to install FreeBSD for the first time. i'm installing it on my desktop. the installation has gone on pretty cleanly, i have a linksys firewall/wireless router behind which i have installed my freeBSD box. i have good connectivity and am able to ping, telnet to the internet. however DNS resolution is a problem. the browser does not work and for example dig www.freebsd.org also does not work. if i provide the nameserver,dig @server xxx.xxx.xxx - things are fine. any ideas. it has to be something really simple. during the configuration, when i configured my ethernet port, it cleanly gets the ip address from the linksys hub and also lists the nameserver correctly. what else do i have to configure ? ifconfig xl0 : flags=8843UP,BRODACAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=bRXCSUM,TXSUM,VLAN_MTU inet6 fe80::250:daff:fe8c:dcaa%x10 prefixlen 64 scopeid 0x1 inet 192.168.1.105 netmask 0xff00 broadcast 192.168.1.255 ether 00:50:da:8c:dc:aa media Ethernet autoselect (100baseTX full-duplex) status:active plip0: flags=8810POINTTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 inet6 :: 1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 netstat -nr Routing tables Internet: DestinationGateway Flags RefsUseNetif Expire default 192.168.1.1 UGS 00x10 127.0.0.1 127.0.0.1 UH 1 76 lo0 192.168.1 link#1 UC 0 0 xl0 192.168.1.1link#1 UHLW 1 0 xl0 192.168.1.105127.0.0.1 UGHS 0 0 lo0 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 2 xl0 /etc/resolve.conf is empty. /etc/hosts is empty. thanks rajiv. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS problems
gentle people, apologies if this question should have been posted in the newbies list, but i saw a similar question in the archives of this mailing list, which did not quite answer my question. i'm trying to install FreeBSD for the first time. i'm installing it on my desktop. the installation has gone on pretty cleanly, i have a linksys firewall/wireless router behind which i have installed my freeBSD box. i have good connectivity and am able to ping, telnet to the internet. however DNS resolution is a problem. the browser does not work and for example dig www.freebsd.org also does not work. if i provide the nameserver,dig @server xxx.xxx.xxx - things are fine. any ideas. it has to be something really simple. during the configuration, when i configured my ethernet port, it cleanly gets the ip address from the linksys hub and also lists the nameserver correctly. what else do i have to configure ? ifconfig xl0 : flags=8843UP,BRODACAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=bRXCSUM,TXSUM,VLAN_MTU inet6 fe80::250:daff:fe8c:dcaa%x10 prefixlen 64 scopeid 0x1 inet 192.168.1.105 netmask 0xff00 broadcast 192.168.1.255 ether 00:50:da:8c:dc:aa media Ethernet autoselect (100baseTX full-duplex) status:active plip0: flags=8810POINTTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 inet6 :: 1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 netstat -nr Routing tables Internet: DestinationGateway Flags RefsUseNetif Expire default 192.168.1.1 UGS 00x10 127.0.0.1 127.0.0.1 UH 1 76 lo0 192.168.1 link#1 UC 0 0 xl0 192.168.1.1link#1 UHLW 1 0 xl0 192.168.1.105127.0.0.1 UGHS 0 0 lo0 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 2 xl0 /etc/resolve.conf is empty. You mean /etc/resolv.conf? This is where your nameserver should be listed if you're getting the information properly from your Linksys router. -- Matt Emmerton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
DNS problems - slow to resolve
I'm running BIND 9 for my own DNS and I'm connecting to the Internet through cable modem. In my named.conf I have a forwarders section where I put the IPs for my ISPs DNS. Since my connection to the ISP is DHCP how can I determine the DNS IPs that have been assigned? I don't see it when man'ing ifconfig. Are there tools/commands I can use to determine the resolution time that my lookups are taking? A lot of my web browser requests are timing out (name lookups) and I have to keep hitting refresh until it finally resolves. -- Doc [EMAIL PROTECTED] 317.536.1858 The only thing necessary for evil to triumph is for good men to do nothing. - Edmund Burke ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS problems - slow to resolve
David Daugherty wrote: Are there tools/commands I can use to determine the resolution time that my lookups are taking? A lot of my web browser requests are timing out (name lookups) and I have to keep hitting refresh until it finally resolves. I'd try using dig: dig www.freebsd.org At the end look for the query time: ;; Query time: 3 msec ;; WHEN: Sun Jan 2 09:33:07 2005 ;; MSG SIZE rcvd: 211 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS problems - slow to resolve
On Sunday 02 January 2005 09:22, David Daugherty wrote: I'm running BIND 9 for my own DNS and I'm connecting to the Internet through cable modem. In my named.conf I have a forwarders section where I put the IPs for my ISPs DNS. Since my connection to the ISP is DHCP how can I determine the DNS IPs that have been assigned? I don't see it when man'ing ifconfig. /etc/resolv.conf lists which nameservers your system is using. (Hope I didn't completely interpret your question) :-/ -- Thanks, Josh Paetzel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS problems - slow to resolve
The problem with resolv.conf is that it just puts insightbb.com in there. Doing a whois on insightbb.com gives a few DNS servers but none of them are any speedier lookups then the others. If I put the IP that insightbb.com resolves to it's still slow. On Sun, 2 Jan 2005 09:41:20 -0600, Josh Paetzel [EMAIL PROTECTED] wrote: On Sunday 02 January 2005 09:22, David Daugherty wrote: I'm running BIND 9 for my own DNS and I'm connecting to the Internet through cable modem. In my named.conf I have a forwarders section where I put the IPs for my ISPs DNS. Since my connection to the ISP is DHCP how can I determine the DNS IPs that have been assigned? I don't see it when man'ing ifconfig. /etc/resolv.conf lists which nameservers your system is using. (Hope I didn't completely interpret your question) :-/ -- Thanks, Josh Paetzel -- Doc [EMAIL PROTECTED] 317.536.1858 The only thing necessary for evil to triumph is for good men to do nothing. - Edmund Burke ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS problems - slow to resolve
Ah, yes..dig. Forgot that it had a resolve time in there. Here's a perfect example of the slowness I'm talking about: su-2.05b# dig yahoo.com ; DiG 8.3 yahoo.com ;; res options: init recurs defnam dnsrch ;; res_nsend: Operation timed out su-2.05b# dig yahoo.com ; DiG 8.3 yahoo.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 1563 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 0 ;; QUERY SECTION: ;; yahoo.com, type = A, class = IN ;; ANSWER SECTION: yahoo.com. 5M IN A 216.109.112.135 yahoo.com. 5M IN A 66.94.234.13 ;; AUTHORITY SECTION: yahoo.com. 1d6h52m8s IN NS ns2.yahoo.com. yahoo.com. 1d6h52m8s IN NS ns3.yahoo.com. yahoo.com. 1d6h52m8s IN NS ns4.yahoo.com. yahoo.com. 1d6h52m8s IN NS ns5.yahoo.com. yahoo.com. 1d6h52m8s IN NS ns1.yahoo.com. ;; Total query time: 6179 msec ;; FROM: datasphereweb.com to SERVER: 127.0.0.1 ;; WHEN: Sun Jan 2 09:55:17 2005 ;; MSG SIZE sent: 27 rcvd: 149 First one didn't resolve in time. Second one, 6 seconds!!! On Sun, 2 Jan 2005 10:49:28 -0500, David Daugherty [EMAIL PROTECTED] wrote: The problem with resolv.conf is that it just puts insightbb.com in there. Doing a whois on insightbb.com gives a few DNS servers but none of them are any speedier lookups then the others. If I put the IP that insightbb.com resolves to it's still slow. On Sun, 2 Jan 2005 09:41:20 -0600, Josh Paetzel [EMAIL PROTECTED] wrote: On Sunday 02 January 2005 09:22, David Daugherty wrote: I'm running BIND 9 for my own DNS and I'm connecting to the Internet through cable modem. In my named.conf I have a forwarders section where I put the IPs for my ISPs DNS. Since my connection to the ISP is DHCP how can I determine the DNS IPs that have been assigned? I don't see it when man'ing ifconfig. /etc/resolv.conf lists which nameservers your system is using. (Hope I didn't completely interpret your question) :-/ -- Thanks, Josh Paetzel -- Doc [EMAIL PROTECTED] 317.536.1858 The only thing necessary for evil to triumph is for good men to do nothing. - Edmund Burke -- Doc [EMAIL PROTECTED] 317.536.1858 The only thing necessary for evil to triumph is for good men to do nothing. - Edmund Burke ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS problems - slow to resolve
Ok, I wasn't getting the IPs in my resolv.conf because I had dhclient.conf modified to supersede to the local DNS. Here's what I did to determine the DNS that my ISP was assigning me. I changed the dhclient.conf back to empty and restarted the network. This then put the IPs of the two DNS servers assigned into my resolv.conf. I then took these two IPs and added them to my forwarders section in my named.conf. Rebooted and name lookup is much faster now. It only took my wife grumping about having to hit refresh 20+ times to bring up a web page in order for me to fix this since we've moved and changed ISPs. Thanks for the ideas everyone. On Sun, 2 Jan 2005 10:52:14 -0500, David Daugherty [EMAIL PROTECTED] wrote: Ah, yes..dig. Forgot that it had a resolve time in there. Here's a perfect example of the slowness I'm talking about: su-2.05b# dig yahoo.com ; DiG 8.3 yahoo.com ;; res options: init recurs defnam dnsrch ;; res_nsend: Operation timed out su-2.05b# dig yahoo.com ; DiG 8.3 yahoo.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 1563 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 0 ;; QUERY SECTION: ;; yahoo.com, type = A, class = IN ;; ANSWER SECTION: yahoo.com. 5M IN A 216.109.112.135 yahoo.com. 5M IN A 66.94.234.13 ;; AUTHORITY SECTION: yahoo.com. 1d6h52m8s IN NS ns2.yahoo.com. yahoo.com. 1d6h52m8s IN NS ns3.yahoo.com. yahoo.com. 1d6h52m8s IN NS ns4.yahoo.com. yahoo.com. 1d6h52m8s IN NS ns5.yahoo.com. yahoo.com. 1d6h52m8s IN NS ns1.yahoo.com. ;; Total query time: 6179 msec ;; FROM: datasphereweb.com to SERVER: 127.0.0.1 ;; WHEN: Sun Jan 2 09:55:17 2005 ;; MSG SIZE sent: 27 rcvd: 149 First one didn't resolve in time. Second one, 6 seconds!!! On Sun, 2 Jan 2005 10:49:28 -0500, David Daugherty [EMAIL PROTECTED] wrote: The problem with resolv.conf is that it just puts insightbb.com in there. Doing a whois on insightbb.com gives a few DNS servers but none of them are any speedier lookups then the others. If I put the IP that insightbb.com resolves to it's still slow. On Sun, 2 Jan 2005 09:41:20 -0600, Josh Paetzel [EMAIL PROTECTED] wrote: On Sunday 02 January 2005 09:22, David Daugherty wrote: I'm running BIND 9 for my own DNS and I'm connecting to the Internet through cable modem. In my named.conf I have a forwarders section where I put the IPs for my ISPs DNS. Since my connection to the ISP is DHCP how can I determine the DNS IPs that have been assigned? I don't see it when man'ing ifconfig. /etc/resolv.conf lists which nameservers your system is using. (Hope I didn't completely interpret your question) :-/ -- Thanks, Josh Paetzel -- Doc [EMAIL PROTECTED] 317.536.1858 The only thing necessary for evil to triumph is for good men to do nothing. - Edmund Burke -- Doc [EMAIL PROTECTED] 317.536.1858 The only thing necessary for evil to triumph is for good men to do nothing. - Edmund Burke -- Doc [EMAIL PROTECTED] 317.536.1858 The only thing necessary for evil to triumph is for good men to do nothing. - Edmund Burke ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Possible DNS Problems
On Wed, Apr 14, 2004 at 08:43:53PM +, Travis Troyer wrote: I am running FreeBSD 5.2.1-Release on two systems, a server that acts as a NAT Gateway for my cable service, and a client. When trying to load various websites on the client machine, I get a delay, usually about 25 seconds, during which Mozilla will tell me it's resolving the hostname. I also get the same situation with Konqueror or lynx. It only happens on certain sites, for example, Bankone.com. With loading Bankone.com, after the homepage initially loads, I can load any page on the site without problems. Using this same system, and dual booting into Windows, I find that I can load these sites with no problem, leading me to believe that it is a configuration problem with my FreeBSD installation; however, I can not figure out what the problem is. I would really appreciate any help in this matter. You could well be right -- a lot of DNS servers out there do not respond correctly (or even at all) to queries for or A6 records. You can confirm if that is the case by using tcpdump to show you what DNS traffic your system is generating as you browse around. This is a case of FreeBSD users being penalised for running a properly standards compliant OS by stupid service providers who are unable to install standards compliant DNS servers with support for RR types introduced getting on for 10 years ago now. Even worse, DNS servers that don't return any response to such a request, which forces your system to wait for the whole 30s of the DNS timeout. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Possible DNS Problems
Hello, Have a look at the different ad.doubleclick.net addresses included in the web site. Find out the ip address and put them in your /etc/hosts file like this: 206.65.183.95 ad.doubleclick.net 206.65.183.95 uk.doubleclick.net 206.65.183.95 ad.uk.doubleclick.net 195.154.195.154 ad.fr.doubleclick.net This will solve the loading time of the different websites with konqueror, firefox etc( sticking to load 90% of the images of the web site). This issue doesn't seem to exist when you use Opera. Kind regards Jens On Thu, 15 Apr 2004 08:36:17 +0100 Matthew Seaman [EMAIL PROTECTED] wrote: On Wed, Apr 14, 2004 at 08:43:53PM +, Travis Troyer wrote: I am running FreeBSD 5.2.1-Release on two systems, a server that acts as a NAT Gateway for my cable service, and a client. When trying to load various websites on the client machine, I get a delay, usually about 25 seconds, during which Mozilla will tell me it's resolving the hostname. I also get the same situation with Konqueror or lynx. It only happens on certain sites, for example, Bankone.com. With loading Bankone.com, after the homepage initially loads, I can load any page on the site without problems. Using this same system, and dual booting into Windows, I find that I can load these sites with no problem, leading me to believe that it is a configuration problem with my FreeBSD installation; however, I can not figure out what the problem is. I would really appreciate any help in this matter. You could well be right -- a lot of DNS servers out there do not respond correctly (or even at all) to queries for or A6 records. You can confirm if that is the case by using tcpdump to show you what DNS traffic your system is generating as you browse around. This is a case of FreeBSD users being penalised for running a properly standards compliant OS by stupid service providers who are unable to install standards compliant DNS servers with support for RR types introduced getting on for 10 years ago now. Even worse, DNS servers that don't return any response to such a request, which forces your system to wait for the whole 30s of the DNS timeout. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Possible DNS Problems
I am running FreeBSD 5.2.1-Release on two systems, a server that acts as a NAT Gateway for my cable service, and a client. When trying to load various websites on the client machine, I get a delay, usually about 25 seconds, during which Mozilla will tell me it's resolving the hostname. I also get the same situation with Konqueror or lynx. It only happens on certain sites, for example, Bankone.com. With loading Bankone.com, after the homepage initially loads, I can load any page on the site without problems. Using this same system, and dual booting into Windows, I find that I can load these sites with no problem, leading me to believe that it is a configuration problem with my FreeBSD installation; however, I can not figure out what the problem is. I would really appreciate any help in this matter. Thanks in advance, Travis Troyer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
(Solved) Strange dial-up related DNS problems
I got it fixed (or atleast, as good as it can be fixed) For future reference, here's what went wrong. During the weekend, SAIX upgraded and repaired all Cisco equipment on their network. During this repair, they somehow managed to break something major. The /etc/ppp/options file on the offending BSD box contained the asyncmap 0 option. This tells pppd not to escape characters leaving as part of packets that could be misunderstood as being controle characters by the other side. This has been woking fine for a long time. however, during SAIX's tinkering, they managed to get their PPP gateways to not ignore controle characters coming in as part of IP packets, as they should be doing. What was going wrong was that some part of the DNS query must have been seen as some arb. controle character. The machine then handled the packet incorrectly, and it never reached the NS it was meant for. To fix this, just remove asyncmap 0 from your config file. This gives a slight performance hit, but with the wonderful resourcefullness of some ISPs, what can you do... Origional message follows: This gets a 10.0 on my weird-o-meter. I have a FreeBSD 4.7-RELEASE machine sitting at a client which dials in and collects their mail via POP3, and sends outgoing mail via a smarthost which points to an SMTP server at their ISP. This machine has worked fine since late last year, but started giving a strange problem this week. When connected to their ISP, SAIX, the machine can ping any live internet IP and it can traceroute to anywhere, but, it can not talk to any DNS server. Any traffic to port 53 UDP simply seems to dissapear. The same with firewalling enabled as normal, or even with ipfw add 1 allow ip from any to any When connected to any other ISP we have tried dialing, all works perfectly. When dialed from another FreeBSD box with the same username/password, the SAIX connection works perfectly. Yet, this single machine absolutely flat out refuses to talk to any name server while connected to SAIX, firewalling, no firewalling, no difference. I have tried running tcpdump -i ppp0 udp port 53 in an attempt at capturing these packets, nothing, I also looked at rl0 just for interest's sake, nothing. I have run out of ideas, what am I missing? PS: Please CC me in the reply, I get so much list mail I might miss a reply there. -- Willie Viljoen Freelance IT Consultant 214 Paul Kruger Avenue, Universitas Bloemfontein 9321 South Africa +27 51 522 15 60 +27 82 404 03 27 (mobile) [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Strange dial-up related DNS problems
This gets a 10.0 on my weird-o-meter. I have a FreeBSD 4.7-RELEASE machine sitting at a client which dials in and collects their mail via POP3, and sends outgoing mail via a smarthost which points to an SMTP server at their ISP. This machine has worked fine since late last year, but started giving a strange problem this week. When connected to their ISP, SAIX, the machine can ping any live internet IP and it can traceroute to anywhere, but, it can not talk to any DNS server. Any traffic to port 53 UDP simply seems to dissapear. The same with firewalling enabled as normal, or even with ipfw add 1 allow ip from any to any When connected to any other ISP we have tried dialing, all works perfectly. When dialed from another FreeBSD box with the same username/password, the SAIX connection works perfectly. Yet, this single machine absolutely flat out refuses to talk to any name server while connected to SAIX, firewalling, no firewalling, no difference. I have tried running tcpdump -i ppp0 udp port 53 in an attempt at capturing these packets, nothing, I also looked at rl0 just for interest's sake, nothing. I have run out of ideas, what am I missing? PS: Please CC me in the reply, I get so much list mail I might miss a reply there. -- Willie Viljoen Freelance IT Consultant 214 Paul Kruger Avenue, Universitas Bloemfontein 9321 South Africa +27 51 522 15 60 +27 82 404 03 27 (mobile) [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange dial-up related DNS problems
On Wed, Jul 30, 2003 at 11:16:37PM +0200, Willie Viljoen wrote: When connected to their ISP, SAIX, the machine can ping any live internet IP and it can traceroute to anywhere, but, it can not talk to any DNS server. Any traffic to port 53 UDP simply seems to dissapear. Sheer guess, but perhaps the PPP negotiation is giving them something weird (eg, 127.0.0.1) as the nameserver address. Have a look at /etc/resolv.conf while they're connected and at the ppp log. Have you tried dig @server.ip some.host? Any internal firewall in place? What do its logs/stats show? -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange dial-up related DNS problems
On Thursday 31 July 2003 0:16, someone, possibly Barney Wolff, typed: On Wed, Jul 30, 2003 at 11:16:37PM +0200, Willie Viljoen wrote: When connected to their ISP, SAIX, the machine can ping any live internet IP and it can traceroute to anywhere, but, it can not talk to any DNS server. Any traffic to port 53 UDP simply seems to dissapear. Sheer guess, but perhaps the PPP negotiation is giving them something weird (eg, 127.0.0.1) as the nameserver address. Have a look at /etc/resolv.conf while they're connected and at the ppp log. Have you tried dig @server.ip some.host? Any internal firewall in place? What do its logs/stats show? Yes, from the other ISPs, dig @their.servers and dig @my.own.servers works fine. On SAIX, dig @anybody.server only gives me a timeout. The box uses ipfw in a stateful setup, but even with that comletely out of the way, there's no difference. /etc/resolv.conf is static, but the address in there is correct. -- Willie Viljoen Freelance IT Consultant 214 Paul Kruger Avenue, Universitas Bloemfontein 9321 South Africa +27 51 522 15 60 +27 82 404 03 27 (mobile) [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MS Dynamic DNS problems
- Original Message - Thanks for the quick reply, Steve. I suspect that since they were about to modify my laptop's win2k install so that it started showing up in DNS, that there must be something doable on the client-side alone, if only I knew what that was. I have since rebooted to win2k to look at the configuration panel that was changed to get the fix. It is the advanced popup under the DNS tab in the TCP/IP properties (gosh why can't people just use directories). The suffix list used to be empty, and unchecked, and now it is populated and checked, as previously described. Secondly, I have noticed a checkbox at the bottom of this panel of the form use suffix in registration which might have also been checked during the fix. While win2k was up, I was able to ping the laptop. Then I rebooted to FreeBSD (getting the same IP addr from DHCP) and pinged again and my DNS entry had disappeared, no ping. Though pings by raw IP addr work fine. There are a couple palces in your /etc directory you may want to look. For example, the settings you indicate they added are usually stored in the /etc/resolv.conf file. Make sure you have the proper domain specified there. Also make sure your fully-qualified domain name includes the appropriate domain, and the same name as the Win2k side of your machine. David To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: MS Dynamic DNS problems
OK, here is /etc/resolv.conf: search celera.com ad.celera.com rkv.ad.celera.com rkv.celera.com applera.com pe-c.com ssf.ad.celera.com fc.celera.com nameserver 172.20.7.10 nameserver 172.20.7.11 The search line there appears to be the result of adding a supercede line to the dhclient.conf, which is as follows: interface ep0 { supersede domain-name celera.com ad.celera.com rkv.ad.celera.com rkv.celera.com applera.com pe-c.com ssf.ad.celera.com fc.celera.com; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name; } The above contents are just a total guess based on what the Win-support person seemed to be doing. I visited the win2k side again, to check my name list and so forth, and did CMD ipconfig /all The primary name is lipperra-p1, and the connection specific one is rkv.ad.celera.com. I am not sure if that is reflected in my resolv.conf or my dhclient.conf. Finally, on the boot back to FreeBSD, I ran a ping from my desktop machine and watched the disappearance from DNS: cglwadministrator@LIPPERRA-W1 ~ $ ping lipperra-p1.rkv.ad.celera.com Pinging lipperra-p1.rkv.ad.celera.com [172.20.168.104] with 32 bytes of data: Reply from 172.20.168.104: bytes=32 time10ms TTL=128 Request timed out. Request timed out. Reply from 172.20.168.104: bytes=32 time10ms TTL=64 Request timed out. cglwadministrator@LIPPERRA-W1 ~ $ ping lipperra-p1.rkv.ad.celera.com Bad IP address lipperra-p1.rkv.ad.celera.com. which may be of interest because it shows the DNS entry being persistent right up until just after FreeBSD's dhclient starts, and then the DNS entry disappears. -r From: David [EMAIL PROTECTED] To: Ross Lippert [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Subject: Re: MS Dynamic DNS problems Date: Thu, 18 Jul 2002 08:11:59 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600. - Original Message - Thanks for the quick reply, Steve. I suspect that since they were about to modify my laptop's win2k install so that it started showing up in DNS, that there must be something doable on the client-side alone, if only I knew what that was. I have since rebooted to win2k to look at the configuration panel that was changed to get the fix. It is the advanced popup under the DNS tab in the TCP/IP properties (gosh why can't people just use directories). The suffix list used to be empty, and unchecked, and now it is populated and checked, as previously described. Secondly, I have noticed a checkbox at the bottom of this panel of the form use suffix in registration which might have also been checked during the fix. While win2k was up, I was able to ping the laptop. Then I rebooted to FreeBSD (getting the same IP addr from DHCP) and pinged again and my DNS entry had disappeared, no ping. Though pings by raw IP addr work fine. There are a couple palces in your /etc directory you may want to look. For example, the settings you indicate they added are usually stored in the /etc/resolv.conf file. Make sure you have the proper domain specified there. Also make sure your fully-qualified domain name includes the appropriate domain, and the same name as the Win2k side of your machine. David To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: MS Dynamic DNS problems
Are you using a special Dynamic DNS update client, or relying on some functionality in dhclient? Is the DHCP server a MS DHCP server, that could update AD/DNS for you? It seems from your ping that the DNS entry which your Win2k side registers lingers for a little while, long enough for you to reboot into FreeBSD. On Win2k shutdown, the address is de-registered (unless configured differently) from DDNS, so unless you are using a DDNS update client to re-register on the FreeBSD side, the registration won't work for too long. But the deregistration can take a few minutes, depending on how busy the server is, so you might get response from your entry for a few minutes after Win2k shutdown. -Matt Ross Lippert wrote: OK, here is /etc/resolv.conf: search celera.com ad.celera.com rkv.ad.celera.com rkv.celera.com applera.com pe-c.com ssf.ad.celera.com fc.celera.com nameserver 172.20.7.10 nameserver 172.20.7.11 The search line there appears to be the result of adding a supercede line to the dhclient.conf, which is as follows: interface ep0 { supersede domain-name celera.com ad.celera.com rkv.ad.celera.com rkv.celera.com applera.com pe-c.com ssf.ad.celera.com fc.celera.com; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name; } The above contents are just a total guess based on what the Win-support person seemed to be doing. I visited the win2k side again, to check my name list and so forth, and did CMD ipconfig /all The primary name is lipperra-p1, and the connection specific one is rkv.ad.celera.com. I am not sure if that is reflected in my resolv.conf or my dhclient.conf. Finally, on the boot back to FreeBSD, I ran a ping from my desktop machine and watched the disappearance from DNS: cglwadministrator@LIPPERRA-W1 ~ $ ping lipperra-p1.rkv.ad.celera.com Pinging lipperra-p1.rkv.ad.celera.com [172.20.168.104] with 32 bytes of data: Reply from 172.20.168.104: bytes=32 time10ms TTL=128 Request timed out. Request timed out. Reply from 172.20.168.104: bytes=32 time10ms TTL=64 Request timed out. cglwadministrator@LIPPERRA-W1 ~ $ ping lipperra-p1.rkv.ad.celera.com Bad IP address lipperra-p1.rkv.ad.celera.com. which may be of interest because it shows the DNS entry being persistent right up until just after FreeBSD's dhclient starts, and then the DNS entry disappears. -r From: David [EMAIL PROTECTED] To: Ross Lippert [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Subject: Re: MS Dynamic DNS problems Date: Thu, 18 Jul 2002 08:11:59 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600. - Original Message - Thanks for the quick reply, Steve. I suspect that since they were about to modify my laptop's win2k install so that it started showing up in DNS, that there must be something doable on the client-side alone, if only I knew what that was. I have since rebooted to win2k to look at the configuration panel that was changed to get the fix. It is the advanced popup under the DNS tab in the TCP/IP properties (gosh why can't people just use directories). The suffix list used to be empty, and unchecked, and now it is populated and checked, as previously described. Secondly, I have noticed a checkbox at the bottom of this panel of the form use suffix in registration which might have also been checked during the fix. While win2k was up, I was able to ping the laptop. Then I rebooted to FreeBSD (getting the same IP addr from DHCP) and pinged again and my DNS entry had disappeared, no ping. Though pings by raw IP addr work fine. There are a couple palces in your /etc directory you may want to look. For example, the settings you indicate they added are usually stored in the /etc/resolv.conf file. Make sure you have the proper domain specified there. Also make sure your fully-qualified domain name includes the appropriate domain, and the same name as the Win2k side of your machine. David To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message