Torsten,
ws.mobilecdn.verisign.com. doesn't answer for me either.
It's supposed to be authoritatively hosted here:
mobilecdn.verisign.com. 900 IN NS dns1-auth.m-qube.com.
mobilecdn.verisign.com. 900 IN NS dns2-auth.m-qube.com.
But neither of them answer an iterative query for me, be it a SOA for
mobilecdn.verisign.com. or the ultimately desired ws.mobilecdn.verisign.com.
Not sure this is really your fault, unless of course the '-auth' means only
certain people are allowed to query.
-mat
On Mar 9, 2010, at 3:40 PM, Torsten wrote:
> Am Wed, 10 Mar 2010 00:44:46 +1100
> schrieb Mark Andrews :
>
>>
>> In message <20100309142153.016c7...@the-damian.de>, Torsten writes:
>>> Hi,
>>>
>>> I'm a bit clueless about what's happening here exactly.
>>> I have a server (9.6.1-P3) that tries resolving
>>> ws.mobilecdn.verisign.com. Queries for this host permanently fail
>>> with SERVFAIL.
>>>
>>> I've narrowed the problem down to answers from c2.nstld.net
>>>
>>>
>>> dig @c2.nstld.com mobilecdn.verisign.com
>>> ;; Got referral reply from 192.26.92.31, trying next server
>>
>> Fix /etc/resolv.conf to point to recursive nameservers. 192.26.92.31
>> is not a recursive nameserver.
>
> /etc/resolv.conf already points to recursive nameservers. Since these
> nameservers can't resolve ws.mobilecdn.verisign.com I tried every
> single nameserver found by dig +trace and ended up with the behaviour
> of c2.nstld.net.
>
>>
>>> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 <<>> @c2.nstld.com
>>> mobilecdn.verisign.com ; (2 servers found)
>>> ;; global options: printcmd
>>> ;; connection timed out; no servers could be reached
>>>
>>>
>>> This happens only if the hostname is used in a dig. Using the ipv4
>>> address everything turns out fine.
>>>
>>> What's even more strange is the answer packet received (at least I
>>> can't see any errors there).
>>>
>>>
>>> No. TimeSourceDestination
>>> Protocol Info 4 3.529927192.26.92.31 10.10.3.22
>>> DNS Standard query response
>>>
>>> Frame 4 (140 bytes on wire, 140 bytes captured)
>>>Arrival Time: Mar 9, 2010 13:33:49.987181000
>>>[Time delta from previous captured frame: 0.086282000 seconds]
>>>[Time delta from previous displayed frame: 0.086282000 seconds]
>>>[Time since reference or first frame: 3.529927000 seconds]
>>>Frame Number: 4
>>>Frame Length: 140 bytes
>>>Capture Length: 140 bytes
>>>[Frame is marked: True]
>>>[Protocols in frame: eth:ip:udp:dns]
>>>[Coloring Rule Name: UDP]
>>>[Coloring Rule String: udp]
>>> Ethernet II, Src: Cisco_46:45:d3 (00:04:27:46:45:d3), Dst:
>>> HewlettP_08:78:76 (00:1f:29:08:78:76) Destination: HewlettP_08:78:76
>>> (00:1f:29:08:78:76) Address: HewlettP_08:78:76 (00:1f:29:08:78:76)
>>> ...0 = IG bit: Individual address
>>> (unicast) ..0. = LG bit: Globally unique
>>> address (factory default) Source: Cisco_46:45:d3 (00:04:27:46:45:d3)
>>>Address: Cisco_46:45:d3 (00:04:27:46:45:d3)
>>> ...0 = IG bit: Individual address
>>> (unicast) ..0. = LG bit: Globally unique
>>> address (factory default) Type: IP (0x0800)
>>> Internet Protocol, Src: 192.26.92.31 (192.26.92.31), Dst: 10.10.3.22
>>> (10.10.3.22) Version: 4
>>>Header length: 20 bytes
>>>Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN:
>>> 0x00) 00.. = Differentiated Services Codepoint: Default (0x00)
>>> ..0. = ECN-Capable Transport (ECT): 0
>>> ...0 = ECN-CE: 0
>>>Total Length: 126
>>>Identification: 0x (0)
>>>Flags: 0x02 (Don't Fragment)
>>>0.. = Reserved bit: Not Set
>>>.1. = Don't fragment: Set
>>>..0 = More fragments: Not Set
>>>Fragment offset: 0
>>>Time to live: 58
>>>Protocol: UDP (0x11)
>>>Header checksum: 0x1716 [correct]
>>>[Good: True]
>>>[Bad : False]
>>>Source: 192.26.92.31 (192.26.92.31)
>>>Destination: 10.10.3.22 (10.10.3.22)
>>> User Datagram Protocol, Src Port: domain (53), Dst Port: 48885
>>> (48885) Source port: domain (53)
>>>Destination port: 48885 (48885)
>>>Length: 106
>>>Checksum: 0x1190 [validation disabled]
>>>[Good Checksum: False]
>>>[Bad Checksum: False]
>>> Domain Name System (response)
>>>[Request In: 3]
>>>[Time: 0.086282000 seconds]
>>>Transaction ID: 0x3824
>>>Flags: 0x8100 (Standard query response, No error)
>>>1... = Response: Message is a response
>>>.000 0... = Opcode: Standard query (0)
>>> .0.. = Authoritative: Server is not an
>>> authority for domain ..0. = Truncated: Message is
>>> not truncated ...1 = Recursion desired: Do query
>>> recursively 0... = Recursion available: Server can't
>>> do recursive queries