Re: Nslookup not working for external domain
> > In article , > > "Moore, Mark A." wrote: > > > > > I have figured out and resolved my issue. For some reason I could not > > > read > > > > > the contents of the db.rootcache file. So I deleted and downloaded a new > > > copy. Now everything is working. Thx to all for your assistance. > In message > .example.com>, Barry Margolin writes: > > I thought BIND now has a compiled-in set of root hints, to use as an > > ultimate default. I guess this isn't used if the hints are configured > > but unreadable. Perhaps you should submit this as a bug report. On 19.11.10 14:11, Mark Andrews wrote: > Why does it need a bug report? If you have a hint zone in named.conf > then falling back to the built-in hints is just plain wrong as named > would be doing something that you have told it not to do. I see two questions here. - if BIND complained about unreadable hints file loudly enough - if BIND should fallback in the case hints file can't be loaded -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Nslookup not working for external domain
In message , Barry Margolin writes: > In article , > "Moore, Mark A." wrote: > > > I have figured out and resolved my issue. For some reason I could not read > > > the contents of the db.rootcache file. So I deleted and downloaded a new > > copy. Now everything is working. Thx to all for your assistance. > > I thought BIND now has a compiled-in set of root hints, to use as an > ultimate default. I guess this isn't used if the hints are configured > but unreadable. Perhaps you should submit this as a bug report. Why does it need a bug report? If you have a hint zone in named.conf then falling back to the built-in hints is just plain wrong as named would be doing something that you have told it not to do. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Nslookup not working for external domain
In article , "Moore, Mark A." wrote: > I have figured out and resolved my issue. For some reason I could not read > the contents of the db.rootcache file. So I deleted and downloaded a new > copy. Now everything is working. Thx to all for your assistance. I thought BIND now has a compiled-in set of root hints, to use as an ultimate default. I guess this isn't used if the hints are configured but unreadable. Perhaps you should submit this as a bug report. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Nslookup not working for external domain
On 11/18/2010 2:18 PM, Matus UHLAR - fantomas wrote: On 17.11.10 11:10, Moore, Mark A. wrote: nslookup www.cnn.com ;; Got SERVFAIL reply from 192.243.160.18, trying next server On 11/18/2010 5:16 AM, Matus UHLAR - fantomas wrote: This server apparently does not provide recursion for you. On 18.11.10 12:44, Kevin Darcy wrote: The OP already found the problem - - apparently the hints file wasn't being loaded properly. it was after my reply ;-) However, for future reference in troubleshooting DNS problems through interpretation of nslookup results, for the versions of nslookup I'm familiar with, trying to do a lookup that requires recursion, from a resolver that doesn't provide it, results in either a) a goofy-looking referral response, if no searchlisting is being performed, or b) nslookup going off and doing searchlisted queries, and returning the results of the *last* query it does (which is likely to be an NXDOMAIN response, thus causing nslookup to mis-report the result of the overall lookup as NXDOMAIN) In neither case would it return SERVFAIL. That usually points to some other root cause. My guess would have been that the resolver had no connectivity to the Internet and had marked all of the root nameservers as "lame". Mis-loading of the hints file apparently has the same symptoms, although to be honest I don't think I've seen that before. Last versions of BIND do not even return root referrals to clients that are not allowed to recurse. Accesing hint zone is understood as recursion too. ...you may remember issue with flooding some servers with UDP responses to spoofed queries for "." some time ago... Have you checked with such server? No, I haven't checked, but I would expect a REFUSED response in that case. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Nslookup not working for external domain
>> On 17.11.10 11:10, Moore, Mark A. wrote: >>> nslookup www.cnn.com >>> ;; Got SERVFAIL reply from 192.243.160.18, trying next server > On 11/18/2010 5:16 AM, Matus UHLAR - fantomas wrote: >> This server apparently does not provide recursion for you. On 18.11.10 12:44, Kevin Darcy wrote: > The OP already found the problem - - apparently the hints file wasn't > being loaded properly. it was after my reply ;-) > However, for future reference in troubleshooting DNS problems through > interpretation of nslookup results, for the versions of nslookup I'm > familiar with, trying to do a lookup that requires recursion, from a > resolver that doesn't provide it, results in either > a) a goofy-looking referral response, if no searchlisting is being > performed, or > b) nslookup going off and doing searchlisted queries, and returning the > results of the *last* query it does (which is likely to be an NXDOMAIN > response, thus causing nslookup to mis-report the result of the overall > lookup as NXDOMAIN) > > In neither case would it return SERVFAIL. That usually points to some > other root cause. My guess would have been that the resolver had no > connectivity to the Internet and had marked all of the root nameservers > as "lame". Mis-loading of the hints file apparently has the same > symptoms, although to be honest I don't think I've seen that before. Last versions of BIND do not even return root referrals to clients that are not allowed to recurse. Accesing hint zone is understood as recursion too. ...you may remember issue with flooding some servers with UDP responses to spoofed queries for "." some time ago... Have you checked with such server? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Nslookup not working for external domain
On 11/18/2010 5:16 AM, Matus UHLAR - fantomas wrote: On 17.11.10 11:10, Moore, Mark A. wrote: Subject: Nslookup not working for external domain oh, nslookup is not working? Sure it is working, your problem is not in nslookup. We are running into a issue where one of our slave servers isn't resolving non-local domain names. the term "slave" only applies for domains server is fetchying from its master. There's no "slave" for non-local domains. For the two domains hosted on this server, we can resolve any entry. However, if we try to do an nslookup to cnn, google, yahoo, etc. it fails. We have turned off iptables and verified internet connectivity. Below is the error we get. What other areas should we be looking at to troubleshoot? Thx in advance for any help given. nslookup www.cnn.com ;; Got SERVFAIL reply from 192.243.160.18, trying next server This server apparently does not provide recursion for you. The OP already found the problem - - apparently the hints file wasn't being loaded properly. However, for future reference in troubleshooting DNS problems through interpretation of nslookup results, for the versions of nslookup I'm familiar with, trying to do a lookup that requires recursion, from a resolver that doesn't provide it, results in either a) a goofy-looking referral response, if no searchlisting is being performed, or b) nslookup going off and doing searchlisted queries, and returning the results of the *last* query it does (which is likely to be an NXDOMAIN response, thus causing nslookup to mis-report the result of the overall lookup as NXDOMAIN) In neither case would it return SERVFAIL. That usually points to some other root cause. My guess would have been that the resolver had no connectivity to the Internet and had marked all of the root nameservers as "lame". Mis-loading of the hints file apparently has the same symptoms, although to be honest I don't think I've seen that before. - Kevin P.S. Nslookup sucks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Nslookup not working for external domain
I have figured out and resolved my issue. For some reason I could not read the contents of the db.rootcache file. So I deleted and downloaded a new copy. Now everything is working. Thx to all for your assistance. Mark From: Moore, Mark A. Sent: Wednesday, November 17, 2010 1:10 PM To: bind-users@lists.isc.org Subject: Nslookup not working for external domain We are running into a issue where one of our slave servers isn't resolving non-local domain names. For the two domains hosted on this server, we can resolve any entry. However, if we try to do an nslookup to cnn, google, yahoo, etc. it fails. We have turned off iptables and verified internet connectivity. Below is the error we get. What other areas should we be looking at to troubleshoot? Thx in advance for any help given. nslookup www.cnn.com ;; Got SERVFAIL reply from 192.243.160.18, trying next server Server: 192.243.130.42 Address: 192.243.130.42#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.226.26 Name: www.cnn.com Address: 157.166.255.18 Name: www.cnn.com Address: 157.166.255.19 Name: www.cnn.com Address: 157.166.224.25 Name: www.cnn.com Address: 157.166.224.26 Name: www.cnn.com Address: 157.166.226.25 Mark ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Nslookup not working for external domain
On 17.11.10 11:10, Moore, Mark A. wrote: > Subject: Nslookup not working for external domain oh, nslookup is not working? Sure it is working, your problem is not in nslookup. > We are running into a issue where one of our slave servers isn't resolving > non-local domain names. the term "slave" only applies for domains server is fetchying from its master. There's no "slave" for non-local domains. > For the two domains hosted on this server, we can resolve any entry. > However, if we try to do an nslookup to cnn, google, yahoo, etc. it fails. > We have turned off iptables and verified internet connectivity. Below is > the error we get. What other areas should we be looking at to > troubleshoot? > > Thx in advance for any help given. > > nslookup www.cnn.com > ;; Got SERVFAIL reply from 192.243.160.18, trying next server This server apparently does not provide recursion for you. look at its logs ot put it away from resolv.conf. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Nslookup not working for external domain
In article , "Moore, Mark A." wrote: > We are running into a issue where one of our slave servers isn't resolving > non-local domain names. For the two domains hosted on this server, we can > resolve any entry. However, if we try to do an nslookup to cnn, google, > yahoo, etc. it fails. We have turned off iptables and verified internet > connectivity. Below is the error we get. What other areas should we be > looking at to troubleshoot? Make sure your firewall allows the first server to go out to the Internet on UDP port 53. Can you post its named.conf? > > Thx in advance for any help given. > > nslookup www.cnn.com > ;; Got SERVFAIL reply from 192.243.160.18, trying next server > Server: 192.243.130.42 > Address: 192.243.130.42#53 > > Non-authoritative answer: > Name: www.cnn.com > Address: 157.166.226.26 > Name: www.cnn.com > Address: 157.166.255.18 > Name: www.cnn.com > Address: 157.166.255.19 > Name: www.cnn.com > Address: 157.166.224.25 > Name: www.cnn.com > Address: 157.166.224.26 > Name: www.cnn.com > Address: 157.166.226.25 > > > Mark -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Nslookup not working for external domain
We are running into a issue where one of our slave servers isn't resolving non-local domain names. For the two domains hosted on this server, we can resolve any entry. However, if we try to do an nslookup to cnn, google, yahoo, etc. it fails. We have turned off iptables and verified internet connectivity. Below is the error we get. What other areas should we be looking at to troubleshoot? Thx in advance for any help given. nslookup www.cnn.com ;; Got SERVFAIL reply from 192.243.160.18, trying next server Server: 192.243.130.42 Address: 192.243.130.42#53 Non-authoritative answer: Name: www.cnn.com Address: 157.166.226.26 Name: www.cnn.com Address: 157.166.255.18 Name: www.cnn.com Address: 157.166.255.19 Name: www.cnn.com Address: 157.166.224.25 Name: www.cnn.com Address: 157.166.224.26 Name: www.cnn.com Address: 157.166.226.25 Mark ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
