DNS not working since May 6 2010
Hi, I've got a small DNS server on my home network, and ever since May 6, 2010 (co-incidentally DNSSEC root sign day), lookups on freebsd.org have started failing. eg: ~,8:36am> dig www.freebsd.org a ; <<>> DiG 9.6.1-P3 <<>> www.freebsd.org a ;; global options: +cmd ;; connection timed out; no servers could be reached Lookups on other domains still appear to work, Google, OpenBSD, NetBSD, etc. Is anyone else seeing this? How do I fix it? Cheers. -- Jonathan Chen Attention: This email may contain information intended for the sole use of the original recipient. Please respect this when sharing or disclosing this email's contents with any third party. If you believe you have received this email in error, please delete it and notify the sender or postmas...@solnetsolutions.co.nz as soon as possible. The content of this email does not necessarily reflect the views of Solnet Solutions Ltd. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: DNS not working since May 6 2010
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/05/2010 21:40:02, Jonathan Chen wrote: > I've got a small DNS server on my home network, and ever since May 6, > 2010 (co-incidentally DNSSEC root sign day), lookups on freebsd.org have > started failing. eg: Uh, the DURZ was installed on j.root; the last one of the root servers to get it. Besides, .org was DNSSEC signed way back in June 2009. That is not causing your problem here. > ~,8:36am> dig www.freebsd.org a > > ; <<>> DiG 9.6.1-P3 <<>> www.freebsd.org a > ;; global options: +cmd > ;; connection timed out; no servers could be reached > > Lookups on other domains still appear to work, Google, OpenBSD, NetBSD, > etc. Is anyone else seeing this? How do I fix it? Works fine here: % dig +short www.freebsd.org a 69.147.83.33 Hmmm DNS for freebsd.org is provided by ISC. They had a fibre break yesterday -- no idea whether it could have affected resolving freebsd.org but it's worth trying again now its all been repaired. Otherwise, you need to work out why the DNS lookup is failing. That means turning up the logging on your recursive server and hunting for clues. Probably the biggest cause of DNS problems at the moment are firewalls that do not handle large UDP packets properly and that interfere with the EDNS and/or fall-back to TCP algorithms used. You can test that using: https://www.dns-oarc.net/oarc/services/replysizetest Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvjyQUACgkQ8Mjk52CukIzpGQCfXqIAySAfR/zH7lo2beKvfHs+ Zd8An3QMXUrUQgec0ftbgS/5aTcTEKX3 =xuja -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: DNS not working since May 6 2010
On Fri, May 07, 2010 at 09:02:13AM +0100, Matthew Seaman wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 06/05/2010 21:40:02, Jonathan Chen wrote: > > > I've got a small DNS server on my home network, and ever since May 6, > > 2010 (co-incidentally DNSSEC root sign day), lookups on freebsd.org have > > started failing. eg: > > Uh, the DURZ was installed on j.root; the last one of the root servers > to get it. Besides, .org was DNSSEC signed way back in June 2009. That > is not causing your problem here. > Hmm, I ran across an DNSSEC article in The Register, which lead me to: http://labs.ripe.net/content/testing-your-resolver-dns-reply-size-issues Working thru' it, I tweaked my named.conf's edns-udp-size option and it started working again. So it looks like it was related to the final set of root servers being enabled. Cheers. -- Jonathan Chen -- When all else fails, RTFM ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
