Re: Can't resolve a particular address

This is a discussion on Re: Can't resolve a particular address within the Bind Users forums, part of the DNS and Related Forums category; Barry Margolin wrote: > > In article <bio9au$1ccu$1@sf1.isc.org>, None Given <tawitt71@yahoo....


Go Back   Usenet Forums > DNS and Related Forums > Bind Users

Reload this Page Re: Can't resolve a particular address

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 08-30-2003
Ian Northeast
 
Posts: n/a
Default Re: Can't resolve a particular address
Barry Margolin wrote:
>
> In article <bio9au$1ccu$1@sf1.isc.org>, None Given <tawitt71@yahoo.com> wrote:
> >Can anyone help me even start to track down this problem.
> >
> >I have a private network in my house. I set up a DNS server on
> >OpenBSD 3.1. I don't remembe what version of bind I have, and don't
> >know how to find it if that matters.
>
> dig version.bind txt chaos

By default OBSD 3.1 had bind 4 (their modified supposedly more secure
version). I assume that the OP would remember upgrading it. So that
won't work, but "named -v" should. Bind 9 is in the ports and it's easy
to upgrade which I suggest the OP does unless an upgrade to 3.3 is
viable. That comes with bind 9.

> >At any rate, I can not resolve the address www.info.wien.at. I can
> >reach this destination outside of my network, so it isn't their site.
> >
> >I thought it might be the TLD, and maybe I had my root files messed up
> >or something, but I can resolve other addresses inside that TLD, and
> >can even resolve wien.at.
>
> www.dnsreport.com says that one of the nameservers for the info.wien.at
> domain is lame.
>
> babylon.atnet.at is supposed to be a server for the domain, but it doesn't
> appear to have the zone loaded.

But the other one works so that isn't the whole problem. BTW is it
normal for a lame server to answer non-authoritatively and quote itself
as an authority? Just curious.

The other problem seems to be a firewall somewhere in front of the
working nameserver for info.wien.at, ns.info.wien.at, which is dropping
DNS queries from source port 53. Bind 4 uses source port 53. Modern
versions use high source ports by default. If I change a nameserver to
use source port 53 it can't resolve that domain, if I let it default to
high it can.

This sort of thing can take hours to diagnose fully. Someone posted a
little patch to dig which enables the source port to be specified the
other day, I can't remember where but google should provide. This could
be very useful in this situation.

If my diagnosis is correct this firewall is broken. But it's probably
easier for the OP to upgrade to bind 9 than to try to persuade the
firewall's admin to fix it.

Regards, Ian

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:03 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0