Re: Problem resolving a domain on my cache server. (part II)
This is a discussion on Re: Problem resolving a domain on my cache server. (part II) within the Bind Users forums, part of the DNS and Related Forums category; "Fabiano Silos Reis" <fsilos@ig.com> wrote: > I know what you mean. The problem is ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-23-2005
|
|||
|
|||
Re: Problem resolving a domain on my cache server. (part II)
"Fabiano Silos Reis" <fsilos@ig.com> wrote:
> I know what you mean. The problem is that my cache server keeps > resolving for a while but somehow from time to times this host > (www.redecard.com.br) cannot be resolved by my cache server (my server > answer with timeout responses). But when this host cannot be resolved by When this happens, what does your server show for dig redecard.com.br. ns +norec dig regulus1.credicard.com.br. a +norec dig canopus1.credicard.com.br. a +norec I mean, does it still have the information about how to get to the record for www.redecard.com.br? > my cache server I setup a script that dig this host directly from their > two ns > > dig -b mycacheserver_ip_address#the_same_src_port_namded_ is_using > www.redecard.com.br @200.211.224.110 > dig -b mycacheserver_ip_address#the_same_src_port_namded_ is_using > www.redecard.com.br @200.211.224.111 > > I get positive answers. So I suppose it is not communication fault or > their fault. > > Don't you think my cache server daemon may be losing something when it > tries to resolve this specific host? One thing I notice is that on a direct query, their nameservers do not return authority and additional records for the NS/A: % dig @200.211.224.111 www.redecard.com.br. a +norec ; <<>> DiG 9.2.3 <<>> @200.211.224.111 www.redecard.com.br. a +norec ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23575 ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.redecard.com.br. IN A ;; ANSWER SECTION: www.redecard.com.br. 3600 IN A 200.185.9.46 Could that be significant? Also the records they do actually have: % dig @200.211.224.111 redecard.com.br. ns +norec ;; ANSWER SECTION: redecard.com.br. 3600 IN NS regulus1.credicard.com.br. redecard.com.br. 3600 IN NS canopus1.credicard.com.br. ;; ADDITIONAL SECTION: regulus1.credicard.com.br. 3600 IN A 200.211.224.110 canopus1.credicard.com.br. 3600 IN A 200.211.224.111 have different TTLs from the delegation records: % dig @a.dns.br. redecard.com.br. ns +norec ;; AUTHORITY SECTION: redecard.com.br. 86400 IN NS CANOPUS1.CREDICARD.com.br. redecard.com.br. 86400 IN NS REGULUS1.CREDICARD.com.br. ;; ADDITIONAL SECTION: CANOPUS1.CREDICARD.com.br. 86400 IN A 200.211.224.111 REGULUS1.CREDICARD.com.br. 86400 IN A 200.211.224.110 which might cause problems. I assume the upper/lowercase differences are not relevant. On a BIND 9.3.0 server here, when I do an initial query for www.redecard.com.br I get ;; ANSWER SECTION: www.redecard.com.br. 3600 IN A 200.185.9.46 ;; AUTHORITY SECTION: redecard.com.br. 86399 IN NS REGULUS1.CREDICARD.com.br. redecard.com.br. 86399 IN NS CANOPUS1.CREDICARD.com.br. i.e. the NS records from the delegation. BIND obviously has, or had, the A records too, in order to get to www.redecard.com.br, but does not include them as additional, and does not respond to a direct query: % dig REGULUS1.CREDICARD.com.br. a +norec ;; QUESTION SECTION: ;REGULUS1.CREDICARD.com.br. IN A ;; AUTHORITY SECTION: br. 31117 IN NS C.DNS.br. br. 31117 IN NS D.DNS.br. br. 31117 IN NS E.DNS.br. br. 31117 IN NS A.DNS.br. br. 31117 IN NS B.DNS.br. -- Ronan Flood <R.Flood@noc.ulcc.ac.uk> working for but not speaking for Network Services, University of London Computer Centre (which means: don't bother ULCC if I've said something you don't like) 
|
Linear Mode
