[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DNS resolution problem on certain addresses using BIND 9

I have two domains (that I know of) that named cannot resolve. All other domains resolve as expected. The server in question is a standard Debian stable setup without GUI running principally exim, cyrus imap, & named without certain services like finger, ftp, sshd. It sets outside the firewall using a shared T-1.
One of the domains in question (belonging to one of our members) is a .com domain, and the other is a (well-known) .net (groklaw.net). [I can reach both from my home computer.] I can ping both servers using their IP addresses.
Both the host command and a simple dig on the names only yields a ";; connection timed out; no servers could be reached" message. If I run a dig with a trace, dig resolves the address correctly (see the dig +trace results below). If I point dig to the address's name server, the address resolves correction (see dig from address's NS below).
I have done several google searchs on the problem. To my eye the DNS A and CNAME records appear correct. I have updated the /etc/bind/db.root file from FTP.INTERNIC.NET, and I have flush the cache (using rndc flush)--not to mention several reboots just to make sure (old Windows habits die hard). If I add the address to my /etc/hosts file, it solves the resolution problem for ping, but not for exim or dig.
I have exhausted my limited knowledge. If anyone knows a solution to my problem (apart from dumping BIND 9 and pointing my system to someone else's DNS) or can point me in the right direction on where to look next, I would appreciate it. 

Thanks,

Wade


========= dig +trace results ==========================================
; <<>> DiG 9.2.1 <<>> www.groklaw.net +trace
;; global options:  printcmd
.			517983	IN	NS	K.ROOT-SERVERS.NET.
.			517983	IN	NS	L.ROOT-SERVERS.NET.
.			517983	IN	NS	M.ROOT-SERVERS.NET.
.			517983	IN	NS	A.ROOT-SERVERS.NET.
.			517983	IN	NS	B.ROOT-SERVERS.NET.
.			517983	IN	NS	C.ROOT-SERVERS.NET.
.			517983	IN	NS	D.ROOT-SERVERS.NET.
.			517983	IN	NS	E.ROOT-SERVERS.NET.
.			517983	IN	NS	F.ROOT-SERVERS.NET.
.			517983	IN	NS	G.ROOT-SERVERS.NET.
.			517983	IN	NS	H.ROOT-SERVERS.NET.
.			517983	IN	NS	I.ROOT-SERVERS.NET.
.			517983	IN	NS	J.ROOT-SERVERS.NET.
;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 2 ms

net.			172800	IN	NS	a.gtld-servers.net.
net.			172800	IN	NS	g.gtld-servers.net.
net.			172800	IN	NS	h.gtld-servers.net.
net.			172800	IN	NS	c.gtld-servers.net.
net.			172800	IN	NS	i.gtld-servers.net.
net.			172800	IN	NS	b.gtld-servers.net.
net.			172800	IN	NS	d.gtld-servers.net.
net.			172800	IN	NS	l.gtld-servers.net.
net.			172800	IN	NS	f.gtld-servers.net.
net.			172800	IN	NS	j.gtld-servers.net.
net.			172800	IN	NS	k.gtld-servers.net.
net.			172800	IN	NS	e.gtld-servers.net.
net.			172800	IN	NS	m.gtld-servers.net.
;; Received 502 bytes from 193.0.14.129#53(K.ROOT-SERVERS.NET) in 102 ms

groklaw.net.		172800	IN	NS	ns.unc.edu.
groklaw.net.		172800	IN	NS	ns2.unc.edu.
;; Received 75 bytes from 192.5.6.30#53(a.gtld-servers.net) in 42 ms

www.groklaw.net.	86400	IN	CNAME	groklaw.net.
groklaw.net.		86400	IN	A	152.2.210.81
groklaw.net.		86400	IN	NS	ns.unc.edu.
groklaw.net.		86400	IN	NS	ns2.unc.edu.
;; Received 137 bytes from 152.2.21.1#53(ns.unc.edu) in 38 ms

=================================================================


======== dig from address's NS========================================
; <<>> DiG 9.2.1 <<>> @ns.unc.edu www.groklaw.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11075
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.groklaw.net.		IN	A

;; ANSWER SECTION:
www.groklaw.net.	86400	IN	CNAME	groklaw.net.
groklaw.net.		86400	IN	A	152.2.210.81

;; AUTHORITY SECTION:
groklaw.net.		86400	IN	NS	ns.unc.edu.
groklaw.net.		86400	IN	NS	ns2.unc.edu.

;; ADDITIONAL SECTION:
ns.unc.edu.		86400	IN	A	152.2.21.1
ns2.unc.edu.		86400	IN	A	152.2.253.100

;; Query time: 14 msec
;; SERVER: 152.2.21.1#53(ns.unc.edu)
;; WHEN: Thu Mar  3 09:51:58 2005
;; MSG SIZE  rcvd: 137

====================================================================

--
Wade Parker
National Chicken Council
1015 15th Street, NW, Suite 930
Washington, DC 20009-2622
   (202) 296-2622 x 20, telephone
   (202) 293-4005, fax
www.nationalchickencouncil.com
www.eatchicken.com
Reply to: