Re: nameserver issues involving *.debian.org

To: debian-user@lists.debian.org
Subject: Re: nameserver issues involving *.debian.org
From: Joel Roth <joelz@pobox.com>
Date: Mon, 31 Jan 2011 10:25:22 -1000
Message-id: <[🔎] 20110131202522.GC13220@sprite>
Reply-to: Joel Roth <joelz@pobox.com>
In-reply-to: <[🔎] 20110131081149.GA8605@discord.proulx.com>
References: <[🔎] 20110130212637.GA14302@sprite> <[🔎] 20110131081149.GA8605@discord.proulx.com>

On Mon, Jan 31, 2011 at 01:11:49AM -0700, Bob Proulx wrote:
> Joel Roth wrote:
> > Some nslookup oddities have been bothering me.  Does it look
> > to you like my ISP is blocking certain DNS queries?
> 
> Something seems broken.  Probably broken rather than blocking.
> 
> > [maseru]$ nslookup debian.org
> 
> I know nslookup is the venerable old tool.  But it produces a lot of
> noise in the output.  You might look into using with host or dig.
>   
>   $ host debian.org
>   debian.org has address 206.12.19.7
>   debian.org has address 128.31.0.51
>   debian.org mail is handled by 0 master.debian.org.
> 
>   $ dig debian.org a +short
>   128.31.0.51
>   206.12.19.7
> 
> > $ nslookup debian.org 66.33.216.127
> > 	;; connection timed out; no servers could be reached
> > 
> > $ nslookup ftp.us.debian.org 66.33.216.127
> > 	;; connection timed out; no servers could be reached
> 
> Looks broken to me.

Yes, but DNS traffic to that same DNS server, asking for a
*different* host (google.com) succeeds. 

DNS traffic is DNS traffic, so if some queries are being
blocked selectively based on content, it appears to be
content-selective blocking. 

> I recommend installing a local nameserver and using it instead.  Then
> you shouldn't have this type of problem.  Plus since it is broken you
> are bound to have other problems with other addresses.  For example
> you could install BIND9 and use the default configuration as a local
> caching nameserver.
> 
>   $ sudo apt-get install bind9

I've previously used dnsmasq. 
 
> Then ensure that 'nameserver 127.0.0.1' exists in /etc/resolv.conf and
> you should be set.  By "ensure" I mean that you should use either
> 'resolvconf' to maintain that file or perhaps use a 'dns-nameservers'
> statement in /etc/network/interfaces or edit the resolv.conf file
> manually or whatever is appropriate for your system.

I'd been using resolvconf before, however I removed it
due to not understanding what it does and how it interacts
with /etc/dhcp/dhclient.conf and /etc/network/interfaces.

I'd previously been frustrated trying to specify nameserver
information in dhclient.conf and posted earlier to 
this list:

http://lists.debian.org/debian-user/2010/09/msg00531.html

As you suggest, /etc/network/interfaces may be the correct
place for this. I'd use resolvconf if it would help.

I'm surprised that even having removed the resolvconf
package, /etc/init.d/networking restart creates a 
new /etc/resolv.conf with first line: # generated by resolvconf

I look forward to demystifying these issues, and getting
reliable DNS for the next decade(s). :-)

Regards,

Joel
 
> Bob



-- 
Joel Roth

Reply to:

References:
- nameserver issues involving *.debian.org
  - From: Joel Roth <joelz@pobox.com>
- Re: nameserver issues involving *.debian.org
  - From: Bob Proulx <bob@proulx.com>

Prev by Date: Re: help
Next by Date: Re: [OT] Gmail's not-that-fancy features (was: USB3.0 problem: xhci_hcd not found)
Previous by thread: Re: nameserver issues involving *.debian.org
Next by thread: Re: nameserver issues involving *.debian.org
Index(es):
- Date
- Thread