Re: resolving-problem

Tue, 23 Jul 2013 09:59:05 -0700

Don't confuse dig +trace with what is happening or not at your name server. When trace is enabled, dig performs the queries needed itself from the location the dig is run. So, in other words, if your system is not allowed to send or receive DNS packets, then you'll never be able to perform a resolution and you will get the error noted below. Any and all recursion performed by name servers on your behalf will mean different behaviour vs a +trace.
To correctly determine where the resolution is failing, the dig needs to be run from the outside (closest to the internet) inward. Do not bother using +trace when your system is not by default performing the entire resolution. When you find the system which is failing to resolve the name, then you know it is a problem w/ that system and it's next step towards the internet. 

-- John


On 7/23/2013 12:35 PM, Shawn Bakhtiar wrote:

Do you run your name servers from behind a firewall, or is your 
firewall (iptables) turned on?



We run our name servers from behind a firewall, my network computers 
give the same problem when I run dig +trace www.fransiplus.com 
<http://www.fransiplus.com/>



The only place I can run the dig +trace www.fransiplus.com without 
failing is on the external authoritative servers.


There is a good explanation of what this fails here:
https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQZoom;CategoryID=21;ItemID=75


But I think this is a different problem, than not being able to 
resolve the fransiplus.com <http://www.fransiplus.com/> from your PC




------------------------------------------------------------------------
From: me...@cyberia.net.sa
To: sjc...@gmail.com
Subject: RE: resolving-problem
Date: Tue, 23 Jul 2013 11:36:46 +0300
CC: bind-users@lists.isc.org

Thank you so much for your email and support,


Pls, See, the dig + trace output when use ns1.nesma.net.sa,   at the 
end it say connection timedout. so please can you to find out the 
 problem is from where???



[root@ns1 ~]# dig +trace www.fransiplus.com 
<http://www.fransiplus.com/>, ...



; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> +trace 
www.fransiplus.com


;; global options: +cmd

. 504930  IN NS      j.root-servers.net.

.              504930  IN NS      c.root-servers.net.

. 504930  IN NS      a.root-servers.net.

. 504930  IN NS      e.root-servers.net.

. 504930  IN NS      f.root-servers.net.

. 504930  IN NS      k.root-servers.net.

. 504930  IN NS      g.root-servers.net.

. 504930  IN NS      l.root-servers.net.

. 504930  IN NS      i.root-servers.net.

. 504930  IN NS      d.root-servers.net.

. 504930  IN NS      m.root-servers.net.

. 504930  IN      NS b.root-servers.net.

. 504930  IN NS      h.root-servers.net.

;; Received 512 bytes from 212.119.64.2#53(212.119.64.2) in 5388 ms

com. 172800  IN NS      m.gtld-servers.net.

com.      172800  IN NS      c.gtld-servers.net.

com. 172800  IN NS      i.gtld-servers.net.

com. 172800  IN NS      a.gtld-servers.net.

com. 172800  IN NS      l.gtld-servers.net.

com. 172800  IN NS      g.gtld-servers.net.

com. 172800  IN NS      d.gtld-servers.net.

com. 172800  IN NS      k.gtld-servers.net.

com. 172800  IN NS      f.gtld-servers.net.

com. 172800  IN NS      b.gtld-servers.net.

com. 172800  IN NS      e.gtld-servers.net.

com. 172800  IN NS      h.gtld-servers.net.

com. 172800  IN      NS j.gtld-servers.net.

;; Received 508 bytes from 192.33.4.12#53(192.33.4.12) in 1789 ms

fransiplus.com. 172800  IN NS      ns1.alfransi.com.sa.

fransiplus.com. 172800  IN NS      ns2.alfransi.com.sa.

;; Received 87 bytes from 192.5.6.30#53(192.5.6.30) in 202 ms

;; connection timed out; no servers could be reached

Ejaz

------------------------------------------------------------------------

*From:*Steven Carr [mailto:sjc...@gmail.com]
*Sent:* Sunday, July 21, 2013 3:09 PM
*To:* Ejaz
*Cc:* Bind users
*Subject:* Re: resolving-problem


So the logs would seem to indicate that the server responded to your 
PC, the only way you can see exactly what happened with that response 
is with traffic captures on the name server and your PC.


Steve



On 21 Jul 2013, at 12:52, "Ejaz" <me...@cyberia.net.sa 
<mailto:me...@cyberia.net.sa>> wrote:


I can resolve yahoo and here the snippet of logs,


21-Jul-2013 14:46:11.119 queries: info: client 212.119.65.13#2007: 
query: yahoo.com.cyberia.net.sa IN A + (212.71.32.19)



21-Jul-2013 14:46:11.122 queries: info: client 212.119.65.13#2008: 
query: yahoo.com <http://yahoo.com> IN A + (212.71.32.19)


But, Where as

I can't resolve fransiplus, here is the logs.


21-Jul-2013 14:46:19.135 queries: info: client 212.119.65.13#2009: 
query: fransiplus.com.cyberia.net.sa IN A + (212.71.32.19)



21-Jul-2013 14:46:19.138 queries: info: client 212.119.65.13#2010: 
query: fransiplus.com <http://fransiplus.com> IN A + (212.71.32.19)


I didin't see any difference.

Ejaz



_______________________________________________ Please visit 
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list bind-users mailing list bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to