Hi Amit On Mon, Jul 04, 2016 at 04:32:07PM +0530, Amit Kumar Gupta wrote: > Dear All, > > We are Tier 2 ISP in Delhi. Our subscribers are not able to open dropbox.com > using our DNS IPs. > BIND version is 9.8.0. > > Regards > Manager(Internet-Systems) > MTNL Delhi
As an internet user, I'd expect my ISP to be using current versions of software that are not vulnerable or buggy. BIND 9.8.0 is an ancient version of BIND. BIND 9.8.x release branch reached its end of life in September 2014. BIND 9.8.0 is much older than that (released in February 2011). https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html As you appear to be the manager of internet systems at your organization from your signature, is it not your responsiblity to use recent versions of software that have not reached their end of life? For your resolution problem, I'd recommend that you start by: 1. Upgrading to a current version of BIND. 2. Looking at named log output to see what happens when you're trying to resolve the domain. > bash-3.2# dig dropbox.com 203.94.243.70 I assume 203.94.243.70 is the IP of the resolver that you're trying to use. In this case, this is not the correct syntax. Use: dig dropbox.com @203.94.243.70 > ; <<>> DiG 9.6-ESV-R4-P2 <<>> dropbox.com 203.94.243.70 > ;; global options: +cmd > ;; connection timed out; no servers could be reached This error means that a nameserver(/resolver) could not be reached. > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40790 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 4096 > ;; QUESTION SECTION: > ;203.94.243.70. IN A As you can see, due to the incorrect syntax, it's attempting to resolve the address record of the name "203.94.243.70." which is probably not what you want. Please start by upgrading your systems (resolvers) to use a current version of BIND. Check that the client has a working route to the resolver. Check the log output of named for information on whether it is receiving client queries and any messages it logs about why the resolution is failing. As manager of internet systems at your organization, check and see if any other software that you are using is way past its end of life. Mukund
signature.asc
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
