HPE Community
Operating System - HP-UX
1753495 Members
4463 Online
108794 Solutions
New Discussion юеВ

Re: DNS forwarding randomly fails for random sites

 
Frank417
Advisor

тАО01-22-2010 10:07 AM

тАО01-22-2010 10:07 AM

DNS forwarding randomly fails for random sites

Our topology consists of forwarding DNS servers in our DMZ and internal DNS servers that are authoritative for internal domains and forward to our forwarding DNS servers in the DMZ. All are running on HP-UX. For some reason, sites like google.com or finance.yahoo.com sometimes don't return an IP address on our internal DNS servers but every other query works fine. No error, just no IP address. Doing a query on the servers in our DMZ successfully returns an IP address. So there is something on our internal servers and we can't seem to figure it out. Any ideas or suggestions would be appreciated.
0 Kudos
Reply
7 REPLIES 7
Frank417
Advisor

тАО01-22-2010 10:13 AM

тАО01-22-2010 10:13 AM

Re: DNS forwarding randomly fails for random sites

Below is an example of the response...


>nslookup google.com
Server: my_server_name
Address: my_server_IP

Non-authoritative answer:
Name: google.com

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО01-22-2010 11:05 AM

тАО01-22-2010 11:05 AM

Re: DNS forwarding randomly fails for random sites

Shalom,

I have seen this before with DNS.

Normally this is casued by intermittent network issues.

This could be an issue of pass through on the firewall. Port 53 needs to pass through UPP and TCP for accurate DNS answers.

Also note, the measures some sites take to prevent DoS and DNS poison attacks can casue issues as well.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Frank417
Advisor

тАО01-22-2010 11:15 AM

тАО01-22-2010 11:15 AM

Re: DNS forwarding randomly fails for random sites

I thought about that, but while that site is failing, others work fine. Then at other times, google.com will work fine and finance.yahoo.com or nissan.com will not. Plus if it was a network issue, I think I would get timeouts on the response.
0 Kudos
Reply
Frank417
Advisor

тАО01-22-2010 11:19 AM

тАО01-22-2010 11:19 AM

Re: DNS forwarding randomly fails for random sites

Also, running dig on the query actually shows me that the DNS server is returning a CNAME to the same name. So google.com returns a cname to google.com and its not showing me the authoritative servers or IP address. While its failing if I run dig on the servers its forwarding to, they all come back properly and so to queries to other domains on the internal server. This is just strange.
0 Kudos
Reply
Frank417
Advisor

тАО01-22-2010 11:26 AM

тАО01-22-2010 11:26 AM

Re: DNS forwarding randomly fails for random sites

; <<>> DiG 9.3.2 <<>> yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1964
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yahoo.com. IN A

;; ANSWER SECTION:
yahoo.com. 21015 IN CNAME yahoo.com.

;; Query time: 0 msec
0 Kudos
Reply
cnb
Honored Contributor

тАО01-22-2010 12:09 PM

тАО01-22-2010 12:09 PM

Re: DNS forwarding randomly fails for random sites

Maybe set swtrace on in nslookup to trace sources?

> set swtrace (default is noswtrace)
> google.com
0 Kudos
Reply
Frank417
Advisor

тАО01-22-2010 01:20 PM

тАО01-22-2010 01:20 PM

Re: DNS forwarding randomly fails for random sites

> google.com
Name Server: MyNameServer
Address: NameServerIP

lookup source is DNS
Name Server: MyNameServer
Address: NameServerIP

Trying DNS
Non-authoritative answer:
*** MyNameServer can't find google.com: Non-existent domain

Switching to next source in the policy
lookup source is NIS
Default NIS Server:

Trying NIS
*** No address information is available for "google.com"

Switching to next source in the policy
lookup source is FILES
Using /etc/hosts on: MyNameServer

looking up FILES
*** No address information is available for "google.com"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.