HPE Community
Operating System - HP-UX
1825595 Members
3042 Online
109682 Solutions
New Discussion

Strange DNS lookup problem

 
SOLVED
Go to solution
Bryan_6
Frequent Advisor

‎01-08-2003 01:15 PM

‎01-08-2003 01:15 PM

Strange DNS lookup problem

I am having difficulty performing a lookup on the host ftp.ucctechweb.com.

In my environment, my HPUX DNS server handles lookup requests for internal hosts. For any requests outside my zone (e.g. www.yahoo.com), the HP server points to a forwarder which is a Linux box that has access to the internet.

When I try an nslookup for ftp.ucctechweb.com, I get timeouts at both the HPUX server and my Linux server. Any lookups for other hosts (e.g. www.hp.com, www.yahoo.com, etc.), work just fine. Now, if I use another 'outside' DNS server (like Time Warner or AT&T), ftp.ucctechweb.com resolves just fine. From this evidence, it's hard to determine whether this is a configuration problem on my end or elsewhere.

Any ideas?

Thanks...
0 Kudos
Reply
9 REPLIES 9
David Burgess
Esteemed Contributor

‎01-08-2003 01:26 PM

‎01-08-2003 01:26 PM

Re: Strange DNS lookup problem

Bryan,

Does it work if you run nslookup on the linux server and set it to use your ISP's DNS server?

May be the problem is with your ISP's name resolution.

Regards,

Dave.
0 Kudos
Reply
Ron Kinner
Honored Contributor

‎01-08-2003 01:38 PM

‎01-08-2003 01:38 PM

Re: Strange DNS lookup problem

Just a question. If you do an nslookup on ucctechweb.com does that work? I tried both on my local DNS and they have different IPs. Wondering if it is the ftp that is causing the problem or something else. Can you go to other ftp sites?

My bet would be the Linux box since it is also timing out but it could be further up the chain. Can you contact the sysadmin on the next step and ask him to do an nslookup locally?

In O'Reilly's DNS and BIND there is an interesting technique for resolving the problem.

nslookup
set norec
set nosearch
ftp.ucctechweb.com

Since the DNS does not know the IP it should give you a list of servers that it would ask. You then change to one of them with
server "hostname"
and it gives you a list of its sources. You can also ask it if it knows ftp.ucctechweb.com in the same manner and move up the chain to see where you go wrong.

Ron
0 Kudos
Reply
Bryan_6
Frequent Advisor

‎01-08-2003 03:08 PM

‎01-08-2003 03:08 PM

Re: Strange DNS lookup problem

Well, I don't know if this is significant or not, but I ran through a couple of nslookup steps (see below) and found that when looking up the domain ucctechweb.com (using my local DNS server), I rec'd 'no answer' but it still listed where its authority was located. I then set server to their DNS server and ucctechweb.com resolved fine. I also tested a lookup against my domain (snaponcredit.com) which worked as well.

While it would appear more evident that it's my server failing, I wonder if it's the opposite - my server is moving up the domain chain to locate an authority for ucctechweb.com, but their server (or another) didn't respond ('no answer'). When I attempt to lookup my domain from their server, the lookup moves through the domain chain, reaches my server, and responds without any problems. Hope this makes sense... Let me know what you think...

$ nslookup
> set type=soa
> ucctechweb.com
;; connection timed out; no servers could be reached
> set norecurse
> set nosearch
> ucctechweb.com
Server: XXX.XXX.XXX.XXX
Address: XXX.XXX.XXX.XXX#53

Non-authoritative answer:
*** Can't find ucctechweb.com: No answer

Authoritative answers can be found from:
ucctechweb.com nameserver = NS.CCH-LIS.com.
ucctechweb.com nameserver = NS2.CCH-LIS.com.
NS.CCH-LIS.com internet address = 208.203.201.2
> server ns.cch-lis.com
Default server: ns.cch-lis.com
Address: 208.203.201.2#53
> ucctechweb.com
Server: ns.cch-lis.com
Address: 208.203.201.2#53

ucctechweb.com
origin = ucctechweb.com.
mail addr = Postmaster.ucctechweb.com.
serial = 2002092001
refresh = 14400
retry = 3600
expire = 600
minimum = 86000
> snaponcredit.com
Server: ns.cch-lis.com
Address: 208.203.201.2#53

Non-authoritative answer:
snaponcredit.com
origin = socns1.snaponcredit.com.
mail addr = root.localhost.snaponcredit.com.
serial = 2002121901
refresh = 3600
retry = 3600
expire = 3600
minimum = 3600

Authoritative answers can be found from:
snaponcredit.com nameserver = socns1.snaponcredit.com.
snaponcredit.com nameserver = SOCNS2.snaponcredit.com.
socns1.snaponcredit.com internet address = 12.31.48.66
SOCNS2.snaponcredit.com internet address = 12.31.48.67
>
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎01-08-2003 10:52 PM

‎01-08-2003 10:52 PM

Re: Strange DNS lookup problem

Hi,

Try nslookup from unix machine and also a windows NT machine. Does the same problem arises ?

I hope you have not disabled recursive querying in your internal HP server and external Linux server.

Also have you removed ( move somewhere )db.cache file from your internal HP-UX DNS server and configure your internal DNS server as root server of your internal domain and forwarder as external linux DNS server

Also run nslookup in debug mode.

#nslookup -d2
server x.x.x.x
>ftp.ucctechweb.com.

pl paste the contents here

regards,
U.SivaKumar




Innovations are made when conventions are broken
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎01-09-2003 06:22 AM

‎01-09-2003 06:22 AM

Re: Strange DNS lookup problem

In early Linux, I had similar problems. Linux DNS did just not cut the mustard as an out of the box product. I have since version 6.0 of Redhat been downloading source and compiling my own version. I lost all problems.

My first try with Linux DNS was Redhat 6.0 and the RPM for bind. I ended up failing all over with simple requests on whole domains with no apparent reason. I initially put the first bad domain into my cache, but then others started failing too.

Sooo, my suggestion is either use a different box for your DNS gateway, or download and compile your own version which tends to be alot less buggy.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Ron Kinner
Honored Contributor

‎01-09-2003 06:43 AM

‎01-09-2003 06:43 AM

Solution

Re: Strange DNS lookup problem

The next step per O'reilly is to do:
nslookup -d2
this will give you a lot of stuff right at the first then it will give you the > prompt. Type in your ucctechweb.com and see what it says then. I'd do this on both the HP and the Linux and then compare it to the yahoo.com results.

I'm wondering if your Linux box might not have gotten a bad answer once and cached it and keeps giving you that instead of going out and finding a new answer. Can you flush the cache?

Ron
Reply
Samantha Fetter
New Member

‎01-09-2003 09:20 AM

‎01-09-2003 09:20 AM

Re: Strange DNS lookup problem

One thing I noticed when looking at this problem:

I did the nslookup
set type=soa
ucctecweb.com

In the response, it says authoritative answers can be found from:
ns.ucctechweb.com
and
ns.wsb.com

It lists the IP for the first one, but not the second.
I pointed to ns.wsb.com and looked up ftp.ucctechweb.com and got no response from server.

I've had something similar happen before when routing was bad to one nameserver for a domain out on the net. I'd recycle DNS and it would work for a while again.
My guess is that my server was getting "stuck" pointing to the unreachable nameserver. Perhaps your system is consistently trying to resolve from the ns.wsb.com NS and that's why it's failing.

Cheers,
Samanth
"Unix is very simple, but it takes a genius to understand the simplicity." -Dennis Ritchie
Reply
Bryan_6
Frequent Advisor

‎01-09-2003 10:01 AM

‎01-09-2003 10:01 AM

Re: Strange DNS lookup problem

Alright! It would appear that cache was stuck looking at the wrong server for resolution. Once it was cleared, the lookups started working. Thanks to Samantha and Ron for pointing me in that direction. And thanks to all for some good troubleshooting information.

Best regards,
Bryan
0 Kudos
Reply
W.C. Epperson
Trusted Contributor

‎01-09-2003 10:34 AM

‎01-09-2003 10:34 AM

Re: Strange DNS lookup problem

Judging from the date stamp on his whois record,I think ucctechweb.com changed his nameserver registrations on January 6 and neither the old or new servers are actually usable. The new servers, at cch-lis.com, appear to be behind a firewall which prevents access to them via DNS (UDP 53 or TCP 53). The old servers appear to be firewalled from UDP 53, the DNS default, but respond on TCP 53, i.e.
dig +tcp @ns.wsb.com ucctechweb.com
works. The servers you got results from were probably using cache. One of the truisms about DNS is that hosing it up often makes things work weirdly rather than definitively breaking them.
"I have great faith in fools; self-confidence, my friends call it." --Poe
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.