Solved

dns stops working

Posted on 2001-06-03
15
221 Views
Last Modified: 2010-03-18
i am running debian with an ne2k ethernet card.  for some reason, after awhile i cannot communicate with my dns server.  the problem appears when a program other than netscape attempts to resolve a url.  after that, i cannot even ping the dns server but i can ping any other ip.  i have a box running red hat 6.2 set up to masquerade for the this lan, but the other computers on the lan don't seem to have this problem.  i have tried using both a 2.2 kernel and a 2.4.5 with no effect.  i can't figure out what is going on.
0
Comment
Question by:abuck
  • 5
  • 3
  • 2
  • +4
15 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6152316
Is your DNS server local (inside the firewall)? Can you ping the IP of the DNS server before it "locks up"? Does the routing table "netstat -rn" look like other Linux boxes on your lan?
0
 

Author Comment

by:abuck
ID: 6154258
my dns server is at my isp and i can ping until it stops resolving.  the routing table looks the same as the others:

Destination Gateway  Genmask      Flags Metric Ref  Use Iface
localnet     *       255.255.255.0 U     0      0    0   eth0
default     10.0.0.1  0.0.0.0   UG    0      0    0   eth0    
0
 

Author Comment

by:abuck
ID: 6154262
my dns server is at my isp and i can ping until it stops resolving.  the routing table looks the same as the others:

Destination Gateway  Genmask      Flags Metric Ref  Use Iface
localnet     *       255.255.255.0 U     0      0    0   eth0
default     10.0.0.1  0.0.0.0   UG    0      0    0   eth0    
0
 

Author Comment

by:abuck
ID: 6154267
my dns server is at my isp and i can ping until it stops resolving.  the routing table looks the same as the others:

Destination Gateway  Genmask             Flags Metric Ref  Use Iface
localnet        *               255.255.255.0      U       0          0       0      eth0
default     10.0.0.1       0.0.0.0                   UG    0          0       0      eth0    
0
 

Author Comment

by:abuck
ID: 6154279
i just realized that its not just the dns.  i thought i was able to ping outside ip addresses even after the resolving issue started, but i can't even do that.  only local pings work.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6155537
How do you connect to your ISP (what kind of media i.e. dialup, DSL, ISDN, etc)?  IT may be possible that you are encountering an idle or session timeout (maybe your ISP uses both).  

Can you determine if it is disconnecting at a very regular interval after you connect (session timeout), or seems to not work if you haven't been paying attention to your computer (idle timeout)?  Or is it apparently random?

-Jon

0
 
LVL 40

Expert Comment

by:jlevie
ID: 6155906
If you only have one machine in your local LAN exhibiting this behaviour, then it is almost certainly a problem with that machine or with your something on your local network. Since the routing table looks fine on the system and since you can ping other local IP's when DNS stops working I'd be suspicious of something involving the firewall. When DNS stops can you ping the gateway IP? What kind of firewall do you have and can you tell me anything about the Internet link (single IP or a netblock (how big))?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:abuck
ID: 6158169
i have a box running red hat 6.2 using ipchains  as a single ip firewall which is connected to my cable modem.  the lan consists of four computers and only one has a problem.  the problem seems to happen randomly, although sometimes occurs when multiple programs are attempting to resolve urls at the same time.  after the problem happens, i can ping the gateway ip, just not any outside ips.  i agree with jlevie, that it must be a problem with the computer that is having problems because it isn't happening to any of the others, but i can't figure out what would cause it to discriminate between local and foreign ips.
0
 
LVL 1

Expert Comment

by:Haho
ID: 6159168
I would do the steps below as I had a similar yet different problem.. :)
I think we need to determine if:

it is the (A) server or (B) firewall.. or (C) hub/switch(A) bring a notebook, plug it to replace the server when the problem starts, and try the ping.. it if works, definately the server is having problems.. if it doesn't , then it is the hub/switch or the firewall.

if it is the server, check the cable or the NIC.

(B) switch/hub- change the port for the server, reset the switch, check if the problem still occurs.. if it still does, nope.. not the hub/switch is giving problems.

(C) clear the firewall rules and test it out.. if no problem occurs after that.. then u know the culprit is the firewall or not...

good luck
0
 
LVL 1

Expert Comment

by:elminster
ID: 6159791
I've noticed a similar thing on our Linux box (SuSE 7.0). In our case the linux box could not see any other IP address (only itself). All other machines on the network work happily. All our machines are 172.16.1.x.

We tried changing the original network card (RTL(?)8139 chipset) with a Kingston KNE100 (tulip? driver). But the problem still occurs. We changed the port setting on the switch, different port, dynamic IP and static, but still the problem persisted.

We noticed that some of the mail delivery failure messages for mails sent by cron (via sendmail) had 'host name lookup failures'. These messages were being sent (initially) at about 4:30 am - when we do the mirroring of the Novell server - which we noticed was failing.

Upon investigation any copying of large amounts of data from the Novell server (ncpmount'd) to the local filesystem would cause the hang. Also copying large amounts of files from a windows client onto an NWE drive (Netware Logon) caused the system to hang.

This only started to happen after the Novell box was demoted as the main file server, and replaced by a real NT box. The Novell box did have 3 IPX subnets (one for each floor of the building), but has been reduced to 1. The Mars config then needed changing to suit the IPX subnet.

By turning off mail reports, and not doing the Novell mirror (which we don't need anymore) we have stopped the problem (or appeared to).

At the moment we are suspecting a problem with IPX, with the finger pointing at the Novell Server (the linux box was 100% happy for nearly a year, before the changes to the Novell box and introduction of NT Servers).

My current 'fix' to this without rebooting was a script which
   - Stops MarsNWE
   - Downs the ethernet interface
   - Restarts INETD
   - Bring up ethernet again
   - Starts MarsNWE.

You don't say exactly what your 'hanging' machine does.
Does it run NWE? or perform tasks the others don't? etc.

I guess any similarities between our machines (running Samba, NWE etc) would be worth looking into, as I too would like to know why this problem was/is occurring.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 6160113
Okay, since you can connect to inside machines and to the Masq box (I assume you can connect since you can ping) it becomes more likely that the problem is on the Masq box. Now to be certain that the problem is the Masq box I'd suggest running "tcpdump -n ip-of-problem-sys" when this problem re-occurs. It would probably be best to use some other inside box (not the Masq box or the problem child) to run the tcpdump. What you are looking for in the tcpdump trace is if packets destined for some Internet IP are leaving the problem child and if reply packets are coming back from the Masg box. If you see the outgoing, but not the replies, then the problem is at the Masq box and you can have ipchains log everything to get a clue. And if the tcpdump shows the outgoing and reply packets you obviously know the it is that Linux box that is the problem.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6472141
Possible that your novell server was sending bogus RIP info, and the box on question was the only one listening?

Just a thought,
-Jon

0
 

Expert Comment

by:CleanupPing
ID: 9078794
abuck:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9975903
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: jlevie {http:#6160113}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

majorwoo
EE Cleanup Volunteer
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now