Solved

dns stops working

Posted on 2001-06-03
15
226 Views
Last Modified: 2010-03-18
i am running debian with an ne2k ethernet card.  for some reason, after awhile i cannot communicate with my dns server.  the problem appears when a program other than netscape attempts to resolve a url.  after that, i cannot even ping the dns server but i can ping any other ip.  i have a box running red hat 6.2 set up to masquerade for the this lan, but the other computers on the lan don't seem to have this problem.  i have tried using both a 2.2 kernel and a 2.4.5 with no effect.  i can't figure out what is going on.
0
Comment
Question by:abuck
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +4
15 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6152316
Is your DNS server local (inside the firewall)? Can you ping the IP of the DNS server before it "locks up"? Does the routing table "netstat -rn" look like other Linux boxes on your lan?
0
 

Author Comment

by:abuck
ID: 6154258
my dns server is at my isp and i can ping until it stops resolving.  the routing table looks the same as the others:

Destination Gateway  Genmask      Flags Metric Ref  Use Iface
localnet     *       255.255.255.0 U     0      0    0   eth0
default     10.0.0.1  0.0.0.0   UG    0      0    0   eth0    
0
 

Author Comment

by:abuck
ID: 6154262
my dns server is at my isp and i can ping until it stops resolving.  the routing table looks the same as the others:

Destination Gateway  Genmask      Flags Metric Ref  Use Iface
localnet     *       255.255.255.0 U     0      0    0   eth0
default     10.0.0.1  0.0.0.0   UG    0      0    0   eth0    
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 

Author Comment

by:abuck
ID: 6154267
my dns server is at my isp and i can ping until it stops resolving.  the routing table looks the same as the others:

Destination Gateway  Genmask             Flags Metric Ref  Use Iface
localnet        *               255.255.255.0      U       0          0       0      eth0
default     10.0.0.1       0.0.0.0                   UG    0          0       0      eth0    
0
 

Author Comment

by:abuck
ID: 6154279
i just realized that its not just the dns.  i thought i was able to ping outside ip addresses even after the resolving issue started, but i can't even do that.  only local pings work.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6155537
How do you connect to your ISP (what kind of media i.e. dialup, DSL, ISDN, etc)?  IT may be possible that you are encountering an idle or session timeout (maybe your ISP uses both).  

Can you determine if it is disconnecting at a very regular interval after you connect (session timeout), or seems to not work if you haven't been paying attention to your computer (idle timeout)?  Or is it apparently random?

-Jon

0
 
LVL 40

Expert Comment

by:jlevie
ID: 6155906
If you only have one machine in your local LAN exhibiting this behaviour, then it is almost certainly a problem with that machine or with your something on your local network. Since the routing table looks fine on the system and since you can ping other local IP's when DNS stops working I'd be suspicious of something involving the firewall. When DNS stops can you ping the gateway IP? What kind of firewall do you have and can you tell me anything about the Internet link (single IP or a netblock (how big))?
0
 

Author Comment

by:abuck
ID: 6158169
i have a box running red hat 6.2 using ipchains  as a single ip firewall which is connected to my cable modem.  the lan consists of four computers and only one has a problem.  the problem seems to happen randomly, although sometimes occurs when multiple programs are attempting to resolve urls at the same time.  after the problem happens, i can ping the gateway ip, just not any outside ips.  i agree with jlevie, that it must be a problem with the computer that is having problems because it isn't happening to any of the others, but i can't figure out what would cause it to discriminate between local and foreign ips.
0
 
LVL 1

Expert Comment

by:Haho
ID: 6159168
I would do the steps below as I had a similar yet different problem.. :)
I think we need to determine if:

it is the (A) server or (B) firewall.. or (C) hub/switch(A) bring a notebook, plug it to replace the server when the problem starts, and try the ping.. it if works, definately the server is having problems.. if it doesn't , then it is the hub/switch or the firewall.

if it is the server, check the cable or the NIC.

(B) switch/hub- change the port for the server, reset the switch, check if the problem still occurs.. if it still does, nope.. not the hub/switch is giving problems.

(C) clear the firewall rules and test it out.. if no problem occurs after that.. then u know the culprit is the firewall or not...

good luck
0
 
LVL 1

Expert Comment

by:elminster
ID: 6159791
I've noticed a similar thing on our Linux box (SuSE 7.0). In our case the linux box could not see any other IP address (only itself). All other machines on the network work happily. All our machines are 172.16.1.x.

We tried changing the original network card (RTL(?)8139 chipset) with a Kingston KNE100 (tulip? driver). But the problem still occurs. We changed the port setting on the switch, different port, dynamic IP and static, but still the problem persisted.

We noticed that some of the mail delivery failure messages for mails sent by cron (via sendmail) had 'host name lookup failures'. These messages were being sent (initially) at about 4:30 am - when we do the mirroring of the Novell server - which we noticed was failing.

Upon investigation any copying of large amounts of data from the Novell server (ncpmount'd) to the local filesystem would cause the hang. Also copying large amounts of files from a windows client onto an NWE drive (Netware Logon) caused the system to hang.

This only started to happen after the Novell box was demoted as the main file server, and replaced by a real NT box. The Novell box did have 3 IPX subnets (one for each floor of the building), but has been reduced to 1. The Mars config then needed changing to suit the IPX subnet.

By turning off mail reports, and not doing the Novell mirror (which we don't need anymore) we have stopped the problem (or appeared to).

At the moment we are suspecting a problem with IPX, with the finger pointing at the Novell Server (the linux box was 100% happy for nearly a year, before the changes to the Novell box and introduction of NT Servers).

My current 'fix' to this without rebooting was a script which
   - Stops MarsNWE
   - Downs the ethernet interface
   - Restarts INETD
   - Bring up ethernet again
   - Starts MarsNWE.

You don't say exactly what your 'hanging' machine does.
Does it run NWE? or perform tasks the others don't? etc.

I guess any similarities between our machines (running Samba, NWE etc) would be worth looking into, as I too would like to know why this problem was/is occurring.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 6160113
Okay, since you can connect to inside machines and to the Masq box (I assume you can connect since you can ping) it becomes more likely that the problem is on the Masq box. Now to be certain that the problem is the Masq box I'd suggest running "tcpdump -n ip-of-problem-sys" when this problem re-occurs. It would probably be best to use some other inside box (not the Masq box or the problem child) to run the tcpdump. What you are looking for in the tcpdump trace is if packets destined for some Internet IP are leaving the problem child and if reply packets are coming back from the Masg box. If you see the outgoing, but not the replies, then the problem is at the Masq box and you can have ipchains log everything to get a clue. And if the tcpdump shows the outgoing and reply packets you obviously know the it is that Linux box that is the problem.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6472141
Possible that your novell server was sending bogus RIP info, and the box on question was the only one listening?

Just a thought,
-Jon

0
 

Expert Comment

by:CleanupPing
ID: 9078794
abuck:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9975903
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: jlevie {http:#6160113}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

majorwoo
EE Cleanup Volunteer
0

Featured Post

CHALLENGE LAB: Troubleshooting Connectivity Issues

Goal: Fix the connectivity issue in the lab's AWS environment so that you can SSH into the provided EC2 instance.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question