Solved

DNS Problem(s)

Posted on 2004-09-07
19
327 Views
Last Modified: 2010-04-20
I am running DNS bind 9.2.1 - presently i am experiencing a problem where it is not able to resolve DNS records that seem to be over in china and our hosted by mx.sina.net  I am not able to send mail to greatmountain.com.cn or everesports.com Because my DNS server times out.  When I issue a dig on these sites is when i see the timeout.
If i use  www.dnsstuff.com they seem to have the ability to find these sites... Can someone tell me what i should look for.  It seems as if I can find most other sites in the states no problem, My DNS's have been working fine for the past two years.. this all of a sudden just started happenning on these Specific domains.  I perfomed a reboot to clear cache but no change.    
0
Comment
Question by:shrek2
  • 7
  • 5
  • 3
  • +3
19 Comments
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 11996931
It could be that dnsstuff has it in its cache. Can you resolve any other adress.
Is your dns server asking it from other dns server like your isp ?

0
 
LVL 40

Expert Comment

by:jlevie
ID: 11997785
I don't think there's anything wrong with your DNS server.  Although if you've been running it for two years your hints file is probably a bit out of date.  You can get a current copy from ftp://FTP.INTERNIC.NET/domain/named.root.

Neither of those domains works from any of my name servers. From what I can see from here it looks like it might be some sort of Internet routing problem.

When I started composing this comment I could not get data back from either of the name servers for eversports.com (dns3.register.com & dns4.register.com). But now I can. I still can't reach the nameservers for greatmountain.com.cn though.
0
 

Author Comment

by:shrek2
ID: 11997804
As far as i know my DNS server is not looking to my isp, it just uses the named.ca for root servers..    I called my isp and they were about no help. The tech there said it was probalby in my cache and that i should clear it?  Then he told me to go to askmrdns on google, I did but still have not conquered this problem.  

here is what baffles me i do the following queries and i get a time out-when I use
dig @servername.xxx hostname.xxx "NS" it just fails timeout.  But a straigt dig servername.com seems to work; except on the problem domains mentioned "everesports.com" and "greatmountain.com.cn"   below i have copied output of Dig command.  Hope this helps you help me.  Thanks


[root@ns1 named]# dig @e0.ns.voyager.net voyager.net NS

; <<>> DiG 9.2.1 <<>> @e0.ns.voyager.net voyager.net NS
;; global options:  printcmd
;; connection timed out; no servers could be reached
[root@ns1 named]# dig voyager.net

; <<>> DiG 9.2.1 <<>> voyager.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5130
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2

;; QUESTION SECTION:
;voyager.net.                   IN      A

;; ANSWER SECTION:
voyager.net.            85148   IN      A       209.153.190.1

;; AUTHORITY SECTION:
voyager.net.            86005   IN      NS      e1.ns.voyager.net.
voyager.net.            86005   IN      NS      e2.ns.voyager.net.
voyager.net.            86005   IN      NS      e0.ns.voyager.net.

;; ADDITIONAL SECTION:
e0.ns.voyager.net.      85866   IN      A       169.207.2.72
e1.ns.voyager.net.      85300   IN      A       207.89.128.13

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep  7 13:18:36 2004
;; MSG SIZE  rcvd: 131

[root@ns1 named]# dig everesports.com

; <<>> DiG 9.2.1 <<>> everesports.com
;; global options:  printcmd
;; connection timed out; no servers could be reached
[root@ns1 named]#

0
 

Author Comment

by:shrek2
ID: 11997850
This is for jlevie:  You may well be correct however could you please look at my other post for more information.  ALSO the other domain i could not reach is everesports.com it has an "e" after ever and before sports.  Please let me know if you can query.  Thanks again.  
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11998611
Sorry, typo on my part in part of my tests.

A whois on everesports.com says that it's name servers are ns.xinnetdns.com & ns.xinnet.cn, which are the same name servers for greatmountain.com.cn. As far as I can tell both of those DNS servers are reachable via a ping, but one seems not to be operating properly and the other not at all. If I do:

wilowisp> host ns.xinnetdns.com
ns.xinnetdns.com has address 210.51.170.66
wilowisp> host -T -t mx greatmountain.com.cn 210.51.170.66
;; connection timed out; no servers could be reached
wilowisp>

wilowisp> host -T -t mx greatmountain.com.cn 202.106.124.195
Using domain server:
Name: 202.106.124.195
Address: 202.106.124.195#53
Aliases:
 greatmountain.com.cn mail is handled by 10 mx.sina.net.

But when Bind does the query:

wilowisp> host -t mx greatmountain.com.cn
;; connection timed out; no servers could be reached

it fails. The results for everesports.com are similar. So I'd have to say that the problem is on their end.
0
 

Author Comment

by:shrek2
ID: 11999169
To: Jlevie  no problem on the typo:)

Wow Sina is a huge isp provider in China -I think #1 or #2 ......
Yes i performed the same commands as you and I also got same results.   Is there a way for me to further confirm this. ?  "paranoia i guess"  any other tools i might  be able to use?  I noticed you did not use "dig": Is that tool not as "reliable" as host?  

Becasue my original problem is that my Mailserver is doing a DNS lookup and my NS can not find the record I am having failure of mail to these domains.    Do you think i could place an entry in my e-mail servers host log to alleviate the DNS lookup failure? I will just try it.  
Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12001862
> Is there a way for me to further confirm this. ?

What I placed in the comment was just a sample of what I saw on three, geographically diverse, Linux and Solaris boxes. That's two different instances of the lookup tools & Bind using widely varied routes to the servers in question. The only other thing to try would be to have someone in Europe or the Far East check the servers.

I used host rather than dig simply because it is less verbose. Either are viable tools for checking the response of a DNS server.

> Do you think i could place an entry in my e-mail servers host log to alleviate the DNS lookup failure?

If you address the mail to the FQDN of the maileserver for the domain a hosts file record will work. It won't help if you address the message to the domain (e.g., user@everesports.com) because Sendmail will still try to do an MX lookup.
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12004835
I just tried greatmountain.com.cn I am based in the UK

dig greatmountain.com.cn

; <<>> DiG 9.2.4rc5 <<>> greatmountain.com.cn
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31778
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;greatmountain.com.cn.          IN      A

;; ANSWER SECTION:
greatmountain.com.cn.   3600    IN      A       210.51.168.38

;; AUTHORITY SECTION:
greatmountain.com.cn.   86400   IN      NS      ns.xinnet.cn.
greatmountain.com.cn.   86400   IN      NS      ns.xinnetdns.com.

;; ADDITIONAL SECTION:
ns.xinnet.cn.           64      IN      A       202.106.124.195
ns.xinnetdns.com.       140727  IN      A       210.51.170.66

;; Query time: 806 msec
;; SERVER: 195.10.229.195#53(195.10.229.195)
;; WHEN: Wed Sep  8 11:35:48 2004
;; MSG SIZE  rcvd: 160

Hope that helps
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12004842
Oh yeah check www.dnsstuff.com and www.dnsreport.com very useful sites for checking dns and email and the like.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 40

Expert Comment

by:jlevie
ID: 12006843
Whatever the problem was with those DNS servers it looks like it is fixed as they work now...
0
 

Author Comment

by:shrek2
ID: 12007902
To everyone and jlevie:  

It looks as if my server is still unable to resolve everesports.com or greatmountain.com.cn using host  or dig all i get is connection timed out no servers could be reached.  (You can use my server to query it.  ns1.firstpath.com)
(jlevie are you still getting success?)

 and can anyone point me into a direction as to why I seem to be the only one (aside from jlevie yesterday)  who is not able to connect to these particular servers.?  

Thanks
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12008123
Its possible server has probably cached the responce and is returning stale results
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12008708
I just checked again and lookups are failing again, so I guess it was't really fixed.

When I said that I had tried this from "geographically diverse sites" I should have explained that. I used three sites in the US, each of which uses a different Tier 1 network provider, one site in South America, and a site in Sweden. So it isn't an isolated problem.
0
 

Author Comment

by:shrek2
ID: 12008859
Well i restarted the server for a cache clear.  I also downloaded and put in place the most current named.root file from FTP.Internic.net i then restarted the server and i still the following when i do a dig. ;
<<>> DiG 9.2.1 <<>> everesports.com
;; global options:  printcmd
;; connection timed out; no servers could be reached

here is a successful dig on a company i know is out of china- (it seems to work)
 Do you see anything in the below dig query that might point to a problem..  I do notice that the "Query" server is 127.0.0.1 is that OK?  Its been set to this forever.  
Thanks

; <<>> DiG 9.2.1 <<>> dkcity.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63960
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;dkcity.com.                    IN      A

;; ANSWER SECTION:
dkcity.com.             85069   IN      A       220.130.209.103

;; AUTHORITY SECTION:
dkcity.com.             171469  IN      NS      dns2.dkcity.com.
dkcity.com.             171469  IN      NS      dns1.dkcity.com.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep  8 15:25:22 2004
;; MSG SIZE  rcvd: 82

0
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 12012182
One more time... The problem isn't with your DNS server, dig, or the host command.

I've just rechecked the servers that I have access to and one of them (in the US) can do 'dig everesports.com' or 'host -t mx everesports.com' successfully (all are running RHEL 3.0ES at the same up2date level), but the others can't. So, my guess right now would be that this is some sort of routing issue. More than likely it will get fixed at some point.
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 12041982
since mostly you all in US you may not be notice some of the access will scan by the china gov. and filter before it actuall get into china, I located in HK I can easy get into china, so try to route the thing through HK may be easier. I did try everesports.com and greatmountain.com.cn and got below result

[root@test root]# dig everesports.com

; <<>> DiG 9.2.0 <<>> everesports.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23844
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;everesports.com.               IN      A

;; ANSWER SECTION:
everesports.com.        3600    IN      A       61.152.160.207

;; AUTHORITY SECTION:
everesports.com.        172800  IN      NS      ns.xinnet.cn.
everesports.com.        172800  IN      NS      ns.xinnetdns.com.

;; ADDITIONAL SECTION:
ns.xinnet.cn.           3600    IN      A       202.106.124.195

;; Query time: 709 msec
;; SERVER: 192.168.0.11#53(192.168.0.11)
;; WHEN: Mon Sep 13 16:05:57 2004
;; MSG SIZE  rcvd: 118

[root@test root]# dig greatmountain.com.cn

; <<>> DiG 9.2.0 <<>> greatmountain.com.cn
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35847
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;greatmountain.com.cn.          IN      A

;; ANSWER SECTION:
greatmountain.com.cn.   3600    IN      A       210.51.168.38

;; AUTHORITY SECTION:
greatmountain.com.cn.   86400   IN      NS      ns.xinnetdns.com.
greatmountain.com.cn.   86400   IN      NS      ns.xinnet.cn.

;; ADDITIONAL SECTION:
ns.xinnet.cn.           3437    IN      A       202.106.124.195

;; Query time: 656 msec
;; SERVER: 192.168.0.11#53(192.168.0.11)
;; WHEN: Mon Sep 13 16:08:40 2004
;; MSG SIZE  rcvd: 124


and it's from a RH 8.0 testing PC. So jlevie is right only the routing problem.
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 12041997
oh don't disclose this comment to any China office in US or other countries, if not I will disappear without any notice :( may be I should as EE admin to delete my comment here, it's also risk for this site. Try route the things through HK to see it's work or not.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12043781
I don't see where any Chinese authorities should get upset over what you posted. Everything there is a matter of public record and is freely available to anyone.
0
 
LVL 1

Expert Comment

by:gn0
ID: 12099495
It seems that there are at least 6 dns servers that reply for quries about both everesports.com and greatmountain.com.cn they are -
ns.xinnet.cn
ns.xinnetdns.com
ns2.xinnetdns.com
ns2.xinnet.cn
dns.xinnet.com
dns2.xinnet.com

when queried, they dont respond as fast as my dns servers - but given the fact they are half way around the world it think their response is reasonablish....

I think that you should query the servers directly - like
dig @ns.xinnet.cn everesports.com
if none reply to you .... then jlevie might be right ... there might just be some internet routing problem.... or even willful filtering ??
once you find a few that work fine.... build forward zones in your dns like....
zone "everesports.com" {
        type forward;
        forwarders{202.106.124.194; 210.51.170.66;};
};

then try with your dns again....

Nav.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now