• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 590
  • Last Modified:

DNS random problem

Hi all,

I have "BIND 9.7.2-P3". Various time I face some problem with DNS  to various sites.
For example, the last days I can't resolve correctly "www.flybe.com".

nslookup www.flybe.com
Server:  mydns.mydomain.com
Address:  192.168.5.41

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to mydns.mydomain.com timed-out

### 2nd attempt ###
nslookup www.flybe.com
Server:  mydns.mydomain.com
Address:  192.168.5.41

Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    www.flybe.com
Address: [b] 212.24.93.101[/b]

Open in new window

On 2nd attempt I got a reply, without any change to configuration!

From a DNS server outside my range:
# dig  +trace flybe.com

; <<>> DiG 9.7.3 <<>> +trace flybe.com
;; global options: +cmd
.                       276910  IN      NS      m.root-servers.net.
.                       276910  IN      NS      k.root-servers.net.
.                       276910  IN      NS      i.root-servers.net.
.                       276910  IN      NS      l.root-servers.net.
.                       276910  IN      NS      j.root-servers.net.
.                       276910  IN      NS      d.root-servers.net.
.                       276910  IN      NS      a.root-servers.net.
.                       276910  IN      NS      c.root-servers.net.
.                       276910  IN      NS      f.root-servers.net.
.                       276910  IN      NS      e.root-servers.net.
.                       276910  IN      NS      b.root-servers.net.
.                       276910  IN      NS      g.root-servers.net.
.                       276910  IN      NS      h.root-servers.net.
;; Received 476 bytes from 10.19.146.162#53(10.19.146.162) in 1 ms

com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
;; Received 499 bytes from 192.203.230.10#53(e.root-servers.net) in 222 ms

flybe.com.              172800  IN      NS      ns1.prolexic.net.
flybe.com.              172800  IN      NS      ns2.prolexic.net.
;; Received 107 bytes from 192.41.162.30#53(l.gtld-servers.net) in 233 ms

# dig  +trace www.flybe.com

; <<>> DiG 9.7.3 <<>> +trace www.flybe.com
;; global options: +cmd
.                       276905  IN      NS      b.root-servers.net.
.                       276905  IN      NS      f.root-servers.net.
.                       276905  IN      NS      j.root-servers.net.
.                       276905  IN      NS      l.root-servers.net.
.                       276905  IN      NS      i.root-servers.net.
.                       276905  IN      NS      g.root-servers.net.
.                       276905  IN      NS      m.root-servers.net.
.                       276905  IN      NS      c.root-servers.net.
.                       276905  IN      NS      h.root-servers.net.
.                       276905  IN      NS      d.root-servers.net.
.                       276905  IN      NS      k.root-servers.net.
.                       276905  IN      NS      e.root-servers.net.
.                       276905  IN      NS      a.root-servers.net.
;; Received 492 bytes from 10.19.146.162#53(10.19.146.162) in 1 ms

com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
;; Received 491 bytes from 192.5.5.241#53(f.root-servers.net) in 110 ms

flybe.com.              172800  IN      NS      ns1.prolexic.net.
flybe.com.              172800  IN      NS      ns2.prolexic.net.
;; Received 111 bytes from 192.43.172.30#53(i.gtld-servers.net) in 383 ms

www.flybe.com.          10      IN      NS      lb2.flybe.com.
www.flybe.com.          10      IN      NS      lb1.flybe.com.
;; Received 99 bytes from 209.200.164.3#53(ns1.prolexic.net) in 0 ms

www.flybe.com.          30      IN      A      [b] 81.144.184.161[/b]
;; Received 47 bytes from 81.144.184.212#53(lb2.flybe.com) in 0 ms

Open in new window


This time I got a reply, althought its totally different from the first one...


Now, where the problems start. Doing dns queries:


ns1:/etc/bind# dig +norec +noques +nostats +nocmd www.flybe.com.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33161
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0

;; AUTHORITY SECTION:
flybe.com.              167043  IN      NS      ns2.prolexic.net.
flybe.com.              167043  IN      NS      ns1.prolexic.net.

ns1:/etc/bind# dig +norec +noques +nostats +nocmd +trace www.flybe.com.
.                       512533  IN      NS      k.root-servers.net.
.                       512533  IN      NS      b.root-servers.net.
.                       512533  IN      NS      c.root-servers.net.
.                       512533  IN      NS      g.root-servers.net.
.                       512533  IN      NS      d.root-servers.net.
.                       512533  IN      NS      m.root-servers.net.
.                       512533  IN      NS      e.root-servers.net.
.                       512533  IN      NS      i.root-servers.net.
.                       512533  IN      NS      l.root-servers.net.
.                       512533  IN      NS      a.root-servers.net.
.                       512533  IN      NS      f.root-servers.net.
.                       512533  IN      NS      j.root-servers.net.
.                       512533  IN      NS      h.root-servers.net.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
;; Received 503 bytes from 192.58.128.30#53(j.root-servers.net) in 164 ms

flybe.com.              172800  IN      NS      ns1.prolexic.net.
flybe.com.              172800  IN      NS      ns2.prolexic.net.
;; Received 111 bytes from 192.41.162.30#53(l.gtld-servers.net) in 321 ms

And www.flybe.com is NEVER resolved...
I get a reply only a few times, after a long delay (6+ seconds)

Any idea how can I troubleshoot?! Is anoyone else facing problems with this domain?!
0
ampranti
Asked:
ampranti
  • 3
  • 3
  • 2
  • +1
4 Solutions
 
wolfcamelCommented:
using an external tool such as iptools.com I Get..

www.flybe.com. 30 IN A 81.144.184.161
 
so you must have an issue with your dns server, its cache, or its forwarders.
0
 
amprantiAuthor Commented:
www.flybe.com is using two IPs; probably they use a load balancing scheme...

The problem inst that I get a wrong IP back, the problem is that I am noty getting a reply back!
Also, I am not using forwarders! I am asking directly root DNS servers as you can see to the above traces
0
 
sjklein42Commented:
flybe's DNS server is returning Query Refused:


http://network-tools.com/default.asp?prog=dnsrec&host=www.flybe.com


Retrieving DNS records for www.flybe.com...

DNS servers
lb2.flybe.com [81.144.184.212]
lb1.flybe.com [212.24.93.212]


DNS server returned an error: Query refused

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
sjklein42Commented:
They have also set a TTL of thirty seconds on their DNS records.

They have crazy DNS records.
0
 
amprantiAuthor Commented:
What I have find out until now:

These dns servers
flybe.com.              172800  IN      NS      ns1.prolexic.net.
flybe.com.              172800  IN      NS      ns2.prolexic.net.

redirect queries to these (internal/stealth?) dns servers
lb2.flybe.com [81.144.184.212]
lb1.flybe.com [212.24.93.212]


# dig any flybe.com

; <<>> DiG 9.7.3 <<>> any flybe.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46972
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 4, ADDITIONAL: 2

;; QUESTION SECTION:
;flybe.com.                     IN      ANY

;; ANSWER SECTION:
flybe.com.              10      IN      MX      20 mailq1.eurobell.net.
flybe.com.              10      IN      MX      30 mailq2.eurobell.net.
flybe.com.              10      IN      MX      5 mail1.flybe.com.
flybe.com.              10      IN      MX      5 mail2.flybe.com.
flybe.com.              10      IN      TXT     "v=spf1 ip4:212.24.93.32 ip4:212.24.93.30 -all"
flybe.com.              10      IN      SOA     ns1.prolexic.net. support.prolexic.com. 2011081701 86400 900 1209 3
flybe.com.              10      IN      A       212.24.93.101
flybe.com.              10      IN      NS      lb1.flybe.com.
flybe.com.              10      IN      NS      ns1.prolexic.net.
flybe.com.              10      IN      NS      ns2.prolexic.net.
flybe.com.              10      IN      NS      lb2.flybe.com.

;; AUTHORITY SECTION:
flybe.com.              10      IN      NS      lb2.flybe.com.
flybe.com.              10      IN      NS      lb1.flybe.com.

flybe.com.              10      IN      NS      ns2.prolexic.net.
flybe.com.              10      IN      NS      ns1.prolexic.net.

;; ADDITIONAL SECTION:
ns1.prolexic.net.       62937   IN      A       209.200.164.3
ns2.prolexic.net.       62937   IN      A       209.200.165.3

;; Query time: 2166 msec
;; SERVER: 10.19.152.1#53(10.19.152.1)
;; WHEN: Thu Oct 27 19:23:47 2011
;; MSG SIZE  rcvd: 425

However, these two DNS servers do not reply all the time or the reply is too slow.... (and expires)

So, in such cases what what I can do to solve such problem?
For example gmail can send sucessfully mails to them!
0
 
sjklein42Commented:
If nothing else, you could put records in the (BIND) HOSTS file on your DNS server for flybe.com to override anything it gets back from the 'net.
0
 
PapertripCommented:
Wow.

[root@broken ~]# dig @lb1.flybe.com flybe.com +short
81.144.184.161
[root@broken ~]# dig @lb1.flybe.com flybe.com +short
212.24.93.101

Open in new window


It's like they are trying to do round-robin but making zone changes every 30s to accomplish it rather than just have multiple A records.  That could lend a bit of reasoning as to why they have such obnoxiously low TTL's.

There is no good way to "fix" this, but creating a zone on your servers for flybe.com is probably your best option.
0
 
amprantiAuthor Commented:
Is there a way to define flybe.com zone in such a way that it includes only MX records and alla other request to be forwaded to flybe.com DNS servers?!

Thank you
0
 
PapertripCommented:
Is there a way to define flybe.com zone in such a way that it includes only MX records and alla other request to be forwaded to flybe.com DNS servers?!
Not with BIND.

You could setup another nameserver between your clients and BIND and use dnsmasq or pfsense or something similar that can give specific replies to queries while forwarding the rest upstream to BIND.

Totally not worth it for 1 company IMO, especially when that companies DNS is so screwed up.  If resolving their domains is critical to your business, then I suggest you tell them to fix their records.

Bottom line here is that the problem is on their end -- anything you do to "fix" it from your end is only adding complexity, along with admin overhead to get everything set up and update it when flybe changes any of their records.

Not worth it.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now