Re: DNS

Jan Gerrit Kootstra wrote:
Moe Trin schreef:
On Thu, 26 Mar 2009, in the Usenet newsgroup linux.redhat, in article
<8ccd4$49cb2768$d55d2be5$9480@xxxxxxxxxxxxxx>, Jan Gerrit Kootstra wrote:

Moe Trin schreef:

I'm a network guy, so I'm used to using a packet sniffer. This will
almost always provide the clues needed to diagnose the problem. Using
the common tcpdump command

/usr/sbin/tcpdump -n -s 512 port 53

gets both the UDP and TCP traffic to/from port 53. Things to look at
is what question are you asking _from_ which address, _to_ which DNS
server, and what (if any) reply do you get. Problems are usually quite
obvious from even that minimal data.

I think the DNS server might not be running anymore.

That's a reason to use a packet sniffer such as tcpdump as shown above.

If there is no name server at address $FOO, sending a DNS query will
result in one of two responses, depending on the firewall on the system
being queried. No DNS server (and no firewall) _OR_ a firewall that
rejects connections:

client -> DNS server "What is the IP address of $BAR"
DNS server -> client "Go away kid - you're bothering me"[1]

If there is a firewall, and it is set to "DROP" unwanted packets:

client -> DNS server "What is the IP address of $BAR"

which is to say - nothing comes back at all. Generally, the client
will make three attempts to ask to each DNS server listed in the
/etc/resolv.conf file. If you have the 'avahi' multicast DNS crap
installed and running (definitely NOT recommended) on the client, it
will also send a mDNS query to address 224.0.0.251 (and FF02::FB if
you are using IPv6) port 5353. Depending on the configuration of
/etc/nsswitch.conf, this mDNS query usually occurs before the normal
DNS query. Each time the resolver sends a mDNS or DNS query and
receives no response (black hole), the resolver waits for a response
before trying something else, or giving up. This is the normal cause
of 'slow" connections. Note that if your system has IPv6 enabled,
there are a lot of b0rken name servers out there that will ignore
an IPv6 query (AAAA record), but WILL respond in some manner to an
IPv4 query (A record) for the same hostname. IPv6 enabled clients
ask for an AAAA record first, and if none exists (NXDOMAIN or NODATA)
or after the timeout, will ask for an A record. This is a common
problem (RFC4074),

If there _is_ a name server and no firewall rules in the way, the DNS
server will give one of three[2] responses:

DNS server -> client "$BAR is at 192.0.2.143 NOERROR" (result code 0)

or

DNS server -> client "$BAR NXDOMAIN" (result code 3)

or

DNS server -> client "REFUSED" (result code 5)

In the first case, you got your answer - go talk to that host. In
the second case (NXDOMAIN), the name server is saying that the
hostname/address does not exist. The resolver believes this, and
will not ask anyone else. The application on the client will give a
message that says "never heard of it", and that's the end of that.
In the third case (REFUSED), the client _may_ (or may not) try to
ask a different server, but this is resolver library dependent.

Old guy

[1] ICMP Type 3 Code 3 (port unreachable) = "Nobody listening here"
[2] RFC1035 lists six result codes [0-5]. RFC2136 expands on this, and
adds five additional result codes [6-10]. RFC2308 adds a twelfth
result - the pseudo-code "NODATA" (coded as a zero which means NOERROR
but having all data fields empty). How your resolver handles these
other codes depends on the resolver library design.
Old guy,


The disadvantage of tcpdump is: one needs to understand the output. Wireshark makes it a little easier to read.

Not every Linux specialist is a network specialist.


Kind regards,


Jan Gerrit Kootstra
P.S. Why do you snip my contribution to the discussion without marking it as a snip.

Thank you guys....
I think that I need to investigate and maybe install an DNS Server......
I had a good result with ONE of my Server DNS from my second IP provider...

I will keep doing this way, until I can get an DNS server running properly...

Thanks again
.

Relevant Pages

  • Re: Domain Replica
    ... reason for long boot time when none DNS server is available. ... DNS Client side Resolver service Query Process ... DNS Forwarder Resolution and Time Out Process: ...
    (microsoft.public.windows.server.general)
  • Re: PHP Runs In WinXP Command Window But Not In Browser
    ... whatever DNS server its configured to look up and the DNS server does ... The local resolver then does the lookup according to it's configuration and settings and returns an answer to the browser. ... When an application makes a request that requires a domain name lookup, such programs send a resolution request to the DNS resolver in the local operating system, which in turn handles the communications required. ...
    (comp.lang.php)
  • NT DNS forward server can not find 163.coms MX record in the cache.
    ... I am using a NT DNS server in my internal network, the query to DNS server ... "Standard query MX 163.com", then HQ's DNS returned "Standard query response ...
    (microsoft.public.windows.server.dns)
  • Re: SBS 2003 R2 MX and A records
    ... Now's about the time I'd be assuming control of the DNS records for the ... Query: stetsonbaptistchurch.org. ... The name server "ns2.siteprotect.com" refused to answer a query ... I am afraid the IT Lady just called the old hosting company ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS
    ... If there is no name server at address $FOO, sending a DNS query will ... the resolver waits for a response ...
    (linux.redhat)