Re: Nameserver Problem Revisited -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bob Goodwin - W2BOD wrote:

Tim wrote:

On Sat, 2007-04-07 at 10:42 -0400, Bob Goodwin - W2BOD wrote:

This scheme worked nicely until this morning!


[giving null DNS answers, locally]
Suddenly things have returned to the earlier state where the browser downloads each ad again, requiring about a minute to bring up a news article instead of the few seconds that were required after making the 
suggested changes to /var/named/chroot/etc/blocked.conf and dead.zone,
etc.


Well, no changes should have been made to the dead.zone, it was
perfectly fine as it was originally provided.  But as long as the serial
number is set higher than previously used, that won't matter.


   The serial number was left at and still is 200 after the discussion
   the other day.



The thing that springs to mind is for you to check whether
your /etc/resolv.conf file has been changed by any dynamic processes.
You'll need to have your special DNS server configured as the first one
to use, for this to work.

cat /etc/resolv.conf

nameserver 127.0.0.1
nameserver 208.67.222.222      #Open DNS
nameserver 208.67.220.220      #Open DNS
nameserver 12.189.32.61        #ISP provided DNS


You can test how your server responds to queries with the dig command.
You'd dig a domain name, and see the answers, and the address of the
server that answered.
It looks like something is wrong with the local name caching? After several repetitions to cnn.com, should be a few milliseconds.: 

.......  snip  ......

cnn.com.                89      IN      A       64.236.24.12
;; Query time: 2224 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Apr  7 11:55:32 2007
;; MSG SIZE  rcvd: 137


e.g. dig a.blocked.domain.example.com

You can also query a specific server, ignoring whatever's configured to
be used in the resolv.conf file, by adding extra parameters (write the
DNS server address to be queired after an @ sign).

e.g. dig a.blocked.domain.example.com @127.0.0.1

It looks like this is working?

dig @anrtx.tacoda.net

; <<>> DiG 9.3.4 <<>> @anrtx.tacoda.net
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

Now I am confused?

Bob Goodwin
dig @example.com does not appear to be a valid request? If I drop the "@" I get: 

dig anrtx.tacoda.net

; <<>> DiG 9.3.4 <<>> anrtx.tacoda.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41990
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;anrtx.tacoda.net.              IN      A

;; ANSWER SECTION:
anrtx.tacoda.net.       85351   IN      CNAME   anrtx.gslb.tacoda.net.
anrtx.gslb.tacoda.net.  256     IN      A       209.50.189.200

;; Query time: 1141 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Apr  7 12:16:52 2007
;; MSG SIZE  rcvd: 75
It appears the local name caching is not working though since the times are all very long. 

Bob Goodwin
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux