Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Re: Absurd DNS failures
- Date: Thu, 3 Jul 2003 20:35:45 +0900
- From: "Norman Diamond" <ndiamond@example.com>
- Subject: Re: [tlug] Re: Absurd DNS failures
- References: <3e5101c340a2$946df6a0$a6ee4ca5@example.com> <20030702231123.8F9E.SL@example.com>
"Stephen Lee" <sl@example.com> tried to help me: > > When dialled up from Linux, the nslookup command automatically contacts my > > ISP's DNS servers and resolves names like www.yahoo.co.uk, www.yahoo.co.jp, > > and www.att.com. But it fails with names like www.yahoo.com -- it says that > > it cannot reach any name servers. This has been reproduced a dozen times > > one day and a dozen times the next day. > > Are you using any firewall in Linux? Maybe you've blocked TCP queries? At first I was using the default SuSE 8.1 configuration, which blocks most incoming connections, but which allows incoming UDP from port 53 of my ISP's DNS servers. After the absurd behavior (especially after getting results for www.asia.microsoft.com but not for plain microsoft.com), I opened it up a bit, using the command line: # iptables -I INPUT -p udp --sport 53 -j ACCEPT # iptables -I OUTPUT -p udp --dport 53 -j ACCEPT # iptables -I INPUT -p tcp --sport 53 -j ACCEPT # iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT There was no difference in the result. > Maybe it is something like wrong MTU, or you're using ECN? How could this get success for www.asia.microsoft.com but timeouts for plain microsoft.com? I could even open Microsoft's main page in Konqueror by typing http://207.46.whatever.was from the result of nslookup www.asia.microsoft.com. By the way, in my office today I ran nslookup on a different Linux system connected via a LAN and a router (not broadband but similar). Again www.asia.microsoft.com came out as CNAME records for plain microsoft.com. But then plain microsoft.com didn't fail, it came out as CNAME records for some Akamai servers (something.akadns.com). Same with Yahoo, www.yahoo.com came out as CNAME records for something.akadns.com. So now it seems that the DNS queries from my home Linux system through dialup are failing only when the authority comes from Akamai. This is still incredibly strange. "David Oftedal" <david@example.com> suggested: > Just try defining some DNSes manually. I did. I manually defined my ISP's DNS servers (165.76.60.2 and 165.76.56.2) and got the absurd results already stated. "Mike FABIAN" <mfabian@example.com> wrote: > Don't know, but both "nslookup www.yahoo.com" and "nslookup > microsoft.com" work for me on SuSE 8.2. Did you try it though dialup, through a modem on your own machine? Or only in a more normal corporate setting? > I guess it's some configuration issue. Yeah no doubt, but what could it be, how could the results be this combination of success and failure?
- Follow-Ups:
- [tlug] Re: Absurd DNS failures
- From: Mike FABIAN
- Re: [tlug] Re: Absurd DNS failures
- From: J. David Beutel
- [tlug] Re: Absurd DNS failures
- References:
- [tlug] Absurd DNS failures
- From: Norman Diamond
- [tlug] Re: Absurd DNS failures
- From: Stephen Lee
- [tlug] Absurd DNS failures
- Prev by Date: Re: [tlug] Keystrokes to open a Terminal?
- Next by Date: Re: [tlug] challenge-response spam filtering
- Previous by thread: [tlug] Re: Absurd DNS failures
- Next by thread: [tlug] Re: Absurd DNS failures
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |