Nameserver Problem Revisited -

Bob Goodwin - W2BOD bobgoodwin at wildblue.net
Sat Apr 7 16:20:46 UTC 2007


Bob Goodwin - W2BOD wrote:
> Tim wrote:
>> On Sat, 2007-04-07 at 10:42 -0400, Bob Goodwin - W2BOD wrote:
>>> This scheme worked nicely until this morning!
>>
>> [giving null DNS answers, locally]
>>
>>> Suddenly things have returned to the earlier state where the browser 
>>> downloads each ad again, requiring about a minute to bring up a news 
>>> article instead of the few seconds that were required after making the
>>> suggested changes to /var/named/chroot/etc/blocked.conf and dead.zone,
>>> etc.
>>
>> Well, no changes should have been made to the dead.zone, it was
>> perfectly fine as it was originally provided.  But as long as the serial
>> number is set higher than previously used, that won't matter.
>
>    The serial number was left at and still is 200 after the discussion
>    the other day.
>
>>
>> The thing that springs to mind is for you to check whether
>> your /etc/resolv.conf file has been changed by any dynamic processes.
>> You'll need to have your special DNS server configured as the first one
>> to use, for this to work.
> cat /etc/resolv.conf
>
> nameserver 127.0.0.1
> nameserver 208.67.222.222      #Open DNS
> nameserver 208.67.220.220      #Open DNS
> nameserver 12.189.32.61        #ISP provided DNS
>>
>> You can test how your server responds to queries with the dig command.
>> You'd dig a domain name, and see the answers, and the address of the
>> server that answered.
> It looks like something is wrong with the local name caching? After 
> several repetitions to cnn.com, should be a few milliseconds.:
>
> .......  snip  ......
>
> cnn.com.                89      IN      A       64.236.24.12
> ;; Query time: 2224 msec
> ;; SERVER: 208.67.222.222#53(208.67.222.222)
> ;; WHEN: Sat Apr  7 11:55:32 2007
> ;; MSG SIZE  rcvd: 137
>>
>> e.g. dig a.blocked.domain.example.com
>>
>> You can also query a specific server, ignoring whatever's configured to
>> be used in the resolv.conf file, by adding extra parameters (write the
>> DNS server address to be queired after an @ sign).
>>
>> e.g. dig a.blocked.domain.example.com @127.0.0.1
> It looks like this is working?
>
> dig @anrtx.tacoda.net
>
> ; <<>> DiG 9.3.4 <<>> @anrtx.tacoda.net
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
>
> Now I am confused?
>
> Bob Goodwin
>
>
>
dig @example.com does not appear to be a valid request?  If I drop the 
"@" I get:

dig anrtx.tacoda.net

; <<>> DiG 9.3.4 <<>> anrtx.tacoda.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41990
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;anrtx.tacoda.net.              IN      A

;; ANSWER SECTION:
anrtx.tacoda.net.       85351   IN      CNAME   anrtx.gslb.tacoda.net.
anrtx.gslb.tacoda.net.  256     IN      A       209.50.189.200

;; Query time: 1141 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Apr  7 12:16:52 2007
;; MSG SIZE  rcvd: 75

It appears the local name caching is not working though since the times 
are all very long.

Bob Goodwin




More information about the fedora-list mailing list