Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

No name resolution

0 views
Skip to first unread message

David Du SERRE-TELMON

unread,
Mar 21, 2002, 5:48:09 PM3/21/02
to
Hi,

I've got a very curious pb, I'm using bind 9.3.1.

My DNS server can't contact root server or my ISP DNS servers (if I put them
in forward). It can't locate DNS Server for any zone, this is the tcpdump
trace :

Name resolution using root server
20:29:03.368886 router206.orsay.iscio.com.domain > 192.112.36.4.domain:
[udp sum ok] 31764 [1au] A? www.yahoo.fr. . OPT UDPsize=2048 (41) (DF) (ttl
64, id 0, len 69)
20:29:03.378886 router206.orsay.iscio.com.domain > 192.112.36.4.domain:
[udp sum ok] 40810 [1au] NS? . . OPT UDPsize=2048 (28) (DF) (ttl 64, id 0,
len 56)
20:29:03.378886 router206.orsay.iscio.com.domain > 192.112.36.4.domain:
[udp sum ok] 26526 [1au] PTR? 4.36.112.192.in-addr.arpa. . OPT UDPsize=2048
(54) (DF) (ttl 64, id 0, len 82)
...

Internet connectivity is ok. No firewall pb...

My LAN is connect to other LAN with VPN. I can resole host for local zone,
and for zone on my VPN (the other DNS are on remote site).

Name resolution using a DNS forward on a VPN
20:33:31.618886 router206.orsay.iscio.com.domain >
ibmserver.orsay.iscio.com.domain: [udp sum ok] 33325+ [1au] A?
www.paris.iscio.com. . OPT UDPsize=2048 (48) (DF) (ttl 64, id 0, len 76)
20:33:31.618886 router206.orsay.iscio.com.domain >
ibmserver.orsay.iscio.com.domain: 24851+ [1au] PTR?
150.14.168.192.in-addr.arpa. . (56) (DF) (ttl 64, id 0, len 84)
20:33:31.738886 router206.orsay.iscio.com.domain >
ibmserver.orsay.iscio.com.domain: [udp sum ok] 20697+ A?
www.paris.iscio.com. [|domain] (DF) (ttl 64, id 0, len 65)
20:33:31.738886 router206.orsay.iscio.com.domain >
ibmserver.orsay.iscio.com.domain: [udp sum ok] 11337+ PTR?
150.14.168.192.in-addr.arpa. [|domain] (DF) (ttl 64, id 0, len 73)

Another thing very strange, if I put in forward options, a DNS present on a
remote site link with a remote site, resolution is OK.


Help me !

Thank you

David

Barry Margolin

unread,
Mar 21, 2002, 6:06:10 PM3/21/02
to
In article <a7dnv9$7...@pub3.rc.vix.com>,

David Du SERRE-TELMON <NOSPAMd...@netcourrier.com> wrote:
>Hi,
>
>I've got a very curious pb, I'm using bind 9.3.1.
>
>My DNS server can't contact root server or my ISP DNS servers (if I put them
>in forward). It can't locate DNS Server for any zone, this is the tcpdump
>trace :
>
>Name resolution using root server
>20:29:03.368886 router206.orsay.iscio.com.domain > 192.112.36.4.domain:
>[udp sum ok] 31764 [1au] A? www.yahoo.fr. . OPT UDPsize=2048 (41) (DF) (ttl
>64, id 0, len 69)
>20:29:03.378886 router206.orsay.iscio.com.domain > 192.112.36.4.domain:
>[udp sum ok] 40810 [1au] NS? . . OPT UDPsize=2048 (28) (DF) (ttl 64, id 0,
>len 56)
>20:29:03.378886 router206.orsay.iscio.com.domain > 192.112.36.4.domain:
>[udp sum ok] 26526 [1au] PTR? 4.36.112.192.in-addr.arpa. . OPT UDPsize=2048
>(54) (DF) (ttl 64, id 0, len 82)
>...
>
>Internet connectivity is ok. No firewall pb...

It looks like you're using the 'query-source' option to force source port
53 on the recursive queries. Are you sure your firewall is allowing
inbound packets to port 53, so that the replies can get through?

>Another thing very strange, if I put in forward options, a DNS present on a
>remote site link with a remote site, resolution is OK.

I'm having trouble parsing this sentence. Does "remote site link with a
remote site" mean you have a private connection (or a VPN) to this site,
rather than going through the Internet? If so, this supports the theory
that the problem is with your Internet firewall.

--
Barry Margolin, bar...@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

0 new messages