--
========================================================
You received this message because you are subscribed to the Google
Groups "public-dns-discuss" group.
To post to this group, send email to public-dn...@googlegroups.com
To unsubscribe from this group, send email to
public-dns-disc...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/public-dns-discuss?hl=en
For more information on Google Public DNS, please visit
http://code.google.com/speed/public-dns
========================================================
Sure. Pasted below. It is from my computer.
"valhalla" is the name of the local DNS (a RHEL5 server) which I have
now set to use Google DNS.
[root@amd ~]# ping rapidshare.com
ping: unknown host rapidshare.com
[root@amd ~]# dig @valhalla rapidshare.com
;; Truncated, retrying in TCP mode.
;; Connection to 10.100.0.11#53(10.100.0.11) for rapidshare.com
failed: host unreachable.
[root@amd ~]# dig @8.8.8.8 rapidshare.com
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> @8.8.8.8
rapidshare.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11048
;; flags: qr rd ra; QUERY: 1, ANSWER: 21, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;rapidshare.com. IN A
;; ANSWER SECTION:
rapidshare.com. 39 IN A 195.122.131.14
rapidshare.com. 39 IN A 195.122.131.15
rapidshare.com. 39 IN A 195.122.131.16
rapidshare.com. 39 IN A 195.122.131.17
rapidshare.com. 39 IN A 195.122.131.18
rapidshare.com. 39 IN A 195.122.131.19
rapidshare.com. 39 IN A 195.122.131.20
rapidshare.com. 39 IN A 195.122.131.21
rapidshare.com. 39 IN A 195.122.131.22
rapidshare.com. 39 IN A 195.122.131.2
rapidshare.com. 39 IN A 195.122.131.3
rapidshare.com. 39 IN A 195.122.131.4
rapidshare.com. 39 IN A 195.122.131.5
rapidshare.com. 39 IN A 195.122.131.6
rapidshare.com. 39 IN A 195.122.131.7
rapidshare.com. 39 IN A 195.122.131.8
rapidshare.com. 39 IN A 195.122.131.9
rapidshare.com. 39 IN A 195.122.131.10
rapidshare.com. 39 IN A 195.122.131.11
rapidshare.com. 39 IN A 195.122.131.12
rapidshare.com. 39 IN A 195.122.131.13
;; Query time: 72 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Jan 16 05:14:54 2010
;; MSG SIZE rcvd: 368
[root@amd ~]#
As you can see, I can't access rapidshare.com from my own computer
when using the local DNS, but if I by pass it, I can.
When the local DNS is set to use Google DNS, rapidshare.com is the
only domain that doesn't work.
If I change the local DNS to the one given from my ISP, rapidshare.com
works right away.
Just for good meassure here is the /etc/named.conf from the local DNS:
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
// query-source address * port 53;
// forwarders {
// 194.239.134.83;
// 193.162.153.164;
// };
// Google Public DNS
forwarders {
8.8.8.8;
8.8.4.4;
};
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
include "/etc/rndc.key";
zone "amd.server" IN {
type master;
file "dummy.domain.zone";
};
zone "10.in-addr.arpa" IN {
type master;
file "10.in-addr.arpa.zone";
};
Notice that I now have AUTHORITY SECTION and ADDITIONAL SECTION.
[root@amd ~]# dig @valhalla rapidshare.com
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> @valhalla
rapidshare.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2180
;; flags: qr rd ra; QUERY: 1, ANSWER: 21, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;rapidshare.com. IN A
;; ANSWER SECTION:
rapidshare.com. 488 IN A 195.122.131.3
rapidshare.com. 488 IN A 195.122.131.4
rapidshare.com. 488 IN A 195.122.131.5
rapidshare.com. 488 IN A 195.122.131.6
rapidshare.com. 488 IN A 195.122.131.7
rapidshare.com. 488 IN A 195.122.131.8
rapidshare.com. 488 IN A 195.122.131.9
rapidshare.com. 488 IN A 195.122.131.10
rapidshare.com. 488 IN A 195.122.131.11
rapidshare.com. 488 IN A 195.122.131.12
rapidshare.com. 488 IN A 195.122.131.13
rapidshare.com. 488 IN A 195.122.131.14
rapidshare.com. 488 IN A 195.122.131.15
rapidshare.com. 488 IN A 195.122.131.16
rapidshare.com. 488 IN A 195.122.131.17
rapidshare.com. 488 IN A 195.122.131.18
rapidshare.com. 488 IN A 195.122.131.19
rapidshare.com. 488 IN A 195.122.131.20
rapidshare.com. 488 IN A 195.122.131.21
rapidshare.com. 488 IN A 195.122.131.22
rapidshare.com. 488 IN A 195.122.131.2
;; AUTHORITY SECTION:
rapidshare.com. 576 IN NS ns1.rapidshare.com.
rapidshare.com. 576 IN NS ns2.rapidshare.com.
rapidshare.com. 576 IN NS ns3.rapidshare.com.
;; ADDITIONAL SECTION:
ns1.rapidshare.com. 153317 IN A 195.122.131.250
ns2.rapidshare.com. 153317 IN A 80.239.151.205
ns3.rapidshare.com. 63453 IN A 82.129.39.205
;; Query time: 34 msec
;; SERVER: 10.100.0.11#53(10.100.0.11)
;; WHEN: Sat Jan 16 05:39:35 2010
;; MSG SIZE rcvd: 470
[root@amd ~]#
Here's the core of the problem. The DNS response is bigger than 512
bytes so by default your BIND server doesn't want to return it via UDP
and tells dig to retry using a TCP connection (this is standard DNS
protocol behaviour), but then dig fails to connect to your nameserver
via TCP (firewalled?).
I think I know why the response size is so big, I have the same
BIND->gpdns setup like you at home and noticed BIND is adding a fairly
bogus authority section to all responses. It probably does this
because gpdns itself returns responses with no authority section at
all (many nameservers do that, actually).
The bogus authority section (the root nameservers) is very huge,
resulting in a 592 byte response in my case. Using EDNS will allow
such huge responses over UDP. Try this command instead:
dig @valhalla rapidshare.com +bufsize=1024
I'm pretty sure that one will work for you. To fix this problem
permanently, add the following line to your named.conf's options
section:
minimal-responses yes;
That will tell BIND to not include authority sections in its
responses, like we do, keeping the responses smaller. Although the
best solution would be to make TCP connections to your nameserver work
because you may still hit that problem in other ways.
Cheers,
--
Wilmer van der Gaast, Dublin Traffic SRE.
Google Ireland.
Enabling port 53 TCP solved the problem right away.
Great, now we can use GPDNS =)
Thanks.