Please test geodns.portsnap.freebsd.org

Kevin Oberman kob6558 at gmail.com
Sat May 12 16:14:46 UTC 2012 

On Sat, May 12, 2012 at 8:58 AM, Leslie Jensen <leslie at eskk.nu> wrote:
>
>
> 2012-05-12 16:19, RW skrev:
>
>> On Sat, 12 May 2012 14:16:58 +0200
>> Leslie Jensen wrote:
>>
>>>
>>>
>>> 2012-05-12 12:34, Colin Percival skrev:
>>>>
>>>> On 05/12/12 00:22, Leslie Jensen wrote:
>>>>>
>>>>> host -t srv _http._tcp.geodns.portsnap.freebsd.org
>>>>> ;; Truncated, retrying in TCP mode.
>>>>> ;; Connection to 172.17.0.1#53(172.17.0.1) for
>>>>> _http._tcp.geodns.portsnap.freebsd.org failed: connection refused.
>>>>
>>>>
>>>> Ok, you have a broken recursive DNS server configuration.
>>>>
>>>> I'll have A records as a fallback for situations like this where
>>>> SRV can't be used.
>>>>
>>>
>>> What exactly does that mean? The IP-address is my home router that
>>> acts as a caching DNS for my network. The router in turn uses my
>>> ISP's DNS.
>>>
>>> So if there is a configuration issue I'll be willing to drop a letter
>>> to my ISP in order to get it fixed.
>>
>>
>> Probably your router doesn't support SRV records, try putting external
>> servers in resolv.conf.
>> _______________________________________________
>> freebsd-ports at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
>> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>
>
>
> Well I had to read up on configuring dhclient.conf
>
> After adding
>
> prepend domain-name-servers y.y.y.y, x.x.x.x;
>
> To my /etc/dhclient.conf
>
> I now get the following and it looks to me as it works :-)
>
>
>
> host -t srv _http._tcp.geodns.portsnap.freebsd.org
> ;; Truncated, retrying in TCP mode.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> ap-southeast-1.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 1 10 80
> geodns-1.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 2 10 80
> geodns-2.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 3 10 80
> geodns-3.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> isc.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> your-org.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> ec2-eu-west-1.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> ec2-sa-east-1.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> ap-northeast-1.portsnap.freebsd.org.

Warning! You will have more problems down the road.

The real issue is that a firewall (or router ACL) is blocking port
53/tcp. This is distressingly common and will result in DNS issues
more and more often.

By default, DNS attempts to use UDP (53/udp) for DNS lookups. If the
response is too big to fit into a UDP packet, the operation will fall
back to using TCP, but many sites follow bad advice of blocking
53/tcp, so the lookup fails. This has been a growing problem as DNS
responses are getting longer due to things like this, IPv6, and
DNSSEC.

Please contact whoever is responsible for your router/firewall and ask
that 53/tcp be allowed. Otherwise, more and more things will break.
-- 
R. Kevin Oberman, Network Engineer
E-mail: kob6558 at gmail.com

More information about the freebsd-ports mailing list