DNS not working since May 6 2010
Matthew Seaman
m.seaman at infracaninophile.co.uk
Fri May 7 08:02:19 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/05/2010 21:40:02, Jonathan Chen wrote:
> I've got a small DNS server on my home network, and ever since May 6,
> 2010 (co-incidentally DNSSEC root sign day), lookups on freebsd.org have
> started failing. eg:
Uh, the DURZ was installed on j.root; the last one of the root servers
to get it. Besides, .org was DNSSEC signed way back in June 2009. That
is not causing your problem here.
> ~,8:36am> dig www.freebsd.org a
>
> ; <<>> DiG 9.6.1-P3 <<>> www.freebsd.org a
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
> Lookups on other domains still appear to work, Google, OpenBSD, NetBSD,
> etc. Is anyone else seeing this? How do I fix it?
Works fine here:
% dig +short www.freebsd.org a
69.147.83.33
Hmmm.... DNS for freebsd.org is provided by ISC. They had a fibre break
yesterday -- no idea whether it could have affected resolving
freebsd.org but it's worth trying again now its all been repaired.
Otherwise, you need to work out why the DNS lookup is failing. That
means turning up the logging on your recursive server and hunting for
clues. Probably the biggest cause of DNS problems at the moment are
firewalls that do not handle large UDP packets properly and that
interfere with the EDNS and/or fall-back to TCP algorithms used. You
can test that using:
https://www.dns-oarc.net/oarc/services/replysizetest
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvjyQUACgkQ8Mjk52CukIzpGQCfXqIAySAfR/zH7lo2beKvfHs+
Zd8An3QMXUrUQgec0ftbgS/5aTcTEKX3
=xuja
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list