Re: Even Stranger Incorrect DNS Query Results
You guys are great. That certainly enable me to run dig @ns1.ntwo.net
successfully. However, I still am not able to do lookups just straight
from my server. IOW, when I try to find the domain bergstedtandmount.com
from my nameserver I time out still. Originally I wasn't even able to run
the dig off of ns1.ntwo.net. At least I can do that. But why am I still
timing out?
Steps I took to achieve successful digs off ns1.ntwo.net:
Increased upd ttl (no -o udp_ttl=128)
Increased tcp mss ( no -o tcp_mssdflt=1440) the default is 512
Only the udp ttl increase was really needed, but in trying to get the dig
to work using our nameservers I increased the tcp mss.
Anybody willing to brainstorm with me? The [email]dig@ns1.ntwo.net[/email] does take a
pretty long time. Are my queries off my box just not getting back fast
enough? Can I change this setting somewhere?
|---------+---------------------------->
| | Ronan Flood |
| | <ronan@noc.ulcc.a|
| | c.uk> |
| | Sent by: |
| | bind-users-bounce|
| | @isc.org |
| | |
| | |
| | 12/08/2004 10:29 |
| | AM |
|---------+---------------------------->[color=blue]
>--------------------------------------------------------------------------------------------------------------------------------------------------|[/color]
| |
| To: [email]comp-protocols-dns-bind@isc.org[/email] |
| cc: (bcc: Allie M Hopkins/allie/LSU) |
| Subject: Re: Even Stranger Incorrect DNS Query Results |[color=blue]
>--------------------------------------------------------------------------------------------------------------------------------------------------|[/color]
Allie M Hopkins <allie@lsu.edu> wrote:
[color=blue]
> ANY aix machine that I run dig @ns1.ntwo.net any.thing.com times out. I
> have tried 6 different aix machines with varying hardware, os version,
> software, administrators, etc. All fail. On ANY other os that I try:
> windows, openbsd, fedora, gentoo, this lookup is successful. How strange
> is that????? I dug a little deeper. When I traceroute to that[/color]
nameserver,[color=blue]
> it never reaches it from our network.[/color]
[color=blue]
> traceroute to 207.191.33.2 (207.191.33.2) from 130.39.3.5 (130.39.3.5),[/color]
30[color=blue]
> hops max[/color]
Looks like ns1.ntwo.net is more than 30 hops from your machines.
AIX apparently uses an initial TTL of 30 in UDP, see
[url]http://secfr.nerim.net/docs/fingerprint/en/ttl_default.html[/url]
That references the AIX command "no", so look into that.
--
Ronan Flood <R.Flood@noc.ulcc.ac.uk>
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)
