NM on that last email. I had to stop and restart bind for the "no"
commands to take effect.

Once again.... THANK YOU.

Allie M Hopkins
Office of Computing Services
Louisiana State University
225/578-3700
----- Forwarded by Allie M Hopkins/allie/LSU on 12/08/2004 03:53 PM -----
|---------+---------------------------->
| | Allie M Hopkins |
| | |
| | 12/08/2004 02:47 |
| | PM |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------------------------------------------|

| |
| To: Ronan Flood |
| cc: bind-users-bounce@isc.org, comp-protocols-dns-bind@isc.org |
| Subject: Re: Even Stranger Incorrect DNS Query Results(Document link: Allie M Hopkins) |
>--------------------------------------------------------------------------------------------------------------------------------------------------|




You guys are great. That certainly enable me to run dig @ns1.ntwo.net
successfully. However, I still am not able to do lookups just straight
from my server. IOW, when I try to find the domain bergstedtandmount.com
from my nameserver I time out still. Originally I wasn't even able to run
the dig off of ns1.ntwo.net. At least I can do that. But why am I still
timing out?

Steps I took to achieve successful digs off ns1.ntwo.net:

Increased upd ttl (no -o udp_ttl=128)
Increased tcp mss ( no -o tcp_mssdflt=1440) the default is 512

Only the udp ttl increase was really needed, but in trying to get the dig
to work using our nameservers I increased the tcp mss.

Anybody willing to brainstorm with me? The dig@ns1.ntwo.net does take a
pretty long time. Are my queries off my box just not getting back fast
enough? Can I change this setting somewhere?




|---------+---------------------------->
| | Ronan Flood |
| | | | c.uk> |
| | Sent by: |
| | bind-users-bounce|
| | @isc.org |
| | |
| | |
| | 12/08/2004 10:29 |
| | AM |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------------------------------------------|

| |
| To: comp-protocols-dns-bind@isc.org |
| cc: (bcc: Allie M Hopkins/allie/LSU) |
| Subject: Re: Even Stranger Incorrect DNS Query Results |
>--------------------------------------------------------------------------------------------------------------------------------------------------|





Allie M Hopkins wrote:

> ANY aix machine that I run dig @ns1.ntwo.net any.thing.com times out. I
> have tried 6 different aix machines with varying hardware, os version,
> software, administrators, etc. All fail. On ANY other os that I try:
> windows, openbsd, fedora, gentoo, this lookup is successful. How strange
> is that????? I dug a little deeper. When I traceroute to that

nameserver,
> it never reaches it from our network.


> traceroute to 207.191.33.2 (207.191.33.2) from 130.39.3.5 (130.39.3.5),

30
> hops max


Looks like ns1.ntwo.net is more than 30 hops from your machines.
AIX apparently uses an initial TTL of 30 in UDP, see

http://secfr.nerim.net/docs/fingerpr...l_default.html

That references the AIX command "no", so look into that.

--
Ronan Flood
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)