Sorry, I forgot to cc the distro before....see comments below.
---------- Forwarded message ----------
From: Dawn Connelly
Date: Feb 16, 2007 4:40 PM
Subject: Re: DNS request timed out
To: Raj

Check your recursion rules on your slave servers. It sounds like maybe you
have recursion set up correctly on the master but might have missed that on
the slaves. This might sounds stupid, but make sure that your windows DNS
box is configured to 'forward' to all your UNIX dns servers and not just
your master. A lot of times people just put the master in and assume that
windows will figure out the slaves. To double-check that, open the MMC
console, right click on the DNS server, go to properties, then the
'forwarders' tab. Select the domain that is set up with the forwards and
look at the IP addresses that are listed. If you only have the master, you
found your problem. Add the other two IPs, hit apply and hit okay. I also
noticed that you are only querying the hostname when you tested the slave.
Try querying the FQDN with a period at the end to see if that changes the
behavior. It's also possible that you have a network path to your master but
not your slave. It sounds like you have already eliminated that if you are
running tcpdump on your slave, but just wanted to double-check.

Yeah, windows is append happy. When using nslookup, the way around that is
to add a period to the end of the name you are querying. That will tell
windows not to append that record. But it's going to append to it's heart's
content any time it makes a DNS query so that is an expected
behavior...annoying as it may be. If you truly want to kill that behavior,
you have to change the TCP/IP settings- but that would require you users to
always use FQDNs which might be an uphill battle that isn't worth fighting.


Putting the period at the end of the FQDN will actually resolve that timeout
issue as well most likely. The reason it is timing out is because it's
trying every reiteration of appended records and eventually hits the correct
one. If you tell it what the correct one is from the onset, it won't time
out. It's possible that they reason you are seeing all the appended queries
on the slaves but not the master is because the master is handing back
answers to the windows machines settle down. If it doesn't get an answer,
it's going to try everything is knows until something works.


On 2/16/07, Raj wrote:
>
> Hi All,
>
> I am having a strange issue with nslookup. There are 2 domain names
> registered for the company I work for. Windows team manages
> apac.company-net.com domian and I (UNIX) manage au.ap.company.com
> domain.
>
> Windows guys have configured forwarders in Windows DNS to resolve
> au.ap.company.com. So if a windows client tries to access
> hostname.au.ap.company.com, windows DNS server forwards the request to
> UNIX DNS server. Now the issue is they can resolve au.ap.company.com
> hostnames without any issues when the UNIX master DNS server is up and
> running. When the master DNS server goes down slave DNS server is not
> responding to windows clients queries. But if I login to one of the
> UNIX clients and use nslookup pointing server to slave UNIX DNS server
> there are no issues. I am not able to figure out why windows clients
> are not able to resolve using slave UNIX DNS server.
>
> So we did a tcpdump and found that whenever they use slave UNIX
> server, it is appending apac.company-net.com even for
> au.ap.company.com hostnames. This is not the case when windows clients
> uses UNIX master DNS server. Can somene help me to resolve this issue.
>
> Below is the nslookup tests:
>
>
> > server 172.xx.xx.172

> Default Server: dns2.au.ap.company.com
> Address: 172.xx.xx.172
>
> > live

> Server: dns2.au.ap.company.com
> Address: 172.xx.xx.172
>
> DNS request timed out.
> timeout was 2 seconds.
> *** Request to dns2.au.ap.company.com timed-out
> > live.au.ap.company.com

> Server: dns2.au.ap.company.com
> Address: 172.xx.xx.172
>
> DNS request timed out.
> timeout was 2 seconds.
> Name: live.au.ap.company.com
> Address: 172.xx.xx.237
>
> >

>
> In the above tests, slave UNIX DNS server is 172.xx.xx.172 and
> live.au.ap.company.com's IP is 172.xx.xx.237. It is resolving to the
> correct IP address but it's timing out. Please advise why it says DNS
> request timed out.
>
> Thanks.
>
>
>