Raj wrote:
> Hi All,
>
> I am having a strange issue with nslookup. There are 2 domain names
> registered for the company I work for. Windows team manages
> apac.company-net.com domian and I (UNIX) manage au.ap.company.com
> domain.
>
> Windows guys have configured forwarders in Windows DNS to resolve
> au.ap.company.com. So if a windows client tries to access
> hostname.au.ap.company.com, windows DNS server forwards the request to
> UNIX DNS server. Now the issue is they can resolve au.ap.company.com
> hostnames without any issues when the UNIX master DNS server is up and
> running. When the master DNS server goes down slave DNS server is not
> responding to windows clients queries. But if I login to one of the
> UNIX clients and use nslookup pointing server to slave UNIX DNS server
> there are no issues. I am not able to figure out why windows clients
> are not able to resolve using slave UNIX DNS server.
>
> So we did a tcpdump and found that whenever they use slave UNIX
> server, it is appending apac.company-net.com even for
> au.ap.company.com hostnames.

I think that's a *symptom* of the problem, not a *cause*. By default,
when a Windows box can't resolve a name in DNS, it starts going through
its silly "suffix search list" logic. So the basic problem is that the
name isn't resolving _as_is_.
> This is not the case when windows clients
> uses UNIX master DNS server. Can somene help me to resolve this issue.
>
> Below is the nslookup tests:
>
>
> > server 172.xx.xx.172

> Default Server: dns2.au.ap.company.com
> Address: 172.xx.xx.172
>
> > live

> Server: dns2.au.ap.company.com
> Address: 172.xx.xx.172
>
> DNS request timed out.
> timeout was 2 seconds.
> *** Request to dns2.au.ap.company.com timed-out
> > live.au.ap.company.com

> Server: dns2.au.ap.company.com
> Address: 172.xx.xx.172
>
> DNS request timed out.
> timeout was 2 seconds.
> Name: live.au.ap.company.com
> Address: 172.xx.xx.237
>
> >

>
> In the above tests, slave UNIX DNS server is 172.xx.xx.172 and
> live.au.ap.company.com's IP is 172.xx.xx.237. It is resolving to the
> correct IP address but it's timing out. Please advise why it says DNS
> request timed out.
>

Probably because the query to first nameserver in /etc/resolv.conf is
unavailable, so it's failing over to the next nameserver in the list.

It appears that your "slave" server is having trouble resolving names in
the zone (au.ap.company.com) that it's supposed to be slaving. You
should verify that zone transfers are working.

By the way, nslookup sucks as a DNS troubleshooting tool. Use "dig" or
something else better than nslookup if you want to see what's _really_
going on. You might be able to get along for a while by at least turning
on nslookup's "debug" mode, but you're better off in the long run
getting "dig" or a similarly-proficient tool, and learning how to use it.


- Kevin