Ski Kacoroski writes: > Hi, > > I am hoping someone can figure out what is going on. The place where I > work purchased an online service - https://polargofit.com. The only > problem is that we cannot resolve it using our nameservers. Details are: > > * From any outside site, it works fine with dig and dig +trace > > * From our network, using an external name server (8.8.8.8) it works > fine with dig, but dig +trace gives me: > > polargofit.com. 172800 IN NS ns.utanet.fi. > polargofit.com. 172800 IN NS ns2.utanet.fi. > ;; Received 76 bytes from 192.48.79.30#53(192.48.79.30) in 416 ms > > ;; connection timed out; no servers could be reached > > * From our network using our caching name servers it does not work at > all with dig or dig +trace (same issue as above). > > My theory is that 8.8.8.8 is caching the record which is why dig works > internally because we get the answer from 8.8.8.8. The internal servers > do not work because they can never get the result to add to their cache. > > The network folks here have gone over the firewall logs, etc. and swear > that there are no rules blocking us to those servers. > > Any other ideas on what might be going on are really appreciated.
Would you happen to have any overly-stringent firewall rules that would block overlong DNS UDP replies or prevent DNS over TCP? This could especially be an issue if DNSSEC is involved too. > cheers, > > ski > > -- > "When we try to pick out anything by itself, we find it > connected to the entire universe" John Muir > > Chris "Ski" Kacoroski, [email protected], 206-501-9803 > or ski98033 on most IM services _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
