Re: [lopsa-discuss] Curious problem with DNS - RESOVLED

Thu, 16 Oct 2014 11:36:13 -0700

Figures that we would figure out right after I posted :). We are fortunate in that we have 2 ISPs so we were able to force all traffic through one and then the other ISP. Voila, ISP A failed and ISP B works. So somewhere in ISP A's equipment is where the problem resides. 

cheers,

ski

On 10/16/2014 11:30 AM, Steve VanDevender wrote:

Ski Kacoroski writes:
  > Hi,
  >
  > I am hoping someone can figure out what is going on. The place where I
  > work purchased an online service - https://polargofit.com.  The only
  > problem is that we cannot resolve it using our nameservers.  Details are:
  >
  > * From any outside site, it works fine with dig and dig +trace
  >
  > * From our network, using an external name server (8.8.8.8) it works
  > fine with dig, but dig +trace gives me:
  >
  > polargofit.com.          172800  IN      NS      ns.utanet.fi.
  > polargofit.com.          172800  IN      NS      ns2.utanet.fi.
  > ;; Received 76 bytes from 192.48.79.30#53(192.48.79.30) in 416 ms
  >
  > ;; connection timed out; no servers could be reached
  >
  > * From our network using our caching name servers it does not work at
  > all with dig or dig +trace (same issue as above).
  >
  > My theory is that 8.8.8.8 is caching the record which is why dig works
  > internally because we get the answer from 8.8.8.8.  The internal servers
  > do not work because they can never get the result to add to their cache.
  >
  > The network folks here have gone over the firewall logs, etc. and swear
  > that there are no rules blocking us to those servers.
  >
  > Any other ideas on what might be going on are really appreciated.

Would you happen to have any overly-stringent firewall rules that would
block overlong DNS UDP replies or prevent DNS over TCP?  This could
especially be an issue if DNSSEC is involved too.

  > cheers,
  >
  > ski
  >
  > --
  > "When we try to pick out anything by itself, we find it
  >    connected to the entire universe"            John Muir
  >
  > Chris "Ski" Kacoroski, [email protected], 206-501-9803
  > or ski98033 on most IM services



--
"When we try to pick out anything by itself, we find it
  connected to the entire universe"            John Muir

Chris "Ski" Kacoroski, [email protected], 206-501-9803
or ski98033 on most IM services
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/

Reply via email to