I forgot one thing: For the IPv6 thing you should also edit s2s.xml and comment out the line "<resolve-ipv6/>" if it isn't commented out already. Sorry.


On 28-Dec-13 15:59, Eric Koldeweij wrote:

Does your server have IPv6 connectivity? If not try to edit resolver.xml and comment out the line saying "<ipv6/>". I do not know for sure if it's your problem but it has given me similar connectivity issues in the past.

Also from your log I see that not an answer but an error is returned: NXDomain means the nameserver reported that the requested domain does not exist. I have no idea why it would report that but maybe it's something like the Google DNS has some throttling, not allowing more than a certain amount of requests per second or something similar. Another possibility is a firewall issue. DNS uses UDP port 53 normally but it switches to TCP port 53 when the amount of information to transfer becomes larger. It might be possible that TCP port 53 is blocked while UDP port 53 is still open. It's a long shot but worth looking into.

I think you should install a nameserver like bind. All Linux distros I know (assuming you're running a Linux variant) offer bind and in almost all of them the caching nameserver is the default setting (so you won't need to configure anything to make it work). All you need to do is add "nameserver" before all other nameserver lines in your /etc/resolv.conf and my guess is that you will not be troubled by timeouts any more.


Also what I see is that

On 28-Dec-13 14:23, Guido Winkelmann wrote:
Am Samstag, 28. Dezember 2013, 11:05:33 schrieb Tomasz Sterna:
Dnia 2013-12-28, sob o godzinie 09:10 +0100, Eric Koldeweij pisze:
My suspicion is that there is a problem with a name server you are
using. if you look at the file /etc/resolv.conf you will see one or
more lines saying "nameserver <ip_addr>". The resolver will ask each
name server in turn to resolve the host name for it,
I second that. This is what immediately came to my mind as a probable
answer to your issue.
No, this is not it. My /etc/resolv.conf contains only one line, and it is


Both dig and host can use this nameserver to resolve the names in question
with very little delay:

$ time host -t SRV
Using domain server:
Aliases: has SRV record 30 30 5269 has SRV record 31 30 5269

real    0m0.034s
user    0m0.000s
sys     0m0.020s

$ time host -t SRV
Using domain server:
Aliases: has SRV record 5 0 5269

real    0m0.034s
user    0m0.000s
sys     0m0.020s

$ time dig -t srv

; <<>> DiG 9.9.3-P2 <<>> -t srv
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28840
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 512
;  IN      SRV

;; ANSWER SECTION: 247 IN SRV 30 30 5269 247 IN    SRV     31 30 5269

;; Query time: 10 msec
;; WHEN: Sat Dec 28 14:07:01 CET 2013
;; MSG SIZE  rcvd: 135

real    0m0.035s
user    0m0.020s
sys     0m0.000s

"dig" command works independently of stub resolver in your system and is
more of a DNS servers test tool, not your system setup test tool.

Take a look at each of your 'nameserver' line in /etc/resolv.conf and
check each server first pinging it, then asking directly:

host -t SRV dns.server.ip.123
See above, resolving these names with either dig or host works fine, using the
nameserver from /etc/resolv.conf

I just ran tcpdump while restarting jabberd, this is what I saw (excerpt):

14:19:06.638847 IP > 35840+ [1au] SRV? (57)
14:19:06.644226 IP > 32182+ [1au] SRV? (62)
14:19:06.646615 IP > 34426+ [1au] SRV? (66)
14:19:06.648101 IP > 35840 2/0/1 SRV 31 30, SRV 30 30 (135) 14:19:06.654613 IP > 32182 NXDomain 0/1/1

So there is an answer at least for one of the requests (, but
jabberd2 still says

Dec 28 14:21:02 blish jabberd/s2s[14802]: dns lookup for timed out

in its logs.


Reply via email to