On Tuesday 04 June 2002 9:02 pm, Michael Montero wrote: > I'll nslookup a domain and get temporary failure in name > resolution. Then I'll dig a completely different domain and get results > successfully. Then I will return to nslookup the first domain....which I > did not lookup using dig. And it resolves.
I don't know enough about the differences between nslookup and dig to suggest something specific here, but I guess the two obvious things for you to do would be to run ethereal on some machine looking at the interface of the machine you're doing the nslookup / dig on (I'm not quite clear whether this is your firewall machine, or something sitting on a LAN inside the firewall) and see if there's a characteristic difference in the way dig starts communicating from the way nslookup does (TCP / UDP naturally comes to mind here), and/or to post your iptables ruleset here so we can have a look and see if there's anything suspicious. If you do that please make it clear what your network topology is. Antony.
