Re: I can't resolve one domain: nhs.uk
On 06/21/2011 12:59 AM, Kevin Darcy wrote: On 6/17/2011 8:01 AM, Phil Mayers wrote: On 17/06/11 12:10, Andrew Benton wrote: And it works well for every domain on the internet. Except for www.nhs.uk - I can't resolve nhs.uk www.nhs.uk is, currently, a CNAME to www.prod.nhs.uk.akadns.net You might be suffering from the bind 9.8 CNAME issue. See the recent, repeated discussions in the archives, including a link to a quick one-line patch you can apply to see if it fixes it. I know this is a moot point now (since Andrew eventually discovered that upgrading his Netgear router's firmware fixed the problem), but it was obvious from the first post of the thread that it was *not* a CNAME issue, since Andrew was having problems resolving an A record for even the name "nhs.uk": Doh! Quite right. My apologies for confusing matters. I seem to be CNAME-bug trigger-happy ;o) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
On 6/17/2011 8:01 AM, Phil Mayers wrote: On 17/06/11 12:10, Andrew Benton wrote: And it works well for every domain on the internet. Except for www.nhs.uk - I can't resolve nhs.uk www.nhs.uk is, currently, a CNAME to www.prod.nhs.uk.akadns.net You might be suffering from the bind 9.8 CNAME issue. See the recent, repeated discussions in the archives, including a link to a quick one-line patch you can apply to see if it fixes it. I know this is a moot point now (since Andrew eventually discovered that upgrading his Netgear router's firmware fixed the problem), but it was obvious from the first post of the thread that it was *not* a CNAME issue, since Andrew was having problems resolving an A record for even the name "nhs.uk": Jun 17 12:02:38 eccles named[4689]: client 127.0.0.1#36651: query failed (SERVFAIL) for nhs.uk/IN/A at query.c:6199 I'm happy for Andrew that his problem is fixed, but it would have been more satisfying to know what the root cause was. "Upgrading the firmware fixed it" unfortunately doesn't even necessarily imply that there was a bug in the old version of firmware, since sometimes the mere act of upgrading a networking device clears out some bogus/corrupted configuration data and thus "fixes" the problem. - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
On Friday 17 June 2011 19:53, the following was written: > So bind-9.8.0-P2 can resolve a uk domain in Missouri but I can't get it > to work in the UK. Could someone help me to understand why it won't > resolve this one domain for me when it will work for other people? What > can I do to track down where the problem is? I sent quite a lot of > details in my first email. Is there anything else I can do? Have you tried a trace to see where the holdup might be? dig nhs.uk +trace -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
Yay! I fixed it! It was a problem with my router. I went to the Netgear website, downloaded the latest firmware and BING! It's working now: andy:~$ dig nhs.uk ; <<>> DiG 9.8.0-P2 <<>> nhs.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39092 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;nhs.uk.IN A ;; ANSWER SECTION: nhs.uk. 3200IN A 217.64.234.65 ;; AUTHORITY SECTION: nhs.uk. 171957 IN NS nsa.nhs.uk. nhs.uk. 171957 IN NS nsb.nhs.uk. ;; Query time: 36 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Jun 18 01:41:00 2011 ;; MSG SIZE rcvd: 76 Sorry for the noise Andy ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
On Fri, 17 Jun 2011 09:22:02 -0500 (CDT) David Forrest wrote: > Resolves from here: > > [drf@maplepark ~]$ dig nhs.uk > > ; <<>> DiG 9.8.0-P2 <<>> nhs.uk > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65421 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 > > ;; QUESTION SECTION: > ;nhs.uk. IN A > > ;; ANSWER SECTION: > nhs.uk. 3134IN A 217.64.234.65 > > ;; AUTHORITY SECTION: > nhs.uk. 76348 IN NS nsb.nhs.uk. > nhs.uk. 76348 IN NS nsa.nhs.uk. > > ;; ADDITIONAL SECTION: > nsa.nhs.uk. 76348 IN A 194.176.105.223 > nsb.nhs.uk. 76348 IN A 80.2.101.230 > > ;; Query time: 0 msec > ;; SERVER: ::1#53(::1) > ;; WHEN: Fri Jun 17 09:17:37 2011 > ;; MSG SIZE rcvd: 108 > > [drf@maplepark ~]$ > > > -- > David Forrest > St. Louis, Missouri So bind-9.8.0-P2 can resolve a uk domain in Missouri but I can't get it to work in the UK. Could someone help me to understand why it won't resolve this one domain for me when it will work for other people? What can I do to track down where the problem is? I sent quite a lot of details in my first email. Is there anything else I can do? Andy ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
On Fri, 17 Jun 2011 11:26:22 -0500 Lyle Giese wrote: > > andy:~$ dig nhs.uk > > > > ;<<>> DiG 9.8.0-P2<<>> nhs.uk > > ;; global options: +cmd > > ;; connection timed out; no servers could be reached > > andy:~$ > > > > It then leaves this in /var/sys.log: > > > > Jun 17 11:49:42 eccles named[4689]: createfetch: pop.gmail.com A > > Jun 17 11:49:43 eccles named[4689]: createfetch: gmail-pop.l.google.com A > > Jun 17 11:49:43 eccles named[4689]: createfetch: gmail-pop.l.google.com > > Jun 17 12:02:08 eccles named[4689]: createfetch: nhs.uk A > > Jun 17 12:02:10 eccles named[4689]: createfetch: nsa.nhs.uk > > Jun 17 12:02:10 eccles named[4689]: createfetch: nsb.nhs.uk > > Jun 17 12:02:10 eccles named[4689]: decrement_reference: delete from rbt: > > 0x7ff273d21328 ns2.fengnet.com > > Jun 17 12:02:10 eccles named[4689]: decrement_reference: delete from rbt: > > 0x7ff273d21010 ns1.zjinfo.gov.cn > > Jun 17 12:02:13 eccles named[4689]: createfetch: nhs.uk A > > Jun 17 12:02:18 eccles named[4689]: createfetch: nhs.uk A > > Jun 17 12:02:38 eccles named[4689]: client 127.0.0.1#36651: query failed > > (SERVFAIL) for nhs.uk/IN/A at query.c:6199 > > > > As I say, for any other domain/website on the internet it works great; > > instant response, rapid page loadingbut this one domain I just can't > > resolve. I can work around the problem by adding google's nameservers > > to /etc/resolv.conf; they work, why doesn't mine? It's very annoying. > > Can anyone offer me some pointers how to move forward with debugging > > this problem? > > > > Andy > > ___ > > Based on what I see, it would appear that you may be in China. > (ns2.fengnet.com and ns1.zjinfo.gov.cn). > > If you are in fact doing this query from China, all bets are off for a > successful query. No, I live in England. I'd like to be able to resolve a uk domain... Andy ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
Hello, On 17.06.11 17:49, Matthew Seaman wrote: > Spam detection software, running on the system > "lucid-nonsense.infracaninophile.co.uk", has > identified this incoming email as possible spam. The original message > has been attached to this so you can view it (if it isn't spam) or label > similar future email. If you have any questions, see > The administrator of that system for details. Please, fix your outgoing mail! > Works for me using the FreeBSD bind98 port: > > lucid-nonsense:~:% /usr/local/bin/dig www.nhs.uk [...] > ;; ANSWER SECTION: > www.nhs.uk. 900 IN CNAME www.prod.nhs.uk.akadns.net. > www.prod.nhs.uk.akadns.net. 300 IN A 217.64.234.65 repeat a few times if it changes. If not, check if you haven't the patch applied already. I was one of people who confirmed this bug (actually, I have encountered and remembered someone mentioned it here) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
Spam detection software, running on the system "lucid-nonsense.infracaninophile.co.uk", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The administrator of that system for details. Content preview: On 17/06/2011 14:33, Andrew Benton wrote: > On Fri, 17 Jun 2011 13:01:00 +0100 > Phil Mayers wrote: > >> On 17/06/11 12:10, Andrew Benton wrote: >>> >>> And it works well for every domain on the internet. Except for >>> www.nhs.uk - I can't resolve nhs.uk >> >> www.nhs.uk is, currently, a CNAME to >> www.prod.nhs.uk.akadns.net >> >> You might be suffering from the bind 9.8 CNAME issue. See the recent, >> repeated discussions in the archives, including a link to a quick >> one-line patch you can apply to see if it fixes it. > > Do you mean this patch? > > http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/dns/bind98/files/patch-bin__named__query.c?rev=1.1 > > I've just tried it and it made no difference. I'm not convinced of this > CNAME hypothesis. Could you point me towards the threads where it is > discussed? I'm new here. [...] Content analysis details: (8.4 points, 5.0 required) pts rule name description -- -- 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 3.2 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d 0.7 TVD_RCVD_IPTVD_RCVD_IP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=m.seaman%40infracaninophile.co.uk;ip=81.187.76.166;r=lucid-nonsense.infracaninophile.co.uk] -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% [score: 0.0552] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNEDMessage has a DKIM or DK signature, not necessarily valid 1.0 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. --- Begin Message --- On 17/06/2011 14:33, Andrew Benton wrote: > On Fri, 17 Jun 2011 13:01:00 +0100 > Phil Mayers wrote: > >> On 17/06/11 12:10, Andrew Benton wrote: >>> >>> And it works well for every domain on the internet. Except for >>> www.nhs.uk - I can't resolve nhs.uk >> >> www.nhs.uk is, currently, a CNAME to >> www.prod.nhs.uk.akadns.net >> >> You might be suffering from the bind 9.8 CNAME issue. See the recent, >> repeated discussions in the archives, including a link to a quick >> one-line patch you can apply to see if it fixes it. > > Do you mean this patch? > > http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/dns/bind98/files/patch-bin__named__query.c?rev=1.1 > > I've just tried it and it made no difference. I'm not convinced of this > CNAME hypothesis. Could you point me towards the threads where it is > discussed? I'm new here. Works for me using the FreeBSD bind98 port: lucid-nonsense:~:% /usr/local/bin/dig www.nhs.uk ; <<>> DiG 9.8.0-P2 <<>> www.nhs.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41398 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 9, ADDITIONAL: 9 ;; QUESTION SECTION: ;www.nhs.uk.IN A ;; ANSWER SECTION: www.nhs.uk. 900 IN CNAME www.prod.nhs.uk.akadns.net. www.prod.nhs.uk.akadns.net. 300 IN A 217.64.234.65 ;; AUTHORITY SECTION: akadns.net. 75490 IN NS zc.akadns.org. akadns.net. 75490 IN NS za.akadns.org. akadns.net. 75490 IN NS zd.akadns.org. akadns.net. 75490 IN NS usw2.akadns.net. akadns.net. 75490 IN NS zb.akadns.org. akadns.net. 75490 IN NS asia9.akadns.net. akadns.net. 75490 IN NS use3.akadns.net. akadns.net. 75490 IN NS eur1.akadns.net. akadns.net. 75490 IN NS use4.akadns.net. ;; ADDITIONAL SECTION: za.akadns.org. 7090IN A 96.6.112.198 zb.akadns.org. 7090IN A 64.211.42.194 zc.akadns.org. 7090IN A 124.40.52.133 zd.akadns.org. 7090IN A 72.246.46.4
Re: I can't resolve one domain: nhs.uk
andy:~$ dig nhs.uk ;<<>> DiG 9.8.0-P2<<>> nhs.uk ;; global options: +cmd ;; connection timed out; no servers could be reached andy:~$ It then leaves this in /var/sys.log: Jun 17 11:49:42 eccles named[4689]: createfetch: pop.gmail.com A Jun 17 11:49:43 eccles named[4689]: createfetch: gmail-pop.l.google.com A Jun 17 11:49:43 eccles named[4689]: createfetch: gmail-pop.l.google.com Jun 17 12:02:08 eccles named[4689]: createfetch: nhs.uk A Jun 17 12:02:10 eccles named[4689]: createfetch: nsa.nhs.uk Jun 17 12:02:10 eccles named[4689]: createfetch: nsb.nhs.uk Jun 17 12:02:10 eccles named[4689]: decrement_reference: delete from rbt: 0x7ff273d21328 ns2.fengnet.com Jun 17 12:02:10 eccles named[4689]: decrement_reference: delete from rbt: 0x7ff273d21010 ns1.zjinfo.gov.cn Jun 17 12:02:13 eccles named[4689]: createfetch: nhs.uk A Jun 17 12:02:18 eccles named[4689]: createfetch: nhs.uk A Jun 17 12:02:38 eccles named[4689]: client 127.0.0.1#36651: query failed (SERVFAIL) for nhs.uk/IN/A at query.c:6199 As I say, for any other domain/website on the internet it works great; instant response, rapid page loadingbut this one domain I just can't resolve. I can work around the problem by adding google's nameservers to /etc/resolv.conf; they work, why doesn't mine? It's very annoying. Can anyone offer me some pointers how to move forward with debugging this problem? Andy ___ Based on what I see, it would appear that you may be in China. (ns2.fengnet.com and ns1.zjinfo.gov.cn). If you are in fact doing this query from China, all bets are off for a successful query. Lyle Giese LCR Computer Services, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
On Jun 17 2011, G.W. Haywood wrote: laptop:~$ >>> whois nhs.uk Error for "nhs.uk". This domain cannot be registered because it contravenes the Nominet UK naming rules. The reason is: the domain name contains too few parts. WHOIS lookup made at 14:37:29 17-Jun-2011 That's just a peculiarity of whois.nic.uk. It only understands (acceptable) 3rd-level domain names under the 2nd-level ones that Nominet manage. There are 18 sub-domains of "uk", only 8 of which are managed by Nominet. "nhs.uk" is one of the others. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
On 17/06/11 14:40, G.W. Haywood wrote: Hi there, On Fri, 17 Jun 2011 Andrew Benton wrote: I can't resolve one domain: nhs.uk laptop:~$>>> whois nhs.uk Error for "nhs.uk". This domain cannot be registered because it contravenes the Nominet UK naming rules. The reason is: the domain name contains too few parts. WHOIS lookup made at 14:37:29 17-Jun-2011 I can assure you, "nhs.uk" is a real domain and it's valid and resolvable. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
On 17/06/11 14:33, Andrew Benton wrote: Do you mean this patch? Yep. http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/dns/bind98/files/patch-bin__named__query.c?rev=1.1 I've just tried it and it made no difference. I'm not convinced of this CNAME hypothesis. Could you point me towards the threads where it is It's not a hypothesis. It's a known bug. It might not be the problem you're having, but it's not something I just made up ;o) discussed? I'm new here. The original thread was "Bind 9.8.0 intermittent problem with non-recursive responses" ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
Resolves from here: [drf@maplepark ~]$ dig nhs.uk ; <<>> DiG 9.8.0-P2 <<>> nhs.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65421 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;nhs.uk.IN A ;; ANSWER SECTION: nhs.uk. 3134IN A 217.64.234.65 ;; AUTHORITY SECTION: nhs.uk. 76348 IN NS nsb.nhs.uk. nhs.uk. 76348 IN NS nsa.nhs.uk. ;; ADDITIONAL SECTION: nsa.nhs.uk. 76348 IN A 194.176.105.223 nsb.nhs.uk. 76348 IN A 80.2.101.230 ;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Fri Jun 17 09:17:37 2011 ;; MSG SIZE rcvd: 108 [drf@maplepark ~]$ -- David Forrest St. Louis, Missouri ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
On Fri, 17 Jun 2011 13:01:00 +0100 Phil Mayers wrote: > On 17/06/11 12:10, Andrew Benton wrote: > > > > And it works well for every domain on the internet. Except for > > www.nhs.uk - I can't resolve nhs.uk > > www.nhs.uk is, currently, a CNAME to > www.prod.nhs.uk.akadns.net > > You might be suffering from the bind 9.8 CNAME issue. See the recent, > repeated discussions in the archives, including a link to a quick > one-line patch you can apply to see if it fixes it. Do you mean this patch? http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/dns/bind98/files/patch-bin__named__query.c?rev=1.1 I've just tried it and it made no difference. I'm not convinced of this CNAME hypothesis. Could you point me towards the threads where it is discussed? I'm new here. Andy ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
Hi there, On Fri, 17 Jun 2011 Andrew Benton wrote: > I can't resolve one domain: nhs.uk laptop:~$ >>> whois nhs.uk Error for "nhs.uk". This domain cannot be registered because it contravenes the Nominet UK naming rules. The reason is: the domain name contains too few parts. WHOIS lookup made at 14:37:29 17-Jun-2011 -- This WHOIS information is provided for free by Nominet UK the central registry for .uk domain names. This information and the .uk WHOIS are: Copyright Nominet UK 1996 - 2011. -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: I can't resolve one domain: nhs.uk
On 17/06/11 12:10, Andrew Benton wrote: And it works well for every domain on the internet. Except for www.nhs.uk - I can't resolve nhs.uk www.nhs.uk is, currently, a CNAME to www.prod.nhs.uk.akadns.net You might be suffering from the bind 9.8 CNAME issue. See the recent, repeated discussions in the archives, including a link to a quick one-line patch you can apply to see if it fixes it. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
I can't resolve one domain: nhs.uk
Hello World! I have installed bind-9.8.0-P2. I configured it with: ./configure --prefix=/usr --disable-static --enable-shared --enable-threads \ --with-libtool --with-libxml2=yes --sysconfdir=/etc --localstatedir=/var I have created a user named and a group named, gave named somewhere to play: mkdir -p /var/named/{dev,etc/namedb/{slave,pz},usr/lib/engines,var/run} mknod /var/named/dev/null c 1 3 mknod /var/named/dev/random c 1 8 chmod 666 /var/named/dev/{null,random} cp /usr/lib/engines/libgost.so /var/named/usr/lib/engines cp /etc/localtime /var/named/etc cp root.hints /var/named/etc/namedb/root.hints echo > /var/named/managed-keys.bind cp named.conf /var/named/etc/named.conf cp rndc.conf /etc/rndc.conf chown -R named:named /var/named The bootscript starts named like this: named -u named -t /var/named -c /etc/named.conf And it works well for every domain on the internet. Except for www.nhs.uk - I can't resolve nhs.uk named.conf looks like this: key "rndc-key" { algorithm hmac-md5; secret "nothing to see here, move along"; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; zone "." { type hint; file "/etc/root.hints"; }; logging { category default { default_syslog; }; channel default_syslog { syslog daemon; severity debug; }; }; And root.hints looks like this: .360 IN NSA.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 360 IN A 198.41.0.4 .360 IN NSB.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 360 IN A 192.228.79.201 .360 IN NSC.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 360 IN A 192.33.4.12 .360 IN NSD.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 360 IN A 128.8.10.90 .360 IN NSE.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 360 IN A 192.203.230.10 .360 IN NSF.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 360 IN A 192.5.5.241 .360 IN NSG.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 360 IN A 192.112.36.4 .360 IN NSH.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 360 IN A 128.63.2.53 .360 IN NSI.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 360 IN A 192.36.148.17 .360 IN NSJ.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 360 IN A 192.58.128.30 .360 IN NSK.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 360 IN A 193.0.14.129 .360 IN NSL.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 360 IN A 199.7.83.42 .360 IN NSM.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 360 IN A 202.12.27.33 When I try to dig nhs.uk it sits there for about 10 seconds and then I get: andy:~$ dig nhs.uk ; <<>> DiG 9.8.0-P2 <<>> nhs.uk ;; global options: +cmd ;; connection timed out; no servers could be reached andy:~$ It then leaves this in /var/sys.log: Jun 17 11:49:42 eccles named[4689]: createfetch: pop.gmail.com A Jun 17 11:49:43 eccles named[4689]: createfetch: gmail-pop.l.google.com A Jun 17 11:49:43 eccles named[4689]: createfetch: gmail-pop.l.google.com Jun 17 12:02:08 eccles named[4689]: createfetch: nhs.uk A Jun 17 12:02:10 eccles named[4689]: createfetch: nsa.nhs.uk Jun 17 12:02:10 eccles named[4689]: createfetch: nsb.nhs.uk Jun 17 12:02:10 eccles named[4689]: decrement_reference: delete from rbt: 0x7ff273d21328 ns2.fengnet.com Jun 17 12:02:10 eccles named[4689]: decrement_reference: delete from rbt: 0x7ff273d21010 ns1.zjinfo.gov.cn Jun 17 12:02:13 eccles named[4689]: createfetch: nhs.uk A Jun 17 12:02:18 eccles named[4689]: createfetch: nhs.uk A Jun 17 12:02:38 eccles named[4689]: client 127.0.0.1#36651: query failed (SERVFAIL) for nhs.uk/IN/A at query.c:6199 As I say, for any other domain/website on the internet it works great; instant response, rapid page loadingbut this one domain I just can't resolve. I can work around the problem by adding google's nameservers to /etc/resolv.conf; they work, why doesn't mine? It's very annoying. Can anyone offer me some pointers how to move forward with debugging this problem? Andy ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users