On Fri, Feb 5, 2010 at 5:16 PM, Adam Hardy <adam....@cyberspaceroad.com> wrote:
> It is running dnsmasq. It's a gateway and firewall with two NICs, one for
> the net and one for the LAN.
My assistance at this point will be rather limited, as I've never used
dnsmasq and I don't have a means to set it up and test it now.
> I don't know why the first lookup is failing with the default nameserver
> from my ISP - but it only fails intermittently.
Being that it fails intermittently and it seems to fail while querying
your own name server, I have a feeling the problem is with dnsmasq.
> I have a small hunch that it might be to do with my setup because the
> external NIC gets its ip address via DHCP from the ISP and refreshes every
> 30 seconds or so. I just don't know what to check for next. There is no
> other website I have this problem with.
Rather than using "host", try using nslookup, but don't use it in the
same way you're using host. Instead, type nslookup by itself to enter
its command shell. From there, when you perform a lookup, it will
tell you which server it's querying to obtain the answer.
it...@mybox:~$ nslookup
> www.trade2win.com
Server: 10.10.2.25
Address: 10.10.2.25#53
Non-authoritative answer:
www.trade2win.com canonical name = panna-229.trade2win.com.
Name: panna-229.trade2win.com
In my example, my box is querying my internal DNS server on 10.10.2.25
to obtain the answer. Run the same query against your local host
multiple times to see how persistent the problem is. Once you've done
that, switch to query against a separate server and run the query
against it multiple times.
> server 4.2.2.1
Default server: 4.2.2.1
Address: 4.2.2.1#53
> www.trade2win.com
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
www.trade2win.com canonical name = panna-229.trade2win.com.
Name: panna-229.trade2win.com
Address: 208.43.120.229
> www.trade2win.com
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
www.trade2win.com canonical name = panna-229.trade2win.com.
Name: panna-229.trade2win.com
Address: 208.43.120.229
> www.trade2win.com
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
www.trade2win.com canonical name = panna-229.trade2win.com.
Name: panna-229.trade2win.com
Address: 208.43.120.229
Note that I'm querying for www.trade2win.com here and we're getting
non-authoritative answers. To get an authoritative answers, we need
to query for the domain name followed by a period. Not only that, but
we need to set our query type to any.
> set type=any
> trade2win.com.
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
trade2win.com text = "v=spf1 mx ip4:64.78.0.0/18 include:sfarm1.com
include:aspmx.googlemail.com ~all"
trade2win.com
origin = dns1.registrar-servers.com
mail addr = hostmaster.registrar-servers.com
serial = 2008080808
refresh = 10001
retry = 1801
expire = 604801
minimum = 3601
trade2win.com mail exchanger = 30 ALT2.ASPMX.L.GOOGLE.com.
trade2win.com mail exchanger = 40 ASPMX2.GOOGLEMAIL.com.
trade2win.com mail exchanger = 50 ASPMX3.GOOGLEMAIL.com.
trade2win.com mail exchanger = 60 ASPMX4.GOOGLEMAIL.com.
trade2win.com mail exchanger = 70 ASPMX5.GOOGLEMAIL.com.
trade2win.com mail exchanger = 10 ASPMX.L.GOOGLE.com.
trade2win.com mail exchanger = 20 ALT1.ASPMX.L.GOOGLE.com.
Name: trade2win.com
Address: 208.43.120.229
trade2win.com nameserver = dns1.registrar-servers.com.
trade2win.com nameserver = dns3.registrar-servers.com.
trade2win.com nameserver = dns2.registrar-servers.com.
Authoritative answers can be found from:
>
What the heck? We're returned to the nslookup prompt without it
telling us where we can obtain authoritative answers. What's up with
that?? Let me try my own internal DNS server.
> server 10.10.2.25
Default server: 10.10.2.25
Address: 10.10.2.25#53
> trade2win.com.
Server: 10.10.2.25
Address: 10.10.2.25#53
Non-authoritative answer:
Name: trade2win.com
Address: 208.43.120.229
trade2win.com nameserver = dns3.registrar-servers.com.
trade2win.com nameserver = dns1.registrar-servers.com.
trade2win.com
origin = dns1.registrar-servers.com
mail addr = hostmaster.registrar-servers.com
serial = 2008080808
refresh = 10001
retry = 1801
expire = 604801
minimum = 3601
trade2win.com mail exchanger = 50 aspmx3.googlemail.com.
trade2win.com text = "v=spf1 mx ip4:64.78.0.0/18 include:sfarm1.com
include:aspmx.googlemail.com ~all"
Authoritative answers can be found from:
dns3.registrar-servers.com internet address = 72.34.41.47
dns1.registrar-servers.com internet address = 74.81.64.51
That's more like it. Now, for grins and giggles, lets try querying
against the authoritative servers a few times.
> server 72.34.41.47
Default server: 72.34.41.47
Address: 72.34.41.47#53
> www.trade2win.com.
Server: 72.34.41.47
Address: 72.34.41.47#53
www.trade2win.com canonical name = panna-229.trade2win.com.
Name: panna-229.trade2win.com
Address: 208.43.120.229
> www.trade2win.com
Server: 72.34.41.47
Address: 72.34.41.47#53
www.trade2win.com canonical name = panna-229.trade2win.com.
Name: panna-229.trade2win.com
Address: 208.43.120.229
> www.trade2win.com
Server: 72.34.41.47
Address: 72.34.41.47#53
www.trade2win.com canonical name = panna-229.trade2win.com.
Name: panna-229.trade2win.com
Address: 208.43.120.229
>
Perfect! No problems, here, so far. Lets just stop here for now to
see if we can narrow down this problem to being with DNS queries
against your local host or whatnot. I have a feeling it is. I'd also
run those test queries more than just a few times, since this problem
is intermittent.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
