Re: Troubleshooting slow DNS lookup

2010-11-25 Thread Mark Andrews
In message , Rian to Wahyudi writes: > Hi Mark, > > Thanks for the pointers , your are spot on! > > Doing dig +trace +dnssec www.paypal.com always fail. > After some investigation with the network guys, it appear that our upstream > firewall are dropping DNS UDP packet larger than 512. > Cisco F

Re: Troubleshooting slow DNS lookup

2010-11-25 Thread Rianto Wahyudi
Hi Mark, Thanks for the pointers , your are spot on! Doing dig +trace +dnssec www.paypal.com always fail. After some investigation with the network guys, it appear that our upstream firewall are dropping DNS UDP packet larger than 512. Cisco FWSM have this configuration enabled by default : http

Re: Troubleshooting slow DNS lookup

2010-11-25 Thread Mark Andrews
In message , Rian to Wahyudi writes: > Hi all, > > Im trying to troubleshoot and find out the reason why some of our DNS lookup > take a long time : > > > ns-dev ~ # rndc flushname www.paypal.com ; dig www.paypal.com @localhost > > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www.paypal

Troubleshooting slow DNS lookup

2010-11-25 Thread Rianto Wahyudi
Hi all, Im trying to troubleshoot and find out the reason why some of our DNS lookup take a long time : ns-dev ~ # rndc flushname www.paypal.com ; dig www.paypal.com @localhost ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www.paypal.com @localhost ;; global options: printcmd ;; Got answ

Re: Help with the subzone problem

2010-11-25 Thread Bill Larson
\ On Thu, Nov 25, 2010 at 2:50 AM, Matus UHLAR - fantomas wrote: > On 25.11.10 10:10, Tech W. wrote: > > We have a zone in Bind, for example, abc.com > > We designate a subzone of it to another dns server, for eaxmple, F5's > 3DNS. > > > > The corresponding RR in Bind is: > > > > games.abc.com. I

Re: Help with the subzone problem

2010-11-25 Thread Matus UHLAR - fantomas
On 25.11.10 10:10, Tech W. wrote: > We have a zone in Bind, for example, abc.com > We designate a subzone of it to another dns server, for eaxmple, F5's 3DNS. > > The corresponding RR in Bind is: > > games.abc.com. IN NS 3600 ns1.example.com. > games.abc.com. IN NS 3600 ns2.example.com.

Re: Help with the subzone problem

2010-11-25 Thread Eivind Olsen
> But F5's 3DNS can't setup the NS records for games.abc.com. > That means, when query to: > dig games.abc.com ns @ns1.example.com > get nothing. I'm not familiar with "F5's 3DNS", but in general I'd expect the query you made above to work. Do you get _any_ response from ns1.example.com? If you qu