# weird named problem



## Ofloo (May 25, 2009)

I have this strange named problem, I can resolve dns it works, .. however opensourcecms.com doesn't resolve for me 

I have checked if it did in fact perform a query and the log showed


```
host opensourcecms.com
Host opensourcecms.com not found: 3(NXDOMAIN)
```

log:


```
May 25 23:10:55 narf named[28832]: client 127.0.0.1#57400: query: opensourcecms.com IN A +
```


```
host freebsd.org
freebsd.org has address 69.147.83.40
freebsd.org has IPv6 address 2001:4f8:fff6::28
freebsd.org mail is handled by 10 mx1.freebsd.org.
```

log: 


```
May 25 23:14:27 narf named[28832]: client 127.0.0.1#50724: query: freebsd.org IN A +
May 25 23:14:28 narf named[28832]: client 127.0.0.1#63642: query: freebsd.org IN AAAA +
May 25 23:14:28 narf named[28832]: client 127.0.0.1#49727: query: freebsd.org IN MX +
```

Anyone any thoughts it's been bothering me for days now ..


----------



## Ofloo (May 25, 2009)

I have cleared the firewall to make sure I wasn't blocking there dns servers .. or any root servers .. appears to be the same problem.


----------



## DutchDaemon (May 25, 2009)

Try [cmd=]rndc flush[/cmd] and [cmd=]/etc/rc.d/named restart[/cmd]. Then try again.


----------



## DutchDaemon (May 25, 2009)

Alternatively, try

[cmd=]dig @174.36.28.226 A opensourcecms.com[/cmd]
[cmd=]dig @174.36.29.58 A opensourcecms.com[/cmd]

Those are the authoritative nameservers for the domain.


----------



## Ofloo (May 26, 2009)

I don't see how restarting the server would help, .. however i did flushed them again and restarted it once more but no luck even not after the dig command, .. which doesn't make much sence how this would help for me either, .. the problem is not resolving it, i can resolve it using different name servers however i can't understand why it is that this domain in particular doesn't resolve. If nothing would work i could understand, .. but  everything works just not that domain at least that i know of, maybe there are more, usually this has a reason and i would like to know which one that could be.


----------



## Ofloo (May 26, 2009)

even the dig command works, at least i think it does, but this is because I'm using their nameservers i was thinking they didn't make proper glue records or a rootserver doesn't work for me or something however I can't see any errors which would suggest such a thing.


```
narf# dig @174.36.28.226 A opensourcecms.com

; <<>> DiG 9.4.3-P2 <<>> @174.36.28.226 A opensourcecms.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24218
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;opensourcecms.com.             IN      A

;; ANSWER SECTION:
opensourcecms.com.      14400   IN      A       174.36.29.57

;; AUTHORITY SECTION:
opensourcecms.com.      86400   IN      NS      ns1.opensourcecms.com.
opensourcecms.com.      86400   IN      NS      ns2.opensourcecms.com.

;; ADDITIONAL SECTION:
ns1.opensourcecms.com.  14400   IN      A       174.36.28.226
ns2.opensourcecms.com.  14400   IN      A       174.36.29.58

;; Query time: 143 msec
;; SERVER: 174.36.28.226#53(174.36.28.226)
;; WHEN: Tue May 26 01:21:04 2009
;; MSG SIZE  rcvd: 119

narf# dig @174.36.29.58 A opensourcecms.com

; <<>> DiG 9.4.3-P2 <<>> @174.36.29.58 A opensourcecms.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49090
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;opensourcecms.com.             IN      A

;; ANSWER SECTION:
opensourcecms.com.      14400   IN      A       174.36.29.57

;; AUTHORITY SECTION:
opensourcecms.com.      86400   IN      NS      ns1.opensourcecms.com.
opensourcecms.com.      86400   IN      NS      ns2.opensourcecms.com.

;; ADDITIONAL SECTION:
ns1.opensourcecms.com.  14400   IN      A       174.36.28.226
ns2.opensourcecms.com.  14400   IN      A       174.36.29.58

;; Query time: 145 msec
;; SERVER: 174.36.29.58#53(174.36.29.58)
;; WHEN: Tue May 26 01:21:09 2009
;; MSG SIZE  rcvd: 119
```


----------



## DutchDaemon (May 26, 2009)

I was only trying to establish whether your system was able to contact the authoritative nameservers directly. You didn't mention anything about being able to resolve the domain otherwise, so next time you ask for help, state your problem more precisely if you want better help. If a direct dig works and flushing your DNS cache doesn't clear things up, I have no additional ideas on how to solve your problem.


----------



## Ofloo (May 26, 2009)

I'm sorry didn't mean to criticise your help, was tired was tired last night so, .. but thanks for trying.


----------



## Ofloo (May 26, 2009)

i get these errors with nslookup


```
narf# nslookup opensourcecms.com
;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; Got SERVFAIL reply from 212.71.19.98, trying next server
;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; Got SERVFAIL reply from 212.71.19.98, trying next server
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find opensourcecms.com: NXDOMAIN
```


----------



## DutchDaemon (May 26, 2009)

What does [cmd=]dig opensourcecms.com +trace[/cmd] produce?

It should be something like this:


```
$ dig opensourcecms.com +trace

; <<>> DiG 9.4.3-P2 <<>> opensourcecms.com +trace
;; global options:  printcmd
.			36776	IN	NS	B.ROOT-SERVERS.NET.
.			36776	IN	NS	H.ROOT-SERVERS.NET.
.			36776	IN	NS	I.ROOT-SERVERS.NET.
.			36776	IN	NS	D.ROOT-SERVERS.NET.
.			36776	IN	NS	L.ROOT-SERVERS.NET.
.			36776	IN	NS	E.ROOT-SERVERS.NET.
.			36776	IN	NS	K.ROOT-SERVERS.NET.
.			36776	IN	NS	F.ROOT-SERVERS.NET.
.			36776	IN	NS	G.ROOT-SERVERS.NET.
.			36776	IN	NS	M.ROOT-SERVERS.NET.
.			36776	IN	NS	A.ROOT-SERVERS.NET.
.			36776	IN	NS	C.ROOT-SERVERS.NET.
.			36776	IN	NS	J.ROOT-SERVERS.NET.
;; Received 316 bytes from 192.168.2.1#53(192.168.2.1) in 28 ms

com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	A.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	D.GTLD-SERVERS.NET.
;; Received 495 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 34 ms

opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
;; Received 103 bytes from 192.35.51.30#53(F.GTLD-SERVERS.NET) in 176 ms

opensourcecms.com.	14400	IN	A	174.36.29.57
opensourcecms.com.	86400	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	86400	IN	NS	ns2.opensourcecms.com.
;; Received 119 bytes from 174.36.28.226#53(ns1.opensourcecms.com) in 148 ms
```


----------



## BuSerD (May 26, 2009)

Ofloo said:
			
		

> i get these errors with nslookup
> 
> 
> ```
> ...



This does confirm that your nameservers are not able to resolve the domain. I too am lost on how to correct this at your namesever but you can always add an opendns nameserver to your resolv.conf and rerun the dig, nslook and host commands to verify that it is working as you would expect. Just a suggestion; do with it what you will ï¿½e


----------



## Ofloo (May 27, 2009)

I have plenty of nameservers which i can add i'm just wondering why only one hostname is not resolving.

i can resolve google.com, freebsd.org, .. any except that one domain that i know off so i want to know why usually smaller problems underline bigger issues.


----------



## DutchDaemon (May 27, 2009)

Did you run the +trace option by now? Because that will show where the lookup starts to fail.


----------



## vivek (May 27, 2009)

Ofloo said:
			
		

> I have plenty of nameservers which i can add i'm just wondering why only one hostname is not resolving.
> 
> i can resolve google.com, freebsd.org, .. any except that one domain that i know off so i want to know why usually smaller problems underline bigger issues.



We sometime block all queries (including dns, httpd, mail and so on) from specific IPs / netblock to a very large portal in my country to due to abuse, spam or any other issue that can create security issue. This may be the case. Contact hostmaster and see if they can help to unblock your server IP.


----------



## Ofloo (May 28, 2009)

i can dig them directly they just do not resolve so there is no such thing as a block on the dns server, i can connect to the server and dig their dns records.


----------



## DutchDaemon (May 28, 2009)

Run [cmd=]dig opensourcecms.com +trace[/cmd] already! At least you'll know where resolving stops or times out.


----------



## Ofloo (May 29, 2009)

Thank you for the tip


```
dig opensourcecms.com +trace

; <<>> DiG 9.4.3-P2 <<>> opensourcecms.com +trace
;; global options:  printcmd
.			471948	IN	NS	L.ROOT-SERVERS.NET.
.			471948	IN	NS	I.ROOT-SERVERS.NET.
.			471948	IN	NS	A.ROOT-SERVERS.NET.
.			471948	IN	NS	E.ROOT-SERVERS.NET.
.			471948	IN	NS	H.ROOT-SERVERS.NET.
.			471948	IN	NS	G.ROOT-SERVERS.NET.
.			471948	IN	NS	K.ROOT-SERVERS.NET.
.			471948	IN	NS	F.ROOT-SERVERS.NET.
.			471948	IN	NS	M.ROOT-SERVERS.NET.
.			471948	IN	NS	C.ROOT-SERVERS.NET.
.			471948	IN	NS	J.ROOT-SERVERS.NET.
.			471948	IN	NS	B.ROOT-SERVERS.NET.
.			471948	IN	NS	D.ROOT-SERVERS.NET.
;; Received 272 bytes from 127.0.0.1#53(127.0.0.1) in 16 ms

com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	A.GTLD-SERVERS.NET.
;; Received 495 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 280 ms

opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
;; Received 103 bytes from 192.41.162.30#53(L.GTLD-SERVERS.NET) in 112 ms

dig: couldn't get address for 'ns1.opensourcecms.com': not found
```

Sorry hadn't noticed your early responds.


----------



## DutchDaemon (May 29, 2009)

So there's nothing wrong with your DNS querying either the root servers (.) or the .com TLD servers. You get the glue records, but you cannot resolve them, even though you can dig the associated IP addresses directly and get an authoritative (aa) reply.

Can you run [cmd=]tcpdump -s 0 -pnli $ext_if proto UDP and port 53 and net 174.36.28.0/23[/cmd]? Replace $ext_if with what it actually is (xl0, fxp0, rl0, bge0, whatever)

You should see this when running that dig+trace command in a different console:


```
23:06:57.714857 IP [local.ip].64051 > 174.36.28.226.53: 30621 A? opensourcecms.com. (35)
23:06:57.850854 IP 174.36.28.226.53 > [local.ip].64051: 30621*- 1/2/2 A 174.36.29.57 (119)
```

If you don't, just run [cmd=]tcpdump -s 0 -pnli $ext_if proto UDP and port 53[/cmd] and check where that dig+trace ends exactly.

Reference:


```
23:11:50.012030 IP [local.ip].60858 > [local.dns].53: 7703 NS? . (17)
23:11:50.012806 IP [local.dns].53 > [local.ip].60858: 7703 13/0/14 NS K.ROOT-SERVERS.NET., NS L.ROOT-SERVERS.NET., NS H.ROOT-SERVERS.NET., NS F.ROOT-SERVERS.NET., NS C.ROOT-SERVERS.NET., NS M.ROOT-SERVERS.NET., NS G.ROOT-SERVERS.NET., NS J.ROOT-SERVERS.NET., NS A.ROOT-SERVERS.NET., NS E.ROOT-SERVERS.NET., NS B.ROOT-SERVERS.NET., NS I.ROOT-SERVERS.NET., NS D.ROOT-SERVERS.NET. (500)
23:11:50.014391 IP [local.ip].63365 > [local.dns].53: 63173+ A? H.ROOT-SERVERS.NET. (36)
23:11:50.015189 IP [local.dns].53 > [local.ip].63365: 63173 1/4/8 A 128.63.2.53 (292)
23:11:50.015246 IP [local.ip].50452 > [local.dns].53: 63174+ AAAA? H.ROOT-SERVERS.NET. (36)
23:11:50.015970 IP [local.dns].53 > [local.ip].50452: 63174 1/4/8 AAAA 2001:500:1::803f:235 (304)
23:11:50.016074 IP [local.ip].61948 > 128.63.2.53.53: 40451 A? opensourcecms.com. (35)
23:11:50.153513 IP 128.63.2.53.53 > [local.ip].61948: 40451- 0/13/14 (495)
23:11:50.154130 IP [local.ip].57607 > [local.dns].53: 63175+ A? h.gtld-servers.net. (36)
23:11:50.154769 IP [local.dns].53 > [local.ip].57607: 63175 1/7/7 A 192.54.112.30 (292)
23:11:50.154807 IP [local.ip].61206 > [local.dns].53: 63176+ AAAA? h.gtld-servers.net. (36)
23:11:50.155461 IP [local.dns].53 > [local.ip].61206: 63176 0/1/0 (103)
23:11:50.155522 IP [local.ip].57509 > 192.54.112.30.53: 62988 A? opensourcecms.com. (35)
23:11:50.176929 IP 192.54.112.30.53 > [local.ip].57509: 62988- 0/2/2 (103)
23:11:50.177232 IP [local.ip].63178 > [local.dns].53: 63177+ A? ns2.opensourcecms.com. (39)
23:11:50.177832 IP [local.dns].53 > [local.ip].63178: 63177 1/2/1 A 174.36.29.58 (103)
23:11:50.177877 IP [local.ip].57551 > [local.dns].53: 63178+ AAAA? ns2.opensourcecms.com. (39)
23:11:50.178497 IP [local.dns].53 > [local.ip].57551: 63178 0/1/0 (84)
23:11:50.178562 IP [local.ip].56264 > 174.36.29.58.53: 63383 A? opensourcecms.com. (35)
23:11:50.314687 IP 174.36.29.58.53 > [local.ip].56264: 63383*- 1/2/2 A 174.36.29.57 (119)
```


----------



## Ofloo (May 29, 2009)

i see it goes back and forth between 2 servers i've tcpdump both

```
narf# tcpdump -s 0 -pnli re0 proto UDP and port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:56:53.343876 IP 212.71.19.98.53731 > 192.5.5.241.53: 26694 A? opensourcecms.com. (35)
00:56:53.510411 IP 192.5.5.241.53 > 212.71.19.98.53731: 26694- 0/13/14 (495)
00:56:53.514049 IP 212.71.19.98.63704 > 192.12.94.31.53: 63904% [1au] A? D.GTLD-SERVERS.NET. (47)
00:56:53.548092 IP 192.12.94.31.53 > 212.71.19.98.63704: 63904*- 1/7/8 A 192.31.80.30 (303)
00:56:53.549898 IP 212.71.19.98.65204 > 192.12.94.31.53: 45887% [1au] AAAA? D.GTLD-SERVERS.NET. (47)
00:56:53.582930 IP 192.12.94.31.53 > 212.71.19.98.65204: 45887*- 0/1/1 (114)
00:56:53.583738 IP 212.71.19.98.62252 > 192.31.80.30.53: 1817 A? opensourcecms.com. (35)
00:56:53.710522 IP 192.31.80.30.53 > 212.71.19.98.62252: 1817- 0/2/2 (103)
00:56:53.713580 IP 212.71.19.98.58361 > 212.71.19.102.53: 38296+ A? ns2.opensourcecms.com. (39)
00:56:53.715043 IP 212.71.19.102.53 > 212.71.19.98.58361: 38296 ServFail 0/0/0 (39)
00:56:53.716552 IP 212.71.19.98.58723 > 212.71.19.102.53: 38296+ A? ns2.opensourcecms.com. (39)
00:56:53.717275 IP 212.71.19.102.53 > 212.71.19.98.58723: 38296 ServFail 0/0/0 (39)
00:56:53.718768 IP 212.71.19.98.58170 > 212.71.19.102.53: 38297+ AAAA? ns2.opensourcecms.com. (39)
00:56:53.719738 IP 212.71.19.102.53 > 212.71.19.98.58170: 38297 ServFail 0/0/0 (39)
00:56:53.721173 IP 212.71.19.98.50746 > 212.71.19.102.53: 38297+ AAAA? ns2.opensourcecms.com. (39)
00:56:53.721900 IP 212.71.19.102.53 > 212.71.19.98.50746: 38297 ServFail 0/0/0 (39)

spark# tcpdump -s 0 -pnli fxp0 proto UDP and port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on fxp0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:56:53.450232 IP 212.71.19.98.58361 > 212.71.19.102.53: 38296+ A? ns2.opensourcecms.com. (39)
00:56:53.451582 IP 212.71.19.102.53 > 212.71.19.98.58361: 38296 ServFail 0/0/0 (39)
00:56:53.453202 IP 212.71.19.98.58723 > 212.71.19.102.53: 38296+ A? ns2.opensourcecms.com. (39)
00:56:53.453812 IP 212.71.19.102.53 > 212.71.19.98.58723: 38296 ServFail 0/0/0 (39)
00:56:53.455419 IP 212.71.19.98.58170 > 212.71.19.102.53: 38297+ AAAA? ns2.opensourcecms.com. (39)
00:56:53.456273 IP 212.71.19.102.53 > 212.71.19.98.58170: 38297 ServFail 0/0/0 (39)
00:56:53.457824 IP 212.71.19.98.50746 > 212.71.19.102.53: 38297+ AAAA? ns2.opensourcecms.com. (39)
00:56:53.458437 IP 212.71.19.102.53 > 212.71.19.98.50746: 38297 ServFail 0/0/0 (39)
```


----------



## DutchDaemon (May 30, 2009)

Why is your nameserver querying 212.71.19.102 (k-lined.info.)? That's the one giving you the ServFail errors resulting in NXDOMAIN. Is that IP/host in either your /etc/resolv.conf or in your named.conf as a forwarder? If so, try removing it and have your DNS do all of its resolving directly. Or use your ISP DNS servers (ns[1|2].edpnet.net probably) as forwarders. I assume they will allow recursive queries from you. Oh, and check /etc/hosts as well. It wouldn't be the first time that a forgotten entry screws things up DNS-wise.


----------



## Ofloo (May 30, 2009)

that's just a second nameserver in the network don't understand why it is contacting it at all cause the resolv file doesn't even point to it.

also spark is the backup nameserver.


```
10:09:14.905867 IP (tos 0x0, ttl 64, id 10439, offset 0, flags [none], proto UDP (17), length 74, bad cksum 0 (->fde8)!) 212.71.19.98.54604 > 192.43.172.30.53: [bad udp cksum 27e9!] 62117% [1au] A? opensourcecms.com. ar: . OPT UDPsize=4096 OK (46)
10:09:14.965727 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto UDP (17), length 142) 192.43.172.30.53 > 212.71.19.98.54604: [udp sum ok] 62117- q: A? opensourcecms.com. 0/2/3 ns: opensourcecms.com. NS ns1.opensourcecms.com., opensourcecms.com. NS ns2.opensourcecms.com. ar: ns1.opensourcecms.com. A 174.36.28.226, ns2.opensourcecms.com. A 174.36.29.58, . OPT UDPsize=512 (114)
```

now i don't understand much from that however i can see the name servers yet it's not contacting.


----------



## Ofloo (May 30, 2009)

I don't really want the nameservers of my isp they filter traffic. Well they filter their dns servers, ..


----------



## Ofloo (May 30, 2009)

strange enough
	
	



```
narf# dig opensourcecms.com +trace

; <<>> DiG 9.4.3-P2 <<>> opensourcecms.com +trace
;; global options:  printcmd
.			516704	IN	NS	H.ROOT-SERVERS.NET.
.			516704	IN	NS	I.ROOT-SERVERS.NET.
.			516704	IN	NS	E.ROOT-SERVERS.NET.
.			516704	IN	NS	D.ROOT-SERVERS.NET.
.			516704	IN	NS	K.ROOT-SERVERS.NET.
.			516704	IN	NS	B.ROOT-SERVERS.NET.
.			516704	IN	NS	G.ROOT-SERVERS.NET.
.			516704	IN	NS	F.ROOT-SERVERS.NET.
.			516704	IN	NS	L.ROOT-SERVERS.NET.
.			516704	IN	NS	C.ROOT-SERVERS.NET.
.			516704	IN	NS	J.ROOT-SERVERS.NET.
.			516704	IN	NS	M.ROOT-SERVERS.NET.
.			516704	IN	NS	A.ROOT-SERVERS.NET.
;; Received 272 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
;; Received 495 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 113 ms

opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
;; Received 103 bytes from 192.42.93.30#53(g.gtld-servers.net) in 175 ms

opensourcecms.com.	14400	IN	A	174.36.29.57
opensourcecms.com.	86400	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	86400	IN	NS	ns2.opensourcecms.com.
;; Received 119 bytes from 174.36.29.58#53(ns2.opensourcecms.com) in 143 ms
```

however host opensourcecms.com doesn't work


----------



## Ofloo (May 30, 2009)

and now .. 


```
narf# dig opensourcecms.com +trace

; <<>> DiG 9.4.3-P2 <<>> opensourcecms.com +trace
;; global options:  printcmd
.			518389	IN	NS	L.ROOT-SERVERS.NET.
.			518389	IN	NS	E.ROOT-SERVERS.NET.
.			518389	IN	NS	J.ROOT-SERVERS.NET.
.			518389	IN	NS	H.ROOT-SERVERS.NET.
.			518389	IN	NS	I.ROOT-SERVERS.NET.
.			518389	IN	NS	D.ROOT-SERVERS.NET.
.			518389	IN	NS	F.ROOT-SERVERS.NET.
.			518389	IN	NS	K.ROOT-SERVERS.NET.
.			518389	IN	NS	G.ROOT-SERVERS.NET.
.			518389	IN	NS	B.ROOT-SERVERS.NET.
.			518389	IN	NS	A.ROOT-SERVERS.NET.
.			518389	IN	NS	M.ROOT-SERVERS.NET.
.			518389	IN	NS	C.ROOT-SERVERS.NET.
;; Received 456 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
com.			172800	IN	NS	A.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
;; Received 495 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 292 ms

opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
;; Received 103 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 164 ms

dig: couldn't get address for 'ns1.opensourcecms.com': not found
narf#
```


```
narf# dig opensourcecms.com +trace

; <<>> DiG 9.4.3-P2 <<>> opensourcecms.com +trace
;; global options:  printcmd
.			3600000	IN	NS	H.ROOT-SERVERS.NET.
.			3600000	IN	NS	G.ROOT-SERVERS.NET.
.			3600000	IN	NS	B.ROOT-SERVERS.NET.
.			3600000	IN	NS	C.ROOT-SERVERS.NET.
.			3600000	IN	NS	F.ROOT-SERVERS.NET.
.			3600000	IN	NS	M.ROOT-SERVERS.NET.
.			3600000	IN	NS	D.ROOT-SERVERS.NET.
.			3600000	IN	NS	J.ROOT-SERVERS.NET.
.			3600000	IN	NS	E.ROOT-SERVERS.NET.
.			3600000	IN	NS	K.ROOT-SERVERS.NET.
.			3600000	IN	NS	A.ROOT-SERVERS.NET.
.			3600000	IN	NS	L.ROOT-SERVERS.NET.
.			3600000	IN	NS	I.ROOT-SERVERS.NET.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
;; Received 495 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 134 ms

opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
;; Received 103 bytes from 192.48.79.30#53(j.gtld-servers.net) in 293 ms

opensourcecms.com.	14400	IN	A	174.36.29.57
opensourcecms.com.	86400	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	86400	IN	NS	ns2.opensourcecms.com.
;; Received 119 bytes from 174.36.29.58#53(ns2.opensourcecms.com) in 143 ms
```


```
narf# dig opensourcecms.com +trace

; <<>> DiG 9.4.3-P2 <<>> opensourcecms.com +trace
;; global options:  printcmd
.			518236	IN	NS	D.ROOT-SERVERS.NET.
.			518236	IN	NS	B.ROOT-SERVERS.NET.
.			518236	IN	NS	F.ROOT-SERVERS.NET.
.			518236	IN	NS	E.ROOT-SERVERS.NET.
.			518236	IN	NS	A.ROOT-SERVERS.NET.
.			518236	IN	NS	K.ROOT-SERVERS.NET.
.			518236	IN	NS	M.ROOT-SERVERS.NET.
.			518236	IN	NS	C.ROOT-SERVERS.NET.
.			518236	IN	NS	G.ROOT-SERVERS.NET.
.			518236	IN	NS	L.ROOT-SERVERS.NET.
.			518236	IN	NS	I.ROOT-SERVERS.NET.
.			518236	IN	NS	H.ROOT-SERVERS.NET.
.			518236	IN	NS	J.ROOT-SERVERS.NET.
;; Received 456 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
;; Received 495 bytes from 193.0.14.129#53(K.ROOT-SERVERS.NET) in 25 ms

opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
;; Received 103 bytes from 192.54.112.30#53(h.gtld-servers.net) in 22 ms

dig: couldn't get address for 'ns1.opensourcecms.com': not found
```


```
; <<>> DiG 9.4.3-P2 <<>> opensourcecms.com +trace
;; global options:  printcmd
.			3600000	IN	NS	I.ROOT-SERVERS.NET.
.			3600000	IN	NS	K.ROOT-SERVERS.NET.
.			3600000	IN	NS	E.ROOT-SERVERS.NET.
.			3600000	IN	NS	H.ROOT-SERVERS.NET.
.			3600000	IN	NS	M.ROOT-SERVERS.NET.
.			3600000	IN	NS	B.ROOT-SERVERS.NET.
.			3600000	IN	NS	L.ROOT-SERVERS.NET.
.			3600000	IN	NS	J.ROOT-SERVERS.NET.
.			3600000	IN	NS	A.ROOT-SERVERS.NET.
.			3600000	IN	NS	F.ROOT-SERVERS.NET.
.			3600000	IN	NS	C.ROOT-SERVERS.NET.
.			3600000	IN	NS	G.ROOT-SERVERS.NET.
.			3600000	IN	NS	D.ROOT-SERVERS.NET.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	A.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
;; Received 507 bytes from 198.41.0.4#53(A.ROOT-SERVERS.NET) in 105 ms

opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
;; Received 103 bytes from 192.33.14.30#53(B.GTLD-SERVERS.NET) in 37 ms

opensourcecms.com.	14400	IN	A	174.36.29.57
opensourcecms.com.	86400	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	86400	IN	NS	ns2.opensourcecms.com.
;; Received 119 bytes from 174.36.28.226#53(ns1.opensourcecms.com) in 137 ms
```


```
narf# dig opensourcecms.com +trace

; <<>> DiG 9.4.3-P2 <<>> opensourcecms.com +trace
;; global options:  printcmd
.			3600000	IN	NS	H.ROOT-SERVERS.NET.
.			3600000	IN	NS	F.ROOT-SERVERS.NET.
.			3600000	IN	NS	E.ROOT-SERVERS.NET.
.			3600000	IN	NS	D.ROOT-SERVERS.NET.
.			3600000	IN	NS	A.ROOT-SERVERS.NET.
.			3600000	IN	NS	G.ROOT-SERVERS.NET.
.			3600000	IN	NS	C.ROOT-SERVERS.NET.
.			3600000	IN	NS	B.ROOT-SERVERS.NET.
.			3600000	IN	NS	J.ROOT-SERVERS.NET.
.			3600000	IN	NS	K.ROOT-SERVERS.NET.
.			3600000	IN	NS	M.ROOT-SERVERS.NET.
.			3600000	IN	NS	L.ROOT-SERVERS.NET.
.			3600000	IN	NS	I.ROOT-SERVERS.NET.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

com.			172800	IN	NS	B.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
com.			172800	IN	NS	A.GTLD-SERVERS.NET.
;; Received 495 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 178 ms

opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
;; Received 103 bytes from 192.31.80.30#53(D.GTLD-SERVERS.NET) in 133 ms

opensourcecms.com.	14400	IN	A	174.36.29.57
opensourcecms.com.	86400	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	86400	IN	NS	ns2.opensourcecms.com.
;; Received 119 bytes from 174.36.29.58#53(ns2.opensourcecms.com) in 142 ms
```

different gtld-servers.net different result?

even stranger:


```
narf# dig opensourcecms.com +trace

; <<>> DiG 9.4.3-P2 <<>> opensourcecms.com +trace
;; global options:  printcmd
.			518395	IN	NS	B.ROOT-SERVERS.NET.
.			518395	IN	NS	H.ROOT-SERVERS.NET.
.			518395	IN	NS	K.ROOT-SERVERS.NET.
.			518395	IN	NS	L.ROOT-SERVERS.NET.
.			518395	IN	NS	G.ROOT-SERVERS.NET.
.			518395	IN	NS	A.ROOT-SERVERS.NET.
.			518395	IN	NS	D.ROOT-SERVERS.NET.
.			518395	IN	NS	M.ROOT-SERVERS.NET.
.			518395	IN	NS	J.ROOT-SERVERS.NET.
.			518395	IN	NS	E.ROOT-SERVERS.NET.
.			518395	IN	NS	C.ROOT-SERVERS.NET.
.			518395	IN	NS	F.ROOT-SERVERS.NET.
.			518395	IN	NS	I.ROOT-SERVERS.NET.
;; Received 508 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

com.			172800	IN	NS	L.GTLD-SERVERS.NET.
com.			172800	IN	NS	C.GTLD-SERVERS.NET.
com.			172800	IN	NS	M.GTLD-SERVERS.NET.
com.			172800	IN	NS	H.GTLD-SERVERS.NET.
com.			172800	IN	NS	J.GTLD-SERVERS.NET.
com.			172800	IN	NS	G.GTLD-SERVERS.NET.
com.			172800	IN	NS	D.GTLD-SERVERS.NET.
com.			172800	IN	NS	I.GTLD-SERVERS.NET.
com.			172800	IN	NS	F.GTLD-SERVERS.NET.
com.			172800	IN	NS	A.GTLD-SERVERS.NET.
com.			172800	IN	NS	B.GTLD-SERVERS.NET.
com.			172800	IN	NS	E.GTLD-SERVERS.NET.
com.			172800	IN	NS	K.GTLD-SERVERS.NET.
;; Received 507 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 41 ms

opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
;; Received 103 bytes from 192.33.14.30#53(B.GTLD-SERVERS.NET) in 37 ms

dig: couldn't get address for 'ns1.opensourcecms.com': not found
```

it doesn't resolve now ?


----------



## Ofloo (May 30, 2009)

resolv.conf:


```
nameserver      127.0.0.1
domain          ofloo.net
search          ofloo.net
```

hosts:


```
# $FreeBSD: src/etc/hosts,v 1.16.32.1 2009/04/15 03:14:26 kensmith Exp $
#
# Host Database
#
# This file should contain the addresses and aliases for local hosts that
# share this file.  Replace 'my.domain' below with the domainname of your
# machine.
#
# In the presence of the domain name service or NIS, this file may
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
#
#
::1                     localhost
127.0.0.1               localhost
#
# Imaginary network.
#10.0.0.2               myname.my.domain myname
#10.0.0.3               myfriend.my.domain myfriend
#
# According to RFC 1918, you can use the following IP networks for
# private nets which will never be connected to the Internet:
#
#       10.0.0.0        -   10.255.255.255
#       172.16.0.0      -   172.31.255.255
#       192.168.0.0     -   192.168.255.255
#
# In case you want to be able to connect to the Internet, you need
# real official assigned numbers.  Do not try to invent your own network
# numbers but instead get one from your network provider (if any) or
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
#
212.71.19.98 narf narf.ofloo.net
```

named.conf:

```
options {
  directory             "/etc/namedb";
  pid-file              "/var/run/named/pid";
  dump-file             "/var/dump/named_dump.db";
  statistics-file       "/var/stats/named.stats";
  listen-on { any; };
  listen-on-v6 { any; };
//  forward only;
//  forwarders { 127.0.0.1; };
//  query-source address 83.217.95.* port 53;
//  recursion no;
  allow-query { lan; };
  allow-recursion { lan; };
  allow-query-cache { lan; };
  blackhole { bogusnets; };
};

logging {
  category default {
    default_syslog;
    default_stderr;
  };
  channel default_syslog {
    syslog daemon;
    severity warning;
  };  
  category unmatched { null; };
};

acl bogusnets {
  0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 5.0.0.0/8; 7.0.0.0/8; 10.0.0.0/8;
  23.0.0.0/8; 27.0.0.0/8; 31.0.0.0/8; 36.0.0.0/8; 37.0.0.0/8; 39.0.0.0/8;
  42.0.0.0/8; 49.0.0.0/8; 50.0.0.0/8; 77.0.0.0/8; 78.0.0.0/8; 79.0.0.0/8;
  92.0.0.0/8; 93.0.0.0/8; 94.0.0.0/8; 95.0.0.0/8; 96.0.0.0/8; 97.0.0.0/8;
  98.0.0.0/8; 99.0.0.0/8; 100.0.0.0/8; 101.0.0.0/8; 102.0.0.0/8; 103.0.0.0/8;
  104.0.0.0/8; 105.0.0.0/8; 106.0.0.0/8; 107.0.0.0/8; 108.0.0.0/8; 109.0.0.0/8;
  110.0.0.0/8; 111.0.0.0/8; 112.0.0.0/8; 113.0.0.0/8; 114.0.0.0/8; 115.0.0.0/8;
  116.0.0.0/8; 117.0.0.0/8; 118.0.0.0/8; 119.0.0.0/8; 120.0.0.0/8; 169.254.0.0/16;
  172.16.0.0/12; 173.0.0.0/8; 174.0.0.0/8; 175.0.0.0/8; 176.0.0.0/8; 177.0.0.0/8;
  178.0.0.0/8; 179.0.0.0/8; 180.0.0.0/8; 181.0.0.0/8; 182.0.0.0/8; 183.0.0.0/8;
  184.0.0.0/8; 185.0.0.0/8; 186.0.0.0/8; 187.0.0.0/8; 192.0.2.0/24; 192.168.0.0/16;
  197.0.0.0/8; 223.0.0.0/8; 224.0.0.0/3;
};

acl lan {
  127.0.0.0/8; 212.71.19.96/28; 2002:d447:1360::/44; ::1/16;
};

acl trans {
  70.84.177.192/29; 204.11.167.24/29; 69.94.133.163; 69.94.134.20; 66.252.1.255;
  195.234.42.0/24; 193.218.105.144/28; 80.82.17.242; 87.98.164.164; 88.191.64.64;
  208.79.240.3; 208.79.241.3;
  212.71.19.96/28;
};

zone "." { 
  type hint; file "named.root"; 
};

zone "0.0.127.IN-ADDR.ARPA" {
  type master;
  file "/etc/namedb/master/REVERSE-0.0.127.IN-ADDR.ARPA";
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
  type master;
  file "/etc/namedb/master/localhost-v6.rev";
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
  type master;
  file "/etc/namedb/master/localhost-v6.rev";
};

zone "1.168.192.in-addr.arpa" {
  type master;
  file "/etc/namedb/master/REVERSE-1.168.192.IN-ADDR.ARPA";
  allow-transfer { 212.71.19.96/28; };
};

zone "2.6.3.1.7.4.4.d.2.0.0.2.ip6.arpa" {
  type master;
  file "/etc/namedb/master/REVERSE-2002-d447-1362_48.IP6.ARPA";
  allow-query { any; };
  allow-transfer { trans; };
};

zone "6.6.3.1.7.4.4.d.2.0.0.2.ip6.arpa" {
  type master;
  file "/etc/namedb/master/REVERSE-2002-d447-1366_48.IP6.ARPA";
  allow-query { any; };
  allow-transfer { trans; };
};

zone "e.6.3.1.7.4.4.d.2.0.0.2.ip6.arpa" {
  type master;
  file "/etc/namedb/master/REVERSE-2002-d447-136e_48.IP6.ARPA";
  allow-query { any; };
  allow-transfer { trans; };
};

zone "ofloo.net" {
  type master;
  file "/etc/namedb/master/ofloo.net.hosts";
  allow-query { any; };
  allow-transfer { trans; };
};
```


----------



## Ofloo (May 30, 2009)

```
12:56:55.703491 IP (tos 0x0, ttl 52, id 47253, offset 0, flags [none], proto UDP (17), length 562) 192.5.5.241.53 > 212.71.19.98.63785: [udp sum ok] 62199- q: A? opensourcecms.com. 0/13/16 ns: com. NS I.GTLD-SERVERS.NET., com. NS J.GTLD-SERVERS.NET., com. NS D.GTLD-SERVERS.NET., com. NS A.GTLD-SERVERS.NET., com. NS G.GTLD-SERVERS.NET., com. NS C.GTLD-SERVERS.NET., com. NS B.GTLD-SERVERS.NET., com. NS E.GTLD-SERVERS.NET., com. NS K.GTLD-SERVERS.NET., com. NS M.GTLD-SERVERS.NET., com. NS H.GTLD-SERVERS.NET., com. NS L.GTLD-SERVERS.NET., com. NS F.GTLD-SERVERS.NET. ar: A.GTLD-SERVERS.NET. A 192.5.6.30, B.GTLD-SERVERS.NET. A 192.33.14.30, C.GTLD-SERVERS.NET. A 192.26.92.30, D.GTLD-SERVERS.NET. A 192.31.80.30, E.GTLD-SERVERS.NET. A 192.12.94.30, F.GTLD-SERVERS.NET. A 192.35.51.30, G.GTLD-SERVERS.NET. A 192.42.93.30, H.GTLD-SERVERS.NET. A 192.54.112.30, I.GTLD-SERVERS.NET. A 192.43.172.30, J.GTLD-SERVERS.NET. A 192.48.79.30, K.GTLD-SERVERS.NET. A 192.52.178.30, L.GTLD-SERVERS.NET. A 192.41.162.30, M.GTLD-SERVERS.NET. A 192.55.83.30, A.GTLD-SERVERS.NET. AAAA 2001:503:a83e::2:30, B.GTLD-SERVERS.NET. AAAA 2001:503:231d::2:30, . OPT UDPsize=4096 OK (534)
12:56:55.705170 IP (tos 0x0, ttl 64, id 13489, offset 0, flags [none], proto UDP (17), length 74, bad cksum 0 (->4100)!) 212.71.19.98.62397 > 192.42.93.30.53: [bad udp cksum 7c1d!] 15843% [1au] A? opensourcecms.com. ar: . OPT UDPsize=4096 OK (46)
12:56:55.877602 IP (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto UDP (17), length 142) 192.42.93.30.53 > 212.71.19.98.62397: [udp sum ok] 15843- q: A? opensourcecms.com. 0/2/3 ns: opensourcecms.com. NS ns1.opensourcecms.com., opensourcecms.com. NS ns2.opensourcecms.com. ar: ns1.opensourcecms.com. A 174.36.28.226, ns2.opensourcecms.com. A 174.36.29.58, . OPT UDPsize=512 OK (114)
```


----------



## DutchDaemon (May 30, 2009)

Ofloo said:
			
		

> different gtld-servers.net different result?



Nah, every .com server gives you the same reply:


```
opensourcecms.com.	172800	IN	NS	ns1.opensourcecms.com.
opensourcecms.com.	172800	IN	NS	ns2.opensourcecms.com.
```

That's all they need to give to you, and that's all they do. It goes wrong in the next stage, when you query "some" nameserver to give you the A record for the nameservers you got from the .com servers. 

Unfortunately, dig doesn't print the IP address of the DNS server producing the final lookups, whether they succeed or fail. I have no idea why some lookups work and others fail.

The UDP checksum errors are cause for worry though, you should never see those.

You could look into OpenDNS (https://www.opendns.com/start/device/bind) for testing purposes. Use their DNS servers as forwarders in named.conf and see if these problems persist.


----------



## vivek (May 30, 2009)

DutchDaemon said:
			
		

> You could look into OpenDNS (https://www.opendns.com/start/device/bind) for testing purposes. Use their DNS servers as forwarders in named.conf and see if these problems persist.



Do not use OpenDNS server, use your ISP's forward server. OpenDNS may be good for your desktop  but not good for servers. They break few things and good luck getting anti spam RBL working with them. Many slashdot geeks consider OpenDNS as a scam - see http://news.slashdot.org/comments.pl?sid=1120359&cid=26771895. I won't use them on desktop too...


----------



## DutchDaemon (May 30, 2009)

I suggested OpenDNS for testing purposes only. Just to get the problem diagnosed. It is certainly not a serious option, and indeed, it breaks RBLs.


----------



## Ofloo (May 30, 2009)

from the moment the forwarders are set the problem is gone, i could use my isp however i don't like to do so cause they have content filters in place ordered by government, in order to filter specific sites.

But isn't there a way to fix this, i would assume one should be able to run dns like this?

any suggestions what could cause the UDP checksum errors ?


----------



## DutchDaemon (May 30, 2009)

Instead of setting OpenDNS as forwarders, you could set them as 2nd and 3rd resolver behind 127.0.0.1 in /etc/resolv.conf. That way they will only kick in when localhost can't resolve a host. I'm not sure about the ckecksum errors. I know most network cards have *tcp* checksum offloading (which may show up in tcpdump/wireshark as 'checksum errors' -- harmless), but I'm not sure whether they do *udp* checksum offloading producing the same type of error. If you have a different NIC laying around, you could try that.


----------



## Ofloo (May 30, 2009)

i did ifconfig re0 -txcsum -rxcsum

result:


```
narf# tcpdump -vv -s 0 -pnli re0 proto UDP and port 53
tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:51:59.148724 IP (tos 0x0, ttl 64, id 7163, offset 0, flags [none], proto UDP (17), length 74) 212.71.19.98.60138 > 192.41.162.30.53: [udp sum ok] 49721% [1au] A? opensourcecms.com. ar: . OPT UDPsize=4096 OK (46)
17:51:59.257627 IP (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto UDP (17), length 142) 192.41.162.30.53 > 212.71.19.98.60138: [udp sum ok] 49721- q: A? opensourcecms.com. 0/2/3 ns: opensourcecms.com. NS ns1.opensourcecms.com., opensourcecms.com. NS ns2.opensourcecms.com. ar: ns1.opensourcecms.com. A 174.36.28.226, ns2.opensourcecms.com. A 174.36.29.58, . OPT UDPsize=512 OK (114)
```

I will test a different NIC however after running the ifconfig command i didn't see any udp checksum errors anymore.. not in these queries and not in any other however this doesn't solve the problem.


----------



## DutchDaemon (May 30, 2009)

I'm still intrigued by the findings of posts 20/21 above. If you can correlate failed DNS lookups in one console with a tcpdump on that 102 address in another console, you really should try to find out why it even uses that address. I see you have your domain set as domain/search in /etc/resolv.conf. Any chance there's something going on in that zone file (e.g. records pointing to that 102 address)?


----------



## Ofloo (May 30, 2009)

of course there is records in zone files pointing to that address but those are just A records, .. there is no search or domain that would suggest otherwise in resolv.conf there used to be, however I've removed those.

I think it is really strange that this server is doing a dns query on 98 because I can't see why it would still do that.

except for it being a slave server, and this server has the same dns problem it doesn't resolve opensourcecms.com either

and now the dns ofcourse only shows the above in previous post only it doesn't show the 102 anymore except for other look ups but that might be because some processes might have the name server cached.


----------



## Ofloo (Apr 21, 2011)

*[solved]*

I finally found out what the problem was, .. blackhole { bogusnets; }; contained IP range of root servers.

And it works now however the udp checksums still appear.


----------



## Ofloo (Jul 9, 2011)

The issue was resolved the problem was an acl bogusnet


----------

