Nameserver Problem Revisited -

Bob Goodwin - W2BOD bobgoodwin at wildblue.net
Sat Apr 7 16:07:47 UTC 2007 

Tim wrote:
> On Sat, 2007-04-07 at 10:42 -0400, Bob Goodwin - W2BOD wrote:
>> This scheme worked nicely until this morning!
>
> [giving null DNS answers, locally]
>
>> Suddenly things have returned to the earlier state where the browser 
>> downloads each ad again, requiring about a minute to bring up a news 
>> article instead of the few seconds that were required after making the
>> suggested changes to /var/named/chroot/etc/blocked.conf and dead.zone,
>> etc.
>
> Well, no changes should have been made to the dead.zone, it was
> perfectly fine as it was originally provided.  But as long as the serial
> number is set higher than previously used, that won't matter.

    The serial number was left at and still is 200 after the discussion
    the other day.

>
> The thing that springs to mind is for you to check whether
> your /etc/resolv.conf file has been changed by any dynamic processes.
> You'll need to have your special DNS server configured as the first one
> to use, for this to work.
cat /etc/resolv.conf

nameserver 127.0.0.1
nameserver 208.67.222.222      #Open DNS
nameserver 208.67.220.220      #Open DNS
nameserver 12.189.32.61        #ISP provided DNS
>
> You can test how your server responds to queries with the dig command.
> You'd dig a domain name, and see the answers, and the address of the
> server that answered.
It looks like something is wrong with the local name caching? 
After several repetitions to cnn.com, should be a few milliseconds.:

.......  snip  ......

cnn.com.                89      IN      A       64.236.24.12
;; Query time: 2224 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Apr  7 11:55:32 2007
;; MSG SIZE  rcvd: 137
>
> e.g. dig a.blocked.domain.example.com
>
> You can also query a specific server, ignoring whatever's configured to
> be used in the resolv.conf file, by adding extra parameters (write the
> DNS server address to be queired after an @ sign).
>
> e.g. dig a.blocked.domain.example.com @127.0.0.1
It looks like this is working?

dig @anrtx.tacoda.net

; <<>> DiG 9.3.4 <<>> @anrtx.tacoda.net
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

Now I am confused?

Bob Goodwin

More information about the users mailing list