Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 07 May 2010 09:02:13 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Jonathan Chen <jonathan.chen@solnetsolutions.co.nz>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: DNS not working since May 6 2010
Message-ID:  <4BE3C905.2000207@infracaninophile.co.uk>
In-Reply-To: <3336_1273178399_4BE3291E_3336_4_1_4BE32922.4090608@solnetsolutions.co.nz>
References:  <3336_1273178399_4BE3291E_3336_4_1_4BE32922.4090608@solnetsolutions.co.nz>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/05/2010 21:40:02, Jonathan Chen wrote:

> I've got a small DNS server on my home network, and ever since May 6,
> 2010 (co-incidentally DNSSEC root sign day), lookups on freebsd.org have
> started failing. eg:

Uh, the DURZ was installed on j.root; the last one of the root servers
to get it.  Besides, .org was DNSSEC signed way back in June 2009. That
is not causing your problem here.

>   ~,8:36am> dig www.freebsd.org a
> 
>   ; <<>> DiG 9.6.1-P3 <<>> www.freebsd.org a
>   ;; global options: +cmd
>   ;; connection timed out; no servers could be reached
> 
> Lookups on other domains still appear to work, Google, OpenBSD, NetBSD,
> etc. Is anyone else seeing this? How do I fix it?

Works fine here:

% dig +short www.freebsd.org a
69.147.83.33

Hmmm.... DNS for freebsd.org is provided by ISC.  They had a fibre break
yesterday -- no idea whether it could have affected resolving
freebsd.org but it's worth trying again now its all been repaired.

Otherwise, you need to work out why the DNS lookup is failing.  That
means turning up the logging on your recursive server and hunting for
clues.  Probably the biggest cause of DNS problems at the moment are
firewalls that do not handle large UDP packets properly and that
interfere with the EDNS and/or fall-back to TCP algorithms used.  You
can test that using:

https://www.dns-oarc.net/oarc/services/replysizetest

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvjyQUACgkQ8Mjk52CukIzpGQCfXqIAySAfR/zH7lo2beKvfHs+
Zd8An3QMXUrUQgec0ftbgS/5aTcTEKX3
=xuja
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BE3C905.2000207>