Date: Fri, 07 May 2010 09:02:13 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Jonathan Chen <jonathan.chen@solnetsolutions.co.nz> Cc: freebsd-questions@freebsd.org Subject: Re: DNS not working since May 6 2010 Message-ID: <4BE3C905.2000207@infracaninophile.co.uk> In-Reply-To: <3336_1273178399_4BE3291E_3336_4_1_4BE32922.4090608@solnetsolutions.co.nz> References: <3336_1273178399_4BE3291E_3336_4_1_4BE32922.4090608@solnetsolutions.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/05/2010 21:40:02, Jonathan Chen wrote: > I've got a small DNS server on my home network, and ever since May 6, > 2010 (co-incidentally DNSSEC root sign day), lookups on freebsd.org have > started failing. eg: Uh, the DURZ was installed on j.root; the last one of the root servers to get it. Besides, .org was DNSSEC signed way back in June 2009. That is not causing your problem here. > ~,8:36am> dig www.freebsd.org a > > ; <<>> DiG 9.6.1-P3 <<>> www.freebsd.org a > ;; global options: +cmd > ;; connection timed out; no servers could be reached > > Lookups on other domains still appear to work, Google, OpenBSD, NetBSD, > etc. Is anyone else seeing this? How do I fix it? Works fine here: % dig +short www.freebsd.org a 69.147.83.33 Hmmm.... DNS for freebsd.org is provided by ISC. They had a fibre break yesterday -- no idea whether it could have affected resolving freebsd.org but it's worth trying again now its all been repaired. Otherwise, you need to work out why the DNS lookup is failing. That means turning up the logging on your recursive server and hunting for clues. Probably the biggest cause of DNS problems at the moment are firewalls that do not handle large UDP packets properly and that interfere with the EDNS and/or fall-back to TCP algorithms used. You can test that using: https://www.dns-oarc.net/oarc/services/replysizetest Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvjyQUACgkQ8Mjk52CukIzpGQCfXqIAySAfR/zH7lo2beKvfHs+ Zd8An3QMXUrUQgec0ftbgS/5aTcTEKX3 =xuja -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BE3C905.2000207>