This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
internet:dns:dns_testing [2014/01/23 14:00] gcooper created |
internet:dns:dns_testing [2021/01/17 15:12] (current) gcooper |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== DNS Testing ====== | + | ====== DNS Testing |
http:// | http:// | ||
+ | |||
+ | ===== Source Port ===== | ||
+ | |||
+ | Newer DNS servers may fail to resolve when requests come from UDP port 53, rather than from a high (1024+), random port. | ||
+ | |||
+ | Bind name servers now default to random query source ports. | ||
+ | |||
+ | One may need to: | ||
+ | |||
+ | - Comment out an existing '' | ||
+ | - Adjust the firewall to allow all outgoing connections to UDP (and TCP) port 53 | ||
===== Linux ===== | ===== Linux ===== | ||
Line 11: | Line 22: | ||
===== Windows ===== | ===== Windows ===== | ||
+ | http:// | ||
+ | |||
+ | ===== Mail ===== | ||
+ | |||
+ | http:// | ||
+ | |||
+ | https:// | ||
+ | |||
+ | ===== Errors ===== | ||
+ | |||
+ | https:// | ||
+ | |||
+ | **SERVFAIL** messages show that the fully qualified domain name (FQDN) that has been looked up does exist, that the root name servers have information on the domain but that the authoritative name servers are not answering queries for this domain. | ||
+ | |||
+ | **SERVFAIL** messages can also result from DNSSEC problems. | ||
+ | |||
+ | For **NXDOMAIN**, | ||
+ | |||
+ | ===== Troubleshooting ===== | ||
+ | |||
+ | http:// | ||
+ | |||
+ | :!: **Name server ' | ||
+ | |||
+ | < | ||
+ | dig +trace < | ||
+ | </ | ||
+ | '' |