Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » dns » dns_testing
Trace:
internet:dns:dns_testing

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:dns:dns_testing [2016/01/17 09:57]
gcooper 		internet:dns:dns_testing [2021/01/17 15:12] (current)
gcooper
Line 2: Line 2:
  
 http://code.google.com/p/namebench/ http://code.google.com/p/namebench/
 +
 +===== Source Port =====
 +
 +Newer DNS servers may fail to resolve when requests come from UDP port 53, rather than from a high (1024+), random port.
 +
 +Bind name servers now default to random query source ports.  See Bind ''query-source'' option.
 +
 +One may need to:
 +
 +  - Comment out an existing ''query-source'' option and restart Bind
 +  - Adjust the firewall to allow all outgoing connections to UDP (and TCP) port 53
  
 ===== Linux ===== ===== Linux =====
Line 19: Line 30:
 https://testconnectivity.microsoft.com/ https://testconnectivity.microsoft.com/
  
-===== Troubleshooting =====+===== Errors =====
  
-:!: Name server 'glue' records (child name serversat the registrar have a long TTL...often 48 hours.  Changing IP addresses of these servers takes long time.+https://forums.extrahop.com/t/tip-of-the-week-dns-servfail-dns-nxdomain-truncated-dns-requests/138 
 + 
 +**SERVFAIL** messages show that the fully qualified domain name (FQDNthat has been looked up does exist, that the root name servers have information on the domain but that the authoritative name servers are not answering queries for this domain. 
 + 
 +**SERVFAIL** messages can also result from DNSSEC problems.  You might try removing DNSSEC records at your registrar. 
 + 
 +For **NXDOMAIN**, you need to track down the registrar with tool such as 'whois' and find out why the domain is no longer available 
 + 
 +===== Troubleshooting =====
  
 http://serverfault.com/questions/629367/dns-external-lookup-servfail http://serverfault.com/questions/629367/dns-external-lookup-servfail
 +
 +:!: **Name server 'glue' records (child name servers) at the registrar have a long TTL**...often 48 hours.  Changing IP addresses of these servers takes a long time.
 +
 +<file>
 +dig +trace <domain>
 +</file>
 +
 +''dig +trace'' follows the whole chain from the beginning...it queries root servers, then .info servers then your name servers. Thus it avoids any caching resolvers, and also avoids propagation issues.
internet/dns/dns_testing.1453049834.txt.gz · Last modified: 2016/01/17 09:57 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki