Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[DNS] strange resolve issues with .org only???
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
e3k
Guru
Guru


Joined: 01 Oct 2007
Posts: 517
Location: Inner Space

PostPosted: Mon Dec 16, 2019 6:05 pm    Post subject: [DNS] strange resolve issues with .org only??? Reply with quote

i have unbound on my router as a local network dns resolver server running on an private IP. today i started my box and tried to update debian but it did not work. checked /etc/resolve.conf and the nameserver was correctly set up at 192.168.1.1

then i did dig debian.org and got: connection timed out; no servers could be reached
same with gentoo.org
alternatively i tried some non .org domains and they did resolve fine.
but the .org still would not. after playing with that a while i did try to resolve ietf.org and it did work fine.

afterwards everything started to work fine..

---

i understand it like:dig did not get an answer from 192.168.1.1 but only for .org requests??? is not that strange?
_________________
CLOSED|||||||||||LISTEN
SYN-SENT --> SYN-RECEIVED
ESTABLISHED <-- SYN-RECEIVED
ESTABLISHED --> ESTABLISHED
ESTABLISHED --> <DATA> --> ESTABLISHED
Back to top
View user's profile Send private message
alamahant
Apprentice
Apprentice


Joined: 23 Mar 2019
Posts: 257

PostPosted: Mon Dec 16, 2019 6:30 pm    Post subject: Reply with quote

It very strange behavior.
I dont know about unbound but in bind, nowadays one should explicitly disable ipv6 using the OPTIONS="....-4" in /etc/conf.d/named otherwise the server will keep listening on ipv6 and not reply in ipv4.
Also there is a clause
Code:
allow-query {localhost; <your-network/network-netmask> };
otherwise the server will not respond.
Moreover its nice to disable ipv6 using
Code:
listen-on-v6 { none; }; 
listen on port 53 { any; };

Use
Code:
netstat -tulpen | grep 53
to check where is the server listening...
Try to apply something similar to unbound and check if it solves the problem.........
Back to top
View user's profile Send private message
e3k
Guru
Guru


Joined: 01 Oct 2007
Posts: 517
Location: Inner Space

PostPosted: Tue Dec 17, 2019 11:27 am    Post subject: Reply with quote

well as i wrote the issue resolved "it self" without me changing anything. but yes i have now setup unbound to bind only to ipv4.
---edit---

on 20200111 it was again here. same issue... not sure why but only .org got problems to resolve. tried to dig directly from router but it was working and instantly on a client but it started to work there also.
_________________
CLOSED|||||||||||LISTEN
SYN-SENT --> SYN-RECEIVED
ESTABLISHED <-- SYN-RECEIVED
ESTABLISHED --> ESTABLISHED
ESTABLISHED --> <DATA> --> ESTABLISHED
Back to top
View user's profile Send private message
e3k
Guru
Guru


Joined: 01 Oct 2007
Posts: 517
Location: Inner Space

PostPosted: Mon Jan 13, 2020 7:47 pm    Post subject: Reply with quote

$ dig debian.org

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> debian.org
;; global options: +cmd
;; connection timed out; no servers could be reached
kago@debian:~$ dig @a0.org.afilias-nst.info. debian.org
dig: couldn't get address for 'a0.org.afilias-nst.info.': failure

anyone now?

it is gone 20200113 20:49 UTC+1
_________________
CLOSED|||||||||||LISTEN
SYN-SENT --> SYN-RECEIVED
ESTABLISHED <-- SYN-RECEIVED
ESTABLISHED --> ESTABLISHED
ESTABLISHED --> <DATA> --> ESTABLISHED
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum