odd DNS problem????????

Discussion in 'Server Operation' started by craig baker, May 28, 2008.

  1. craig baker

    craig baker Member HowtoForge Supporter

    on my continuing semi-newb problem series, I have a nasty thing going on (I fear).

    my server is a dual opteron 8gb 600gb scsi DAM nice fast server.
    TOP shows 99+ idle at all times. there is very little load on it as far as i can tell.

    BUT - I'm seeing weird DNS responses and need some assistance - even willing to pay anyone who wants to log in and help me out.
    ([email protected]).

    what I'm seeing is rather odd behaviour.

    If I do something that needs DNS resolution (my nameserver on the server is current centos 5.1 named) - say I pull up a webpage. the first time or two I pull up an address (only some of them alas) - the browser times out. 'server not responding' etc. type messages.
    then I refresh again and it pops up!

    so obviously named is not responding fast enough (or at all)? the first 2 requests.

    this is not fully repeatable but I think its also why some of my customers tell me they cant send or retrive mail (most are just fine). they send me screenshots of errors like 'cant find mail server' etc.

    now if they try the send/receive again they will eventually get it through but its obviously something I need to resolve.

    any suggestions? anythign to look at???

    the nameserver is ns5.cdbsystems.com if anyone wants to run tests on it :)

    and your help will be MOST appreciated (and even rewarded)

    thanks
    cdb.
     
  2. zcworld

    zcworld New Member

    ok problem
    ns4 is offline

    im not going to say the IP
    but when i try it
    nothing loaded
    maybe thats your problem
     
  3. craig baker

    craig baker Member HowtoForge Supporter

    NS4 problem

    true, NS4 is down (and probably will stay down) but I would have thought everything would have expired from NS4 by now and NS5 would have replaced everything...
    when I restarted named on NS5 I upped all serial numbers so I would have thought all caches would have replaced ns4 info by ns5 by now...
    cdb.
     
  4. zcworld

    zcworld New Member

    did that fix the problem with the timeouts in the now
     
  5. craig baker

    craig baker Member HowtoForge Supporter

    DNS issues

    I've redirected ns4 to the same ip as ns5 I'll see if that takes care of the odd delays.
    thanks
    cdb.
     
  6. craig baker

    craig baker Member HowtoForge Supporter

    DNS issues

    could you all do traceroutes to ns5.cdbsystems.com?
    I've been told by one customer he's seeing bad latencies but I'm not seeing anything rude.
    would appreciate it :)
    cdb.
     
  7. craig baker

    craig baker Member HowtoForge Supporter

    more weirdness - continuing DNS issue?????

    I just was doing some traceroutes to one of my domains and:

    E:\Documents and Settings\cdb>ping mail.weblawdog.com

    Pinging mail.weblawdog.com [71.163.161.26] with 32 bytes of data:

    Reply from 71.163.161.26: bytes=32 time=17ms TTL=247
    Reply from 71.163.161.26: bytes=32 time=15ms TTL=247

    Ping statistics for 71.163.161.26:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 17ms, Average = 16ms
    Control-C
    ^C
    ------------a bit later cdb:

    E:\Documents and Settings\cdb>tracert mail.weblawdog.com
    Unable to resolve target system name mail.weblawdog.com.

    ----- few secs later
    E:\Documents and Settings\cdb>tracert mail.weblawdog.com

    Tracing route to admin.weblawdog.com [71.163.161.26]
    over a maximum of 30 hops:

    1 * * * Request timed out.
    2 9 ms 7 ms 6 ms 10.7.168.1
    3 7 ms 7 ms 7 ms ip72-219-223-97.dc.dc.cox.net [72.219.223.97]
    4 7 ms 7 ms 15 ms mrfddsrj01-ge110.rd.dc.cox.net [68.100.0.161]
    5 11 ms 18 ms 8 ms ashbbbrj01-ae0.0.r2.as.cox.net [68.1.0.220]
    6 41 ms 10 ms 11 ms so-7-3-0-0.BB-RTR1.RES.verizon-gni.net [130.81.1
    0.89]
    7 11 ms 11 ms 9 ms P15-0.LCR-05.WASHDC.verizon-gni.net [130.81.28.1
    45]
    8 14 ms 11 ms 11 ms L1.VFTTP-29.WASHDC.verizon-gni.net [130.81.243.1
    29]
    9 25 ms 14 ms 14 ms mail.weblawdog.com [71.163.161.26]

    Trace complete.


    any ideas what is going on?????
    cdb.
     
  8. zcworld

    zcworld New Member

    [zcworld@zcworld ~]$ dig @ns5.cdbsystems.com cdbsystem.com

    ; <<>> DiG 9.5.0b2 <<>> @ns5.cdbsystems.com cdbsystem.com
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45116
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;cdbsystem.com. IN A

    ;; AUTHORITY SECTION:
    . 3600000 IN NS A.ROOT-SERVERS.NET.
    . 3600000 IN NS B.ROOT-SERVERS.NET.
    . 3600000 IN NS C.ROOT-SERVERS.NET.
    . 3600000 IN NS D.ROOT-SERVERS.NET.
    . 3600000 IN NS E.ROOT-SERVERS.NET.
    . 3600000 IN NS F.ROOT-SERVERS.NET.
    . 3600000 IN NS G.ROOT-SERVERS.NET.
    . 3600000 IN NS H.ROOT-SERVERS.NET.
    . 3600000 IN NS I.ROOT-SERVERS.NET.
    . 3600000 IN NS J.ROOT-SERVERS.NET.
    . 3600000 IN NS K.ROOT-SERVERS.NET.
    . 3600000 IN NS L.ROOT-SERVERS.NET.
    . 3600000 IN NS M.ROOT-SERVERS.NET.

    ;; Query time: 320 msec
    ;; SERVER: 71.163.161.26#53(71.163.161.26)
    ;; WHEN: Sat May 31 17:50:26 2008
    ;; MSG SIZE rcvd: 242

    [zcworld@zcworld ~]$ dig @ns5.cdbsystems.com www.cdbsystem.com

    ; <<>> DiG 9.5.0b2 <<>> @ns5.cdbsystems.com www.cdbsystem.com
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43094
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;www.cdbsystem.com. IN A

    ;; AUTHORITY SECTION:
    . 3600000 IN NS M.ROOT-SERVERS.NET.
    . 3600000 IN NS A.ROOT-SERVERS.NET.
    . 3600000 IN NS B.ROOT-SERVERS.NET.
    . 3600000 IN NS C.ROOT-SERVERS.NET.
    . 3600000 IN NS D.ROOT-SERVERS.NET.
    . 3600000 IN NS E.ROOT-SERVERS.NET.
    . 3600000 IN NS F.ROOT-SERVERS.NET.
    . 3600000 IN NS G.ROOT-SERVERS.NET.
    . 3600000 IN NS H.ROOT-SERVERS.NET.
    . 3600000 IN NS I.ROOT-SERVERS.NET.
    . 3600000 IN NS J.ROOT-SERVERS.NET.
    . 3600000 IN NS K.ROOT-SERVERS.NET.
    . 3600000 IN NS L.ROOT-SERVERS.NET.

    ;; Query time: 314 msec
    ;; SERVER: 71.163.161.26#53(71.163.161.26)
    ;; WHEN: Sat May 31 17:50:46 2008
    ;; MSG SIZE rcvd: 246

    [zcworld@zcworld ~]$





    the DNS / NS server : 71.163.161.26 goes to the web site
     
  9. zcworld

    zcworld New Member

    have you try doing an clean rebuild of your DNS
    and take it offline if you can like for 30 hrs to clean out any old cache of your DNS ... and than reload ...

    or try another DNS server for an short time to see if its fix the problem ...


    also tell them to check there DNS server list they are using
    make they got an iffy DNS server in there list they are on .....
     
  10. craig baker

    craig baker Member HowtoForge Supporter

  11. zcworld

    zcworld New Member

    ops ... was trying to do 30 things at once ... must of missed the s when i did copy n paste

    shows both NS servers to the same IP and the www to the IP

    on your DNS server and normal DNS servers .....
    so its looks like its all working fine here
    and the sites goes to the right place
     
  12. craig baker

    craig baker Member HowtoForge Supporter

    odd dns problems continue

    I repointed ns4 to ns5 since ns4 is currently down.
    ns5 is my shiny new centos 5.1 perfect server as per falko's excellent directions.

    problem is that when I do this from a cmd> prompt at home:

    E:\Documents and Settings\cdb>ping mail.weblawdog.com
    Ping request could not find host mail.weblawdog.com. Please check the name and t
    ry again.

    E:\Documents and Settings\cdb>ping mail.weblawdog.com

    Pinging admin.weblawdog.com [71.163.161.26] with 32 bytes of data:

    Reply from 71.163.161.26: bytes=32 time=15ms TTL=247
    Reply from 71.163.161.26: bytes=32 time=129ms TTL=247
    Reply from 71.163.161.26: bytes=32 time=16ms TTL=247
    Reply from 71.163.161.26: bytes=32 time=17ms TTL=247

    Ping statistics for 71.163.161.26:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 129ms, Average = 44ms


    these were done 1 sec apart. wtf is going on????
    I dont understand how ping doesnt know the host and next ping does?

    cdb.
     
  13. zcworld

    zcworld New Member

    worked first time for me
    pinging the mail.weblawdog.com address
    maybe its being updated in DNS servers

    but i use openDNS as my default DNS server

    really ... not sure .... maybe its your ISP DNS servers are taking there time on doing an DNS update thats all ?
     
  14. craig baker

    craig baker Member HowtoForge Supporter

    odd DNS problems continue!

    I'm seeing it pretty repeatedly at this point:

    from my windows xp laptop cmd prompt:

    first ping to www.snipemaster.com comes back 'could not find host www.snipemaster.com'

    second ping immediately aftwards replies just fine with 13ms-16ms times.
    all replying properly from 71.163.161.26.

    what on EARTH could be going on??????

    cdb.
     
  15. zcworld

    zcworld New Member

    ok simples its your end

    copy the IP for the DNS servers of your ISP from your router and paste it into your LAN/WLAN DNS server list on your windows box

    apply flush DNS / repair connection

    and try again
    same problem

    try openDNS DNS servers as default DNS to use

    thats all i can think of ....

    hope it may some cents ....
     
  16. craig baker

    craig baker Member HowtoForge Supporter

    odd DNS problem....

    I'm running BIND9 on my server (has have been doing forever).

    however, I've looked at my wifes notebook and its behaving same way as mine - first ping (or even 2) comes back unknown host then next ping responds properly.


    maybe I should dump named? but why would it be causing problems??
    cdb.
     
  17. zcworld

    zcworld New Member

    its not your server or its BIND

    change your DNS

    Network Connections - >Local Area Connection -> properties
    TCP/Ip -> properties \
    Use The Following DNS server addresses
    208.67.222.222
    208.67.220.220

    OpenDNS Server IP

    try them
    see if thats fix the problem
     
  18. craig baker

    craig baker Member HowtoForge Supporter

    thanks zc but does that SOLVE anything?

    I'll try openDNS - but my question still remains - I cant very well tell others to switch to openDNS can I if they cant ping my sites reliably?

    how do I find out what the problem really IS? arent there any free sites that will stress a server and report any problems?

    my server has a static ip (192.168.2.50) and its behind a xincom firewall passing all port 53 requests (as well as port 80 port 110 port 25 etc) to the static ip.

    maybe the firewall is malfunctioning?

    (in which case openDNS may or maynot seem to 'fix' things when they are not fixed)

    anyway thanks for the suggestion. but if it works, then something is wrong with Cox's DNS, and I cant do anything about that can I?
    cdb.
     
  19. falko

    falko Super Moderator ISPConfig Developer

    You can check your domain here: http://intodns.com
    Do you see errors or warnings there?
     
  20. craig baker

    craig baker Member HowtoForge Supporter

    no errors, some warnings

    that site tells me my SOA retry value is too high to be 'ok' but hardly would that be an issue (its 14400 and they recomment 9600).
    isnt there a site that will stress-test you?
    send 10000 requests and see if they all pass?

    also, I had to dump cyrus sasl - apparently the 64bit version is buggy (it kept segfaulting).
    switching to dovecot sasl seems to have cured the problem.
    since dovecot comes with it implemented why did you recommend cyrus anway?
    might want to change your perfect server to just use dovecots sasl.


    cdb.
     

Share This Page