|
|
#1 |
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
Strange DNS lookup problems
I experience strange DNS lookup failures with my 10.2.6 box.
I've set up a Debian Linux box as our router/firewall. Before that we had a hardware router/firewall with which I had no problems. The problem is sometimes a domain works, sometimes I get an immediate "server not found". The same domains work from all of our windows boxes using the same router and the same name servers. So this can't be an issue with the linux box, right? If I do a manual domain lookup there's no problem and I can reach the hosts via their IP adresses. It doesn't matter which browser I use, and the same things happen with Mail and Sherlock. I really have no explanation for this bahaviour. Maybe someone else has? |
|
|
|
|
|
#2 |
|
Triple-A Player
Join Date: Apr 2003
Location: /dev/bpf1
Posts: 220
|
Why don't you try doing a dump on the network when such an event occurs. Maybe you can determine what is happening from looking at the actual communication with the boot server. What configuration are you using, DHCP or static IP? Does this problem occur momentarily or does it last? Could it be a problem with the browser? If you are using IE, try using Safari to see if the same behaviour is experienced.
AtomicTuesday
__________________
The True Master is the One Who Never Stops Learning. |
|
|
|
|
|
#3 |
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
You mean tcpdump? I tried to but I think I don't have enough geek genes to really understand that. You might ask why I try to setup a firewall then, but hey, everyone has to start somewhere.
We use static IP adresses. 192.168.1.0/24. The problem lasts, but it's always different. Sometimes I can't connect to e.g. macosxhints.com while I can connect to versiontracker.com. Sometimes it's the exact opposite. Or I can open all my Mac links in tabs and they all work. I try this with all my Linux links and 75% of them don't work. Then again, let's say ten minutes later, it's the other way round (is that correct english?). It doesn't matter which browser I use. Normally I use Safari but I also tried Mozilla, Explorer, OmniWeb, Opera. And as I said, it also happens in Mail and Sherlock. Maybe this is something for a linux forum? |
|
|
|
|
|
#4 |
|
Site Admin
Join Date: Jan 2002
Location: Montreal
Posts: 32,473
|
dnstracer
You could try the 'dnstracer' utility, which is available via fink. Using it, especially with the "-v" option, might tell you what is happening when the DNS is failing.
It sounds to me like certain DNS queries are not getting past your Linux router for some reason. |
|
|
|
|
|
#5 | |||||||||||||||||||
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
I tried dnstracer but it gives me nothing but stars. Am I a complete idiot?
What I can understand from tcpdump is that the name server gets queried and I get an answer. But that's all I can understand.
Sounds the same to me, but why are they getting through from our windows boxes? How do the DNS queries differ when made from a windows box? I hate things working on our windows boxes not working on our Macs. |
|||||||||||||||||||
|
|
|
|
|
#6 | ||||||||||||||||||||||||||||||||||||||
|
Site Admin
Join Date: Jan 2002
Location: Montreal
Posts: 32,473
|
I don't know why it would do that but it might be an indication of failure. Does that happen all the time or only when your Mac is having DNS problems? Here's what it gives on my system: Code:
% dnstracer www.macosxhints.com Tracing to www.macosxhints.com via 206.47.244.79, timeout 15 seconds 206.47.244.79 (206.47.244.79) Got answer |\___ ns2.amigo-3.com [macosxhints.com] (207.44.210.197) Got authoritative answer \___ ns.amigo-3.com [macosxhints.com] (207.44.210.196) Got authoritative answer
First off, are you sure that your Windows boxes aren't just using previously cached results from the DNS server? Try doing a 'traceroute' to your DNS server to see if the basic nectwork connectivity is there. (You siad that you see a reponse from the DNS server whne using tcpdump, so it seems like this is not the issue, but mybe worth doing anyway.) Try doing 'nslookup www.macosxhints.com' (or whatever other machine you are having trouble in getting DNS lookup for) Try the same thing from your Window boxes (nslookup should exist on Windows NT & XP, for others you may have to download it) |
||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
#7 | ||||||||||||||||||||||||||||||||||||||
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
This happens all the time and it doesn't matter if I try a host that's currently working or one which doesn't. Also the problems are there all the time but always with different hosts. I tried dnstracer on my Mac as well as on the firewall itself. Both with the same results. So I think the firewall is blocking some outgoing traffic that prevents dnstracer from working. I'll try to figure out what that is.
I'm quite sure, since I tried this mostly with mac related sites of which I know the windows user is surfing to. I'll try the suggested nslookups and traceroutes tomorrow because I'm not at work anymore now .Thanks for your help. |
||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
#8 |
|
Moderator
Join Date: Jan 2002
Posts: 10,677
|
Make sure the firewall is configured to allow UDP 53 from the DNS servers to pass..
|
|
|
|
|
|
#9 |
|
Triple-A Player
Join Date: Apr 2003
Location: /dev/bpf1
Posts: 220
|
olealf, are you saying that this behaviour is experienced in a single machine, while the other macs do not? I suggested doing a dump on the network since it could help us in determining what is going on. You can most probably get a free packet sniffer for windows from versiontracker.com. With it do a dump on the windows machine interface. Bring the output here. As well, do a dump for a mac which is experiencing the said behaviour, and bring that here also. Then we can examine what is happening. DNS is really composed of very few steps. The machine making the request, and the DNS server responding to the request. Of course, that DNS server may need to make its own requests to a higher level DNS server when it does not have a specific URL in its database. Maybe the errors are occuring at this stage.
Tuesday
__________________
The True Master is the One Who Never Stops Learning. |
|
|
|
|
|
#10 |
|
Prospect
Join Date: May 2003
Posts: 47
|
My suggestion is to try and debug this from the linux box and capture the inbound traffic from the mac and the outbound traffic on the internet side.
See: http://www.linuxjournal.com/article.php?sid=6446 for a pretty good explanation of how to use tcpdump. It's best to filter the traffic for that host only so: tcpdump -i <your LAN Interface> -nn host <IP address of MAC> and port 53 -w mac.log tcpdump -i <your ISP interface on Linux>> -nn host <IP address of MAC> and port 53 -w ISP.log Note the filtering on host and port. If you don't see much, then remove the port filter. Also, 2 log files are written, one for each interface on the linux box. Name doesn't matter as long as unique and identifiable. If you can put a pointer to these files via web, some of us can look at them to see if there are any clues. network issues like this are nearly impossible to debug without adequate data and we end up guessing. remember Gene Krantz's statement to flight controllers when Apollo 13 had that explosion: "Work the problem people... don't make it worse by guessing"... .
|
|
|
|
|
|
#11 |
|
Prospect
Join Date: May 2003
Posts: 47
|
I just remembered. If you have NAT enabled, the IP address on the outbound side will not be the Mac's, so just filter on port 53.
sorry for the confusion. |
|
|
|
|
|
#12 | |||||||||||||||||||
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
Did I say this is strange? I came to work today and the problem seems to have disappeared
. So I cannnot recreate the problem anymore. All hosts seem to work. I had this problem for four days now and I didn't change any configuration on both machines neither yesterday nor today. I didn't even reboot. Maybe posting here cures things magically? Anyway for this afternoon we hired a Linux geek. Maybe he can tell what's going on. I'll post here what he finds out. Also I'll do the tcpdumps as soon as the problem reappears.
If this wasn't the case, wouldn't that mean that all DNS queries fail? |
|||||||||||||||||||
|
|
|
|
|
#13 | |||||||||||||||||||
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
dgovoni, I posted my reply before reading yours.
No problem, I think I can't be more confused than I am already. |
|||||||||||||||||||
|
|
|
|
|
#14 | |||||||||||||||||||
|
Moderator
Join Date: Jan 2002
Posts: 10,677
|
They should yes, but if your firewall is flaky or your rulesets poor, possibly not. It could be that your primary/secondary DNS were flaky, & someone finally noticed & restarted bind (or the machine). |
|||||||||||||||||||
|
|
|
|
|
#15 | |||||||||||||||||||
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
Ah, now that you said that, I remember two weeks ago our provider's DNS had serious problems. They said they were solved, but... |
|||||||||||||||||||
|
|
|
|
|
#16 | |||||||||||||||||||
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
Okay, it's back again. I just could do a tcpdump while I couldn't reach www.oreillynet.com.
Here's what it gives me on my Mac:
Bad thing is I can't do it on one of our windows boxes right now, cause these machines are used by my boss. He's not here right now, so I can't just install something on one of his boxes while he's away... |
|||||||||||||||||||
|
|
|
|
|
#17 | |||||||||||||||||||
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
Another one with www.deskmod.com:
|
|||||||||||||||||||
|
|
|
|
|
#18 |
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
The linux geek was were, replaced my firewall config with his own and the problem remains. Now I at least know that my firewall config wasn't that bad but still no solution... Archive and install time?
|
|
|
|
|
|
#19 |
|
Prospect
Join Date: Jan 2002
Posts: 25
|
Check you network port configuration on the mac and make sure built in ethernet is first in the list or the port you are using is first.
Maybe create a new location on the mac and see if that helps. |
|
|
|
|
|
#20 |
|
Triple-A Player
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
|
Ethernet is first and the only one.
Created a new location to no avail. Thanks for all your help here. |
|
|
|
![]() |
|
|