 |
Linode Forum
Linode Community Forums
|
| Author |
Message |
pbuckner
Joined: 06 Jul 2011
Posts: 3
|
| Posted: Wed Jul 06, 2011 12:39 am Post subject: dhcp'd nameservers not resolving remote domain |
|
|
every few days, for a few hours at time, my node's unable to resolve dns lookup for 'www.hpc.ncep.noaa.gov'... I get temporary failure. That site's been around for years and four other (non-Linode) servers I have resolve without problems. (it failed for a hour late July 2nd, and it's been failing for four hours right now...)
I suspect the nameservers I'm getting via DHCP (74.207.242.5, 74.207.241.5) can resolve most sites, but fails for the above domain... why intermittently?
Code:
$ dig www.hpc.ncep.noaa.gov
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32906
yet using google's dns succeeds:
Code:
$ dig www.hpc.ncep.noaa.gov @8.8.8.8
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51063
;; ANSWER SECTION:
www.hpc.ncep.noaa.gov. 86185 IN CNAME edge-nws.woc.noaa.gov.
edge-nws.woc.noaa.gov. 85 IN CNAME edge-rev.lb.noaa.gov.
edge-rev.lb.noaa.gov. 28 IN A 140.172.17.23
edge-rev.lb.noaa.gov. 28 IN A 129.15.96.23
edge-rev.lb.noaa.gov. 28 IN A 140.90.33.23
edge-rev.lb.noaa.gov. 28 IN A 140.90.200.23
I suppose I could resort to hard-coded nameservers, but I'm not sure how to do that without resorting to fully static interface definition & I'd prefer to have the Linode nameservers work.
Thoughts?
I'm new to Linode.com -- are their nameservers generally this bad?[/u]
--
- Peter |
|
| Back to top |
|
vonskippy
Joined: 27 Dec 2009
Posts: 469
Location: Colorado, USA
|
| Posted: Wed Jul 06, 2011 1:32 am Post subject: |
|
|
Edit /etc/dhcp3/dhclient.conf
Code: supersede domain-name-servers 8.8.8.8, 8.8.4.4;
There's plenty of good trouble free nameservers in the world, use which ever ones work best for you. |
|
| Back to top |
|
jgc
Joined: 06 Jul 2011
Posts: 2
|
| Posted: Wed Jul 06, 2011 4:32 am Post subject: |
|
|
I have the same problem with ftp.ncep.noaa.gov
It is the first time I have noticed the failure. I wonder if you've found a good solution.
vonskippy,
I couldn't locate
/etc/dhcp3/dhclient.conf
so I modified /etc/resolv.conf
to add
nameserver 8.8.8.8
nameserver 8.8.4.4
It seems to be working fine now.
Hoverver, I've just seen that /etc/resolv.conf is generated by a script
Code:
$ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search members.linode.com
nameserver 8.8.8.8
nameserver 8.8.4.4
Will that be modified without warning?, is there a way of preventing further modifications?
Thanks |
|
| Back to top |
|
hoopycat
Joined: 30 Aug 2008
Posts: 1294
Location: Rochester, New York
|
| Posted: Wed Jul 06, 2011 7:00 am Post subject: |
|
|
| It might be worth opening a ticket so the Linode folks can take a look at it and perhaps fix it... |
|
| Back to top |
|
pbuckner
Joined: 06 Jul 2011
Posts: 3
|
| Posted: Wed Jul 06, 2011 10:04 am Post subject: |
|
|
(the nameservers are working at the moment, so it's difficult to debug. I've also opened a ticket with Linode.)
I note that google's NS 8.8.8.8 doesn't return an "AUTHORITY SECTION" in response to dig, but linode's response does:
Code:
$ dig ftp.ncep.noaa.gov
; <<>> DiG 9.7.3 <<>> ftp.ncep.noaa.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45006
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 0
;; QUESTION SECTION:
;ftp.ncep.noaa.gov. IN A
;; ANSWER SECTION:
ftp.ncep.noaa.gov. 19105 IN CNAME ftp-ftpprd-woc.lb.noaa.gov.
ftp-ftpprd-woc.lb.noaa.gov. 30 IN A 140.90.33.41
ftp-ftpprd-woc.lb.noaa.gov. 30 IN A 140.90.33.31
;; AUTHORITY SECTION:
lb.noaa.gov. 86400 IN NS ns-e.noaa.gov.
lb.noaa.gov. 86400 IN NS ns-nw.noaa.gov.
lb.noaa.gov. 86400 IN NS ns-mw.noaa.gov.
;; Query time: 97 msec
;; SERVER: 74.207.242.5#53(74.207.242.5)
;; WHEN: Wed Jul 6 07:45:38 2011
;; MSG SIZE rcvd: 158
Google's the same, but without AUTHORITY:
Code:
$ dig @8.8.8.8 ftp.ncep.noaa.gov
; <<>> DiG 9.7.3 <<>> @8.8.8.8 ftp.ncep.noaa.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30640
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ftp.ncep.noaa.gov. IN A
;; ANSWER SECTION:
ftp.ncep.noaa.gov. 69660 IN CNAME ftp-ftpprd-woc.lb.noaa.gov.
ftp-ftpprd-woc.lb.noaa.gov. 30 IN A 140.90.33.41
ftp-ftpprd-woc.lb.noaa.gov. 30 IN A 140.90.33.31
;; Query time: 98 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 6 07:49:17 2011
;; MSG SIZE rcvd: 99
Note sure if that means anything, but it's a difference!
-Peter |
|
| Back to top |
|
pbuckner
Joined: 06 Jul 2011
Posts: 3
|
| Posted: Wed Jul 06, 2011 3:23 pm Post subject: |
|
|
Support suggests the problem is with DNSSEC issues on .gov domains (i.e., some .gov domain's configuration isn't fully correct). Other resolvers, which don't verify the DNSSEC signatures won't see the name resolution problem.
Will continue to monitor. |
|
| Back to top |
|
jgc
Joined: 06 Jul 2011
Posts: 2
|
| Posted: Thu Jul 07, 2011 5:10 am Post subject: |
|
|
Thanks for following it up.
j. |
|
| Back to top |
|
| |
|