Linux Archive - Weird DNS issue with a specific web site with Fedora 12 (Temporary failure in name resolution?)

Linux Archive (http://www.linux-archive.org/)

- Fedora User (http://www.linux-archive.org/fedora-user/)

- - Weird DNS issue with a specific web site with Fedora 12 (Temporary failure in name resolution?) (http://www.linux-archive.org/fedora-user/322987-weird-dns-issue-specific-web-site-fedora-12-temporary-failure-name-resolution.html)

Weird DNS issue with a specific web site with Fedora 12 (Temporary failure in name resolution?)

First, you can try ping the IP of the host
As you can require IP address from DNS, that is not represent the IP(host) is activing.

2010/2/9 Tim Long <timwarm@gmail.com>

Hi,

I recently upgraded my work computer to *Fedora 12 and I am having a

weird DNS issue for an internal website in my organization.

Performing a dig/nslookup for the web site returns a IP address but

trying to contact via a web browser/wget/telnet fails with a DNS error

(the actually web site and IP numbers are scrubbed)

-----

~]$ nslookup www.site.com

Server: * * * * ###.###.###.###

Address: * * * *###.###.###.####53

Non-authoritative answer:

Name: * www.site.com

Address: ***.***.***.***

*~]$ telnet www.site.com 80

telnet: www.site.com: Temporary failure in name resolution

www.site.com: Host name lookup failure

----

Everyone in our organization who has upgraded to Fedora 12 and is

running networking via DHCP has this issue. People with static IP

addresses don't have a problem. This issue seems to be specific to

only this server in the organization and did not occur with earlier

versions of Fedora. Also the nsswitch.conf files are stock standard

and haven't changed.

We have done investigation and the issue might be related to the fact

that our main DNS servers are windows boxes. When we override the DNS

setting and point it at a pirate Unix (read stable!) DNS server in the

problem goes away. Another work around that has been found is to run

dnsmasq on the Fedora workstations. The problem is that these

workarounds is that they the break dynamic DNS system we have to run.

Can anyone offer some help? Even some pointers to where to start

digging/debugging would be helpful because we are all stumped.

Thanks,

Tim Long.

If it helps I have included the full output from dig for reference

Querying the Window DNS server gives something like:

; <<>> DiG 9.6.1-P3-RedHat-9.6.1-16.P3.fc12 <<>> ###.###.###.###

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24111

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;###.###.###.###. * * * * * * * * * * * IN * * *A

;; ANSWER SECTION:

###.###.###.###. * * * * * * * *11 * * *IN * * *A * * * ***.***.***.***

;; Query time: 0 msec

;; SERVER: ***.***.***.***#53(***.***.***.***)

;; WHEN: Tue Feb *9 17:27:18 2010

;; MSG SIZE *rcvd: 48

Querying the pirate DNS server returns:

; <<>> DiG 9.6.1-P3-RedHat-9.6.1-16.P3.fc12 <<>> @134.178.6.5 ###.###.###.###

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54136

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;###.###.###.###. * * * * * * * * * * * IN * * *A

;; ANSWER SECTION:

###.###.###.###. * * * * * * * *9 * * * IN * * *A * * * ***.***.***.***

;; AUTHORITY SECTION:

###.###.###.###. * * * * * * * *600 * * IN * * *NS * * ****.***.***.***.

###.###.###.###. * * * * * * * *600 * * IN * * *NS * * ****.***.***.***.

;; ADDITIONAL SECTION:

###.###.###.###. 600 * *IN * * *A * * * ***.***.***.***

###.###.###.###. 600 * *IN * * *A * * * ***.***.***.***

;; Query time: 1 msec

;; SERVER: ***.***.***.***#53(***.***.***.***)

;; WHEN: Tue Feb *9 17:39:11 2010

;; MSG SIZE *rcvd: 136

--

users mailing list

users@lists.fedoraproject.org

To unsubscribe or change subscription options:

https://admin.fedoraproject.org/mailman/listinfo/users

Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

--
Best Regards
August

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Weird DNS issue with a specific web site with Fedora 12 (Temporary failure in name resolution?)

On Tue, Feb 9, 2010 at 6:53 PM, August <tan.august@gmail.com> wrote:
> First, you can try ping the IP of the host
> As you can require IP address from DNS, that is not represent the IP(host)
> is activing.
>

Pinging the host is disabled by the firewall. I am almost certain
there is no connectivty problem between me and the host as I can
connect via the tcp if I specify the IP address:
=====
[timl@timl ~]$ nslookup www.bom.gov.au
Server: 134.178.14.1
Address: 134.178.14.1#53

Non-authoritative answer:
Name: www.bom.gov.au
Address: 210.8.42.125

[timl@timl ~]$ telnet 210.8.42.125 80
Trying 210.8.42.125...
Connected to 210.8.42.125.
Escape character is '^]'.
=====
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Weird DNS issue with a specific web site with Fedora 12 (Temporary failure in name resolution?)

On Tue, Feb 9, 2010 at 7:16 PM, Tim <ignored_mailbox@yahoo.com.au> wrote:

>
> Wild guess: *Look at your resolv.conf files.

It is very simple (I think):

; generated by /sbin/dhclient-script
search bom.gov.au
nameserver 134.178.14.1
nameserver 134.178.14.3

> But, with the amount of blanking out of details in your reports, they're
> next to useless for anyone to diagnose anything with. *Have a look at
> your message headers, if you see the same addresses as you've been
> hiding, then there's no point hiding them. *Post your error reports with
> the real addresses showing.
>

The full dig messages (querying windows server followed by unix server):
====
[timl@timl ~]$ dig www.bom.gov.au

; <<>> DiG 9.6.1-P3-RedHat-9.6.1-16.P3.fc12 <<>> www.bom.gov.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15815
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.bom.gov.au. IN A

;; ANSWER SECTION:
www.bom.gov.au. 14 IN A 210.8.42.125

;; Query time: 0 msec
;; SERVER: 134.178.14.1#53(134.178.14.1)
;; WHEN: Wed Feb 10 09:47:54 2010
;; MSG SIZE rcvd: 48

[timl@timl ~]$ dig @134.178.6.5 www.bom.gov.au

; <<>> DiG 9.6.1-P3-RedHat-9.6.1-16.P3.fc12 <<>> @134.178.6.5 www.bom.gov.au
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33002
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.bom.gov.au. IN A

;; ANSWER SECTION:
www.bom.gov.au. 13 IN A 210.8.42.125

;; AUTHORITY SECTION:
www.bom.gov.au. 600 IN NS bom-aapt-scss.bom.gov.au.
www.bom.gov.au. 600 IN NS bom-aapt-pcss.bom.gov.au.

;; ADDITIONAL SECTION:
bom-aapt-pcss.bom.gov.au. 600 IN A 210.8.186.42
bom-aapt-scss.bom.gov.au. 600 IN A 210.8.42.106

;; Query time: 1 msec
;; SERVER: 134.178.6.5#53(134.178.6.5)
;; WHEN: Wed Feb 10 09:48:47 2010
;; MSG SIZE rcvd: 136
===

>> work around that has been found is to run dnsmasq on the Fedora
>> workstations.
>
> Isn't that the kludge suggested for IPv6 problems? *(I can't remember.)
> If so, look into either getting IPv6 working properly, or *completely*
> disabled.

I have heard that dnsmasq has been used as work around bad DNS
resolvers inside ADSL modems that don't handle queries for AAAA
records properly.

The workstations in question don't seem to have this issue. IPv6 is
enabled but there are no v6 gateways/routers on the network so they
only have link-local addresses.

Tim.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Weird DNS issue with a specific web site with Fedora 12 (Temporary failure in name resolution?)

try telnet IP of www.site.com

2010/2/10 Tim Long <timwarm@gmail.com>

On Tue, Feb 9, 2010 at 6:53 PM, August <tan.august@gmail.com> wrote:

> First, you can try ping the IP of the host

> As you can require IP address from DNS, that is not represent the IP(host)

> is activing.

>

Pinging the host is disabled by the firewall. I am almost certain

there is no connectivty problem between me and the host as I can

connect via the tcp if I specify the IP address:

=====

[timl@timl ~]$ nslookup www.bom.gov.au

Server: * * * * 134.178.14.1

Address: * * * *134.178.14.1#53

Non-authoritative answer:

Name: * www.bom.gov.au

Address: 210.8.42.125

[timl@timl ~]$ telnet 210.8.42.125 80

Trying 210.8.42.125...

Connected to 210.8.42.125.

Escape character is '^]'.

=====

--

users mailing list

users@lists.fedoraproject.org

To unsubscribe or change subscription options:

https://admin.fedoraproject.org/mailman/listinfo/users

Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

--
Best Regards
August

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Weird DNS issue with a specific web site with Fedora 12 (Temporary failure in name resolution?)

Hi all,

Digging around I think the issue is a bug in Fedora 12.

I wrote some C code that performs the DNS lookup by two different
system calls: gethostbyname2 and getaddrinfo. the later system call
always returns the error message 'Temporary failure in name
resolution'.

Running the code on my computer:
====
$ ./testDNS www.bom.gov.au
Getting DNS info for host: www.bom.gov.au
Trying gethostbyname
hosent details:
h_name: www.bom.gov.au
h_aliases:

h_addrtype: 2
h_length:4
h_addr_list:
210.8.42.125

Trying getaddrinfo
Error returned by getaddrinfo: Temporary failure in name resolution
====

I have run the same program on a RHEL4 and RHEL5 computers that are
configured with the same windows DNS servers of our organization and
they are both able to resolve the address with getaddrinfo
successfully.

If anyone would like to see the test C code program I am happy to send it.

All in all a very weird problem.

Tim.

On Wed, Feb 10, 2010 at 9:57 AM, Tim Long <timwarm@gmail.com> wrote:
>
> On Tue, Feb 9, 2010 at 7:16 PM, Tim <ignored_mailbox@yahoo.com.au> wrote:
>
> >
> > Wild guess: *Look at your resolv.conf files.
>
> It is very simple (I think):
>
> ; generated by /sbin/dhclient-script
> search bom.gov.au
> nameserver 134.178.14.1
> nameserver 134.178.14.3
>
>
>
> > But, with the amount of blanking out of details in your reports, they're
> > next to useless for anyone to diagnose anything with. *Have a look at
> > your message headers, if you see the same addresses as you've been
> > hiding, then there's no point hiding them. *Post your error reports with
> > the real addresses showing.
> >
>
> The full dig messages (querying windows server followed by unix server):
> ====
> [timl@timl ~]$ dig www.bom.gov.au
>
> ; <<>> DiG 9.6.1-P3-RedHat-9.6.1-16.P3.fc12 <<>> www.bom.gov.au
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15815
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.bom.gov.au. * * * * * * * * * * * *IN * * *A
>
> ;; ANSWER SECTION:
> www.bom.gov.au. * * * * 14 * * *IN * * *A * * * 210.8.42.125
>
> ;; Query time: 0 msec
> ;; SERVER: 134.178.14.1#53(134.178.14.1)
> ;; WHEN: Wed Feb 10 09:47:54 2010
> ;; MSG SIZE *rcvd: 48
>
> [timl@timl ~]$ dig @134.178.6.5 www.bom.gov.au
>
> ; <<>> DiG 9.6.1-P3-RedHat-9.6.1-16.P3.fc12 <<>> @134.178.6.5 www.bom.gov.au
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33002
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;www.bom.gov.au. * * * * * * * * * * * *IN * * *A
>
> ;; ANSWER SECTION:
> www.bom.gov.au. * * * * 13 * * *IN * * *A * * * 210.8.42.125
>
> ;; AUTHORITY SECTION:
> www.bom.gov.au. * * * * 600 * * IN * * *NS * * *bom-aapt-scss.bom.gov.au.
> www.bom.gov.au. * * * * 600 * * IN * * *NS * * *bom-aapt-pcss.bom.gov.au.
>
> ;; ADDITIONAL SECTION:
> bom-aapt-pcss.bom.gov.au. 600 * IN * * *A * * * 210.8.186.42
> bom-aapt-scss.bom.gov.au. 600 * IN * * *A * * * 210.8.42.106
>
> ;; Query time: 1 msec
> ;; SERVER: 134.178.6.5#53(134.178.6.5)
> ;; WHEN: Wed Feb 10 09:48:47 2010
> ;; MSG SIZE *rcvd: 136
> ===
>
> >> work around that has been found is to run dnsmasq on the Fedora
> >> workstations.
> >
> > Isn't that the kludge suggested for IPv6 problems? *(I can't remember.)
> > If so, look into either getting IPv6 working properly, or *completely*
> > disabled.
>
> I have heard that dnsmasq has been used as *work around bad DNS
> resolvers inside ADSL modems that don't handle queries for AAAA
> records properly.
>
> The workstations in question don't seem to have this issue. IPv6 is
> enabled but there are no v6 gateways/routers on the network so they
> only have link-local addresses.
>
> Tim.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines