I perform nslookup on a non-local address, say Google. On my machine (running Ubuntu 12.10), I get this as a result:
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: www.google.com
Address: 173.194.37.52
Name: www.google.com
Address: 173.194.37.48
Name: www.google.com
Address: 173.194.37.49
Name: www.google.com
Address: 173.194.37.50
Name: www.google.com
Address: 173.194.37.51
I'm trying to understand this. I assume the list of addresses under "Non-authoritative answer" are all of the possible addresses that google.com is using, but why is it listing my local host information at the top? Also, is nslookup querying a local machine, or only the DNS server?
I was looking at this link to explain nslookup, but it's for Windows and I'm not sure that I understand what they're doing there.
I've also consulted the man pages, but those just tell me how to use nslookup, not any of the "theory" behind it. Would somebody mind explaining exactly where nslookup queries, preferably using an example, in order?
I'd appreciate it.
It queries wherever the appropriate values in /etc/resolv.conf tell it to. In this case it is pointing to the local machine, which is most likely acting as a caching or proxy DNS server. Use netstat to find out which program is listening on port 53.
Related
I set up our custom DNS server in AWS and looks like doing nslookup a dns works fine in forward but if I do nslookup it in reverse like using its IP, it gives me an error as below
** server can't find x.x.x.x.in-addr.arpa: NXDOMAIN
I can do nslookup any other public dns and IP back and forth but can't do nslookup a IP for some reason.
FYI, I used an internal IP to set this up.
Could you please give me any suggestions to resolve this?
Thanks,
I have a strange DNS error when attempting to access the domain rrrr.com. I have called to my ISP technical support, but they said they would call back and have not.
The domain is not accessible, but all the records and servers are correct.
nslookup rrrrr.com 167.206.10.179
Server: 167.206.10.179
Address: 167.206.10.179#53
** server can't find rrrrr.com: SERVFAIL
Where 167.206.10.178 and 167.206.10.179 are my ISP DNS servers.
Using OpenDNS:
nslookup rrrrr.com
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: rrrrrr.com
Address: 54.88.87.161
Is there any way that I can debug this? It has been going on several days.
The question is not resolved absolutely, but the problem appears to be with the GoDaddy DNS Servers. The problem appeared to be continuously growing and their technical support denied that anything was wrong - "appears to be a localized issue with some ISPs".
So I added for now backup DNS with Namecheap.com
Also useful is this post:
http://rscott.org/dns/GoDaddy_Selective_DNS_Blackouts.htm
I have a primary and secondary domain controller that we use as our DNS servers. Users are getting mixed results with accessing websites. Some work fine, others are giving an error:
Network Access Message: The website cannot be found
Explanation: An IP address for the website you requested could not be found.
As a result, it was not possible to access the site.
For example, mcmaster.com will not work. If I run nslookup from the primary DC:
C:\Users\Administrator>nslookup mcmaster.com
Server: dc.mydomain.local
Address: 10.1.1.35
Non-authoritative answer:
Name: mcmaster.com
Address: 209.64.25.230
All looks well, but when I run nslookup with www. prepended to the address:
C:\Users\Administrator>nslookup www.mcmaster.com
Server: dc.mydomain.local
Address: 10.1.1.35
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to dc.mydomain.local timed-out
Running nslookup www.mcmaster.com from the DC gives a different error:
*** backupdc.mydomain.local can't find www.mcmaster.com: Server failed
I think that mcmaster.com resolves to www.mcmaster.com, which results in the user not being able to access the site. Any ideas how I can troubleshoot this?
I ran an nslookup from my system at work and got the following response:
Server: WHATEVER
Address: xxx.xxx.xxx.xxx
Non-authoritative answer:
Name: mcmaster.com
Address: 209.64.25.230
Server: whatever
Address: xxx.xxx.xxx.xxx
Non-authoritative answer:
Name: a1843.b.akamai.net
Addresses: 23.66.232.17
23.66.232.26
Aliases: www.mcmaster.com
www.mcmaster.com.edgesuite.net
My initial thought was whoever owns DNS for Mcmaster simply didn't have www as a valid response. I know I forward requests to www.whateverdomainirun.com to whateverdomainirun.com, but, seeing different DNS for the two surprised me.
When I navigate to http://mcmaster.com I get forwarded to the www. When I run a tracert on mcmaster.com it fails with Destination net unreachable. It looks to me like this company has put their site in Akamai's hands and either that's recent so your local DNS servers haven't updated and you could try flushing the cache and doing it again, or, in some way you're blocking requests to Akamai for some reason on your firewall.
Best and quick guess for you and it may be wildly wrong :).
I have configured a set of DNS records at a new DNS provider. The configuration is complex, with load-balancing, SSL, etc, there are things that could go wrong.
I want to test this configuration before changing the namespace records at registrar.
Is there any way to locally provide my machine with the new nameserver for the domain?
Are there any tools that might help with this?
Please note: I don't want to just update the A records (e.g. in /etc/hosts) - I want to specifically check the nameserver is returning the A and CNAME records.
If you're on a *nix system, you should be able to use either nslookup or dig. With both of those commands you can specify what server you would like to query. Simply use your new nameserver as the server. With dig, the query would look something like
dig #<your-nameserver> <hostname-to-look-up>
So, if you wanted to query google's public dns server and ask it about the address www.google.com, you'd use
dig #8.8.8.8 www.google.com
which, amongst other things, would tell you that www.google.com is an alias for www.l.google.com -- and then would give you a bunch of IP address (A records) for that name.
For both Windows and my remote Linux(CentOS) servers I use nslookup tool which works on both platforms:
nslookup new-sub.domain.com 8.8.8.8
// and for more details:
nslookup -debug new-sub.domain.com 8.8.8.8
I installed Virtualmin GPL on CentOS 6.2. The hostname of the machine is srv01.[mydomain.tld] (where [mydomain.td] is an actual registered domain). On the server I have only 1 IP, so I assigned it to both ns1.[mydomain.tld] and ns2.[mydomain.tld]. After this I updated the nameserver details for my domain on the domain registrar and pointed both ns1 and ns2 to the IP of the server.
The first issue I received was BIND-chroot issue, and after searching on the net, I removed BIND from chroot and BIND started. At this stage I was sure that everything will work normal, so I created a virtual server for [mydomain.tld]. At this point, I was sure that I can now access my site using the domain name.
So I opened network-tools.com and tried to perform a tracert for [mydomain.tld] but it failed to resolve the domain name and following are the details from the page:
Retrieving DNS records for [mydomain.tld]...
DNS servers
ns1.[mydomain.tld] [1.2.3.4]
Query for DNS records for [mydomain.tld] failed: Timed out
Whois query for [mydomain.tld]...
I tried to ping srv01.[mydomain.tld] and failed. Then I tried to ping ns1.[mydomain.tld] and it worked. My first guess was that maybe the NS on my server isn’t working, so I SSHed and performed nslookup google.com:
$ nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 173.194.33.39
I think that the NS is working properly on my server. After this, I performed:
$ nslookup [mydomain.tld]
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: [mydomain.tld]
Address: IP
It looks like the server is resolving the name properly locally, but not working on the Internet. I also checked all the Zone records for [mydomain.tld] and it contains the following records:
[mydomain.tld]. -- NS -- ns1.[mydomain.tld].
[mydomain.tld]. -- NS -- ns2.[mydomain.tld].
[mydomain.tld]. -- A -- IP
www.[mydomain.tld]. -- A -- IP
ns1.[mydomain.tld]. -- A -- IP
ns2.[mydomain.tld]. -- A -- IP
plus A records for subdomains ftp.[mydomain.tld], m.[mydomain.tld], localhost.[mydomain.tld], webmail.[mydomain.tld], admin.[mydomain.tld] and mail.[mydomain.tld] pointing to the server’s IP, plus MX and SPF records.
To troubleshoot it from the beginning to the end, do the following
Find address of your TLD nameservers: dig TLD NS
Find how your domain authoritative nameservers configured in the TLD: dig #[one-of-tld-nameservers] [mydomain.tld] NS. You expect to get your authoritative servers: ns1.[mydomain.tld] and ns2.[mydomain.tld] and their IP addresses (which are both pointing to your single IP). If this is NOT what you get, your problem is that you did not register your authoritative servers with your registrar.
Query your server: dig #[your IP] www.[mydomain.tld] if you request times-out, port 53 on your server is unreachable for some reason. Since it IS reachable locally, it could be firewall or NAT issue.
Now to various specifics of your question:
I tried to ping srv01.[mydomain.tld] and failed...
In the zone records in your post I don't see a record for srv01. Ping will not be able to resolve srv01 without appropriate DNS record.
Timed out Whois query for [mydomain.tld]...
Whois have nothing to do with DNS resolution, I presume it's DNS and not Whois. It seems that the nameserver defined as authoritative for mydomain.tld is not accessible.
I tried to ping ns1.[mydomain.tld] and VOLA it worked
I'm not sure, but possibly your DNS resolver knows the address ns1.[mydomain.tld] from TLD nameservers, and NOT from authoritative nameserver (also I'm not sure whether it's correct behavior or not).
Conlusion: my best guess is that port 53 of your server is not accessible from the internet.