Home

Results 1 to 10 of 10

Thread: Possible dns issue

Hybrid View

  1. #1
    Stevo NNTP User

    Possible dns issue

    Our elections dept has issues connecting to the site they need for
    keeping their records. Seems like it takes 3 or 4 times of them trying
    to login before they can connect.

    We have our content filtering device set to never scan port 80 & 443
    traffic to/from this site & outbound traffic is allowed on port 443
    thru our firewall.

    If I try to do an NSLOOKUP for the site (www.wyoreg.gov), I get a
    response back from our isp's dns server w/ the following:

    Non-authoritative answer:
    Name: www.wyoreg.gov.CCGOV.NET
    Address: 216.24.138.161

    What gives? Why would our domain be appended to the end of the domain
    I'm looking up?

    Wondering if this has something to do w/ our inability to connect on a
    regular basis.

    --
    Stevo

  2. #2

    Re: Possible dns issue

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Running `dig www.wyoreg.gov` over and over on my system gets me consistent
    results back as shown below:

    <quote>
    ; <<>> DiG 9.5.0-P2 <<>> www.wyoreg.gov
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5359
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;www.wyoreg.gov. IN A

    ;; ANSWER SECTION:
    www.wyoreg.gov. 3594 IN CNAME www.gslb.wyoreg.gov.
    www.gslb.wyoreg.gov. 4 IN A 208.18.254.37

    ;; AUTHORITY SECTION:
    gslb.wyoreg.gov. 3594 IN NS wyvr2ns1.gslb.wyoreg.gov.
    gslb.wyoreg.gov. 3594 IN NS wyvr1ns1.gslb.wyoreg.gov.

    ;; Query time: 0 msec
    ;; SERVER: 137.65.1.2#53(137.65.1.2)
    ;; WHEN: Mon Nov 2 14:44:40 2009
    ;; MSG SIZE rcvd: 117
    </quote>

    If you are not getting that result back consistently then it would appear
    your DNS server is a bit insane. Perhaps it can't find the answer for
    some odd reason and so it appends your search base on there ('COGOV.NET'
    I'm guessing) and then just returns your DNS server or something else
    default as a result. Anyway, wild guesses but DNS resolution for me (for
    that domain) is working quickly and reliably.

    Good luck.





    Stevo wrote:
    > Our elections dept has issues connecting to the site they need for
    > keeping their records. Seems like it takes 3 or 4 times of them trying
    > to login before they can connect.
    >
    > We have our content filtering device set to never scan port 80 & 443
    > traffic to/from this site & outbound traffic is allowed on port 443
    > thru our firewall.
    >
    > If I try to do an NSLOOKUP for the site (www.wyoreg.gov), I get a
    > response back from our isp's dns server w/ the following:
    >
    > Non-authoritative answer:
    > Name: www.wyoreg.gov.CCGOV.NET
    > Address: 216.24.138.161
    >
    > What gives? Why would our domain be appended to the end of the domain
    > I'm looking up?
    >
    > Wondering if this has something to do w/ our inability to connect on a
    > regular basis.
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJK71PCAAoJEF+XTK08PnB5Of0QAIDyHIjfdb 23iLG5Mt5dsTnj
    YiTEW5gr/3ePEGbLjKHMyDiB7YUkjgV0JvKWdZoRGv9LnYlsKq/1jzbihJue0h6k
    QhRcCgM+Vr2NEAABIHdFeWSo5WmWR5//OITKSukajBUaAnSaWOPYB0i6znqY5O4o
    mzPVyyepiGzqfNoN1jFj3eY/eSGzbCHadhU7MxL82IC3YYKMHeHdCVuFt16cVTV+
    Cv/oJdTX4bIA/RFlMEIdORsE7bHJ7McuhK658id2AmrUm7p23HTd8hqmw/3Lb9ZB
    LuT7Zid7rUh4FSyijgwc6s10VyV3IlfNg+eW9CWKVnrwr6KtHV IOLwtsGtmdtZLH
    wgh9USms3bU5FsWIfnVF7VHsdw2JlDK3pUaxS/95famwUDmIwL6X0xSL0j6GR19O
    /b5M1vRj/2UFXgRKtmkpZz4dCYaYwcKR09rln2NK+lbyF6tGvp+F57NoMrd SGLba
    c9URKWGesLpEW4mSUZfhgd3wib9xwu0+/auDtShZ7R4qiDniMyWTbt7PDY5OP8UV
    gopo5OnfbnFBZpKmkxXFIXq1zQrn3d/9QzkOGClHzng8FynHYTs+L15EEx9m97GL
    1u99VFd0986tMo1HidI4SESspECtBDw9f1MfprEgq131NoWVT5 n/Nm6UZSV491fo
    6R6cvl50es91tBmAKVMc
    =mF51
    -----END PGP SIGNATURE-----

  3. #3
    Craig NNTP User

    Re: Possible dns issue

    I haven't thoroughly read your question but it sounds like a dns suffix is
    appending?

    Does the workstation in question have a DNS suffix?
    "Stevo" <steveSPAM@LESSccgov.net> wrote in message
    news:MgIHm.2317$cC1.1522@kovat.provo.novell.com...
    > Our elections dept has issues connecting to the site they need for
    > keeping their records. Seems like it takes 3 or 4 times of them trying
    > to login before they can connect.
    >
    > We have our content filtering device set to never scan port 80 & 443
    > traffic to/from this site & outbound traffic is allowed on port 443
    > thru our firewall.
    >
    > If I try to do an NSLOOKUP for the site (www.wyoreg.gov), I get a
    > response back from our isp's dns server w/ the following:
    >
    > Non-authoritative answer:
    > Name: www.wyoreg.gov.CCGOV.NET
    > Address: 216.24.138.161
    >
    > What gives? Why would our domain be appended to the end of the domain
    > I'm looking up?
    >
    > Wondering if this has something to do w/ our inability to connect on a
    > regular basis.
    >
    > --
    > Stevo




  4. #4
    Stevo NNTP User

    Re: Possible dns issue

    I think I heard Craig say something like:

    > I haven't thoroughly read your question but it sounds like a dns
    > suffix is appending?
    >
    > Does the workstation in question have a DNS suffix?


    Yes, trying it from my machine which gets all its dns stuff from our
    dhcp server, has a suffix of ccgov.net

    --
    Stevo

  5. #5
    Craig NNTP User

    Re: Possible dns issue

    So....is that the problem then?
    "Stevo" <steveSPAM@LESSccgov.net> wrote in message
    news:2iJHm.2366$cC1.390@kovat.provo.novell.com...
    >I think I heard Craig say something like:
    >
    >> I haven't thoroughly read your question but it sounds like a dns
    >> suffix is appending?
    >>
    >> Does the workstation in question have a DNS suffix?

    >
    > Yes, trying it from my machine which gets all its dns stuff from our
    > dhcp server, has a suffix of ccgov.net
    >
    > --
    > Stevo




  6. #6
    Stevo NNTP User

    Re: Possible dns issue

    I think I heard Craig say something like:

    > So....is that the problem then?


    Apparently it is, when I put a . at the end of my lookup, seems to
    resolve ok.

    --
    Stevo

  7. #7
    David Howe NNTP User

    Re: Possible dns issue

    Stevo wrote:
    > Our elections dept has issues connecting to the site they need for
    > keeping their records. Seems like it takes 3 or 4 times of them trying
    > to login before they can connect.
    >
    > We have our content filtering device set to never scan port 80 & 443
    > traffic to/from this site & outbound traffic is allowed on port 443
    > thru our firewall.
    >
    > If I try to do an NSLOOKUP for the site (www.wyoreg.gov), I get a
    > response back from our isp's dns server w/ the following:
    >
    > Non-authoritative answer:
    > Name: www.wyoreg.gov.CCGOV.NET
    > Address: 216.24.138.161
    >
    > What gives? Why would our domain be appended to the end of the domain
    > I'm looking up?


    Behavour as designed.

    This is so that, if you are in CCGOV.NET and you have a fileserver
    called "FILES" you can type in "FILES" as a name and get it to look up
    FILES.CCGOV.NET rather than have to type it in full each time.

    the domain suffix is set per machine (although windows has some fancy
    stuff to allow you to tweak what gets looked up) and if looking up
    x.CCGOV.NET fails, then it will try x.NET before trying x

    if you want to specify an absolute DNS name, add a final period to the
    end of it - so www.wyoreg.gov. will *always* be looked up as that, not
    www.wyoreg.gov.ccgov.net or www.wyoreg.gov.net

    main cause of weird resolves though is the presence of a wildcard
    "catchall" record to cause all unknown names to resolve to some server -
    usually either an accelerator (like ichain) or a "subsite not found"
    webserver of some sort.

  8. #8
    Stevo NNTP User

    Re: Possible dns issue

    I think I heard David Howe say something like:

    > Behavour as designed.
    >
    > This is so that, if you are in CCGOV.NET and you have a fileserver
    > called "FILES" you can type in "FILES" as a name and get it to look up
    > FILES.CCGOV.NET rather than have to type it in full each time.
    >
    > the domain suffix is set per machine (although windows has some fancy
    > stuff to allow you to tweak what gets looked up) and if looking up
    > x.CCGOV.NET fails, then it will try x.NET before trying x
    >
    > if you want to specify an absolute DNS name, add a final period to the
    > end of it - so www.wyoreg.gov. will always be looked up as that, not
    > www.wyoreg.gov.ccgov.net or www.wyoreg.gov.net
    >
    > main cause of weird resolves though is the presence of a wildcard
    > "catchall" record to cause all unknown names to resolve to some
    > server - usually either an accelerator (like ichain) or a "subsite
    > not found" webserver of some sort.


    Thanks for clearing that up!

    --
    Stevo

  9. #9
    andrewcarpenter NNTP User

    Re: Possible dns issue

    > "Stevo" <steveSPAM@LESSccgov.net> wrote in message
    > news:MgIHm.2317$cC1.1522@kovat.provo.novell.com...
    >
    > What gives? Why would our domain be appended to
    > the end of the domain I'm looking up?



    As David said, in a lot more word than this:

    Add a full-stop (period) to the end of the query.

    [AZC-1] C:\>NSLOOKUP www.wyoreg.gov.
    Server: dns0.cirencester.ac.uk
    Address: 10.11.0.2

    Non-authoritative answer:
    Name: www.gslb.wyoreg.gov
    Address: 208.18.254.37
    Aliases: www.wyoreg.gov



    --
    AZC



  10. #10
    Stevo NNTP User

    Re: Possible dns issue

    I think I heard Andrew Z Carpenter say something like:

    > As David said, in a lot more word than this:
    >
    > Add a full-stop (period) to the end of the query.


    Thanks!

    --
    Stevo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •