Re: DNS failing, is TCP the answer?

>
> /etc/resolv.conf
> --------------------------
> nameserver 212.104.130.9 # ISP nameserver 1
> nameserver 212.104.130.65 # ISP nameserver 2
> nameserver 172.16.1.1 # Vigor 2600We Router
>

I don't see a "domain" entry in your resolv.conf.

domain mysite.com # My domain


Not sure if that would create the problem you have.

I usually have a domain entry but in my last round of troubleshooting
I
had removed it and forgotten to put it back :-)

In any case the problems exists with and without the domain entry.

I guess the question I am really asking the forum is, How can I force

Suse to use TCP instead of UDP for its DNS queries?



GofBorg wrote:
>>/etc/resolv.conf
>>--------------------------
>>nameserver 212.104.130.9 # ISP nameserver 1
>>nameserver 212.104.130.65 # ISP nameserver 2
>>nameserver 172.16.1.1 # Vigor 2600We Router
>>
>
>
> I don't see a "domain" entry in your resolv.conf.
>
> domain mysite.com # My domain
>
>
> Not sure if that would create the problem you have.

Daniel de Vries wrote:
> I usually have a domain entry but in my last round of
troubleshooting I
> had removed it and forgotten to put it back :-)
>
> In any case the problems exists with and without the domain entry.
>
> I guess the question I am really asking the forum is, How can I
force
> Suse to use TCP instead of UDP for its DNS queries?
>
>
>
> GofBorg wrote:
>
>>> /etc/resolv.conf
>>> --------------------------
>>> nameserver 212.104.130.9 # ISP nameserver 1
>>> nameserver 212.104.130.65 # ISP nameserver 2
>>> nameserver 172.16.1.1 # Vigor 2600We Router
>>>
>>
>>
>> I don't see a "domain" entry in your resolv.conf.
>>
>> domain mysite.com # My domain
>>
>>
>> Not sure if that would create the problem you have.

When a lookup fails, how is the lookup done? Can you do a

dig www.ibm.com @212.104.130.9

for example?

Issuing the command...

> dig www.ibm.com @212.104.130.9

gives...

------------------
; <<>> DiG 9.3.1 <<>> www.ibm.com @212.104.130.9
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
------------------

and the following log entry is sent from router to syslog...

------------------
Mar 23 20:07:11 router Vigor: Directed ARP request - ARP request
directly directed to a host (not broadcasted)
------------------

The request definitely hits the router, after that I'm not sure.

As I said previously, using 'host' instead of 'dig' fails in the same

way, except when I use the '-T' option forcing it to use TCP/IP
instead
of the default UDP. Checking the man pages for dig I couldn't see an equivalent option.




Timothy J. Bogart wrote:
> Daniel de Vries wrote:
>
>> I usually have a domain entry but in my last round of
troubleshooting
>> I had removed it and forgotten to put it back :-)
>>
>> In any case the problems exists with and without the domain entry.>>
>> I guess the question I am really asking the forum is, How can I
force
>> Suse to use TCP instead of UDP for its DNS queries?
>>
>>
>>
>> GofBorg wrote:
>>
>>>> /etc/resolv.conf
>>>> --------------------------
>>>> nameserver 212.104.130.9 # ISP nameserver 1
>>>> nameserver 212.104.130.65 # ISP nameserver 2
>>>> nameserver 172.16.1.1 # Vigor 2600We Router
>>>>
>>>
>>>
>>> I don't see a "domain" entry in your resolv.conf.
>>>
>>> domain mysite.com # My domain
>>>
>>>
>>> Not sure if that would create the problem you have.
>
>
> When a lookup fails, how is the lookup done? Can you do a
>
> dig www.ibm.com @212.104.130.9
>
> for example?

Daniel de Vries wrote:

> Timothy J. Bogart wrote:
>
>> Daniel de Vries wrote:
>>
>>> I usually have a domain entry but in my last round of
troubleshooting
>>> I had removed it and forgotten to put it back :-)
>>>
>>> In any case the problems exists with and without the domain entry.

>>>
>>> I guess the question I am really asking the forum is, How can I
force
>>> Suse to use TCP instead of UDP for its DNS queries?
>>>
>>>
>>>
>>> GofBorg wrote:
>>>
>>>>> /etc/resolv.conf
>>>>> --------------------------
>>>>> nameserver 212.104.130.9 # ISP nameserver 1
>>>>> nameserver 212.104.130.65 # ISP nameserver 2
>>>>> nameserver 172.16.1.1 # Vigor 2600We Router
>>>>>
>>>>
>>>>
>>>> I don't see a "domain" entry in your resolv.conf.
>>>>
>>>> domain mysite.com # My domain
>>>>
>>>>
>>>> Not sure if that would create the problem you have.
>>
>>
>>
>> When a lookup fails, how is the lookup done? Can you do a
>>
>> dig www.ibm.com @212.104.130.9
>>
>> for example?
> Issuing the command...
>
> > dig www.ibm.com @212.104.130.9
>
> gives...
>
> ------------------
> ; <<>> DiG 9.3.1 <<>> www.ibm.com @212.104.130.9
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
> ------------------
>
> and the following log entry is sent from router to syslog...
>
> ------------------
> Mar 23 20:07:11 router Vigor: Directed ARP request - ARP request
> directly directed to a host (not broadcasted)
> ------------------
>
> The request definitely hits the router, after that I'm not sure.
>
> As I said previously, using 'host' instead of 'dig' fails in the
same
> way, except when I use the '-T' option forcing it to use TCP/IP
instead
> of the default UDP. Checking the man pages for dig I couldn't see
an
> equivalent option.
>
>
>
>

Hmm, I had missed the -T discussion, sorry.

In my case, a certain internet cafe just stops responding to DNS
requests, but a ping (default ping, UDP) works to the DNS server.
Then
it just comes back and is fine - then may or may not mysteriously drop

out. I don't see this other places. Seemingly there are not
complaints
from Windows users, but an OSX (BSD) user confirms the behaviour.

So, I don't see this as a legitimate security thing, since in both
your
case and my case it isn't always blocked. And what ever is broken
tends
to get ignored because 'it works with Windows'.

Frustrating.

Yeah it is a bit of a pickle. I can't help thinking that there is
something I'm missing as surely more people would be complaining of
this
problem?

I read this morning that as of 2000 a certain proprietary operating
system moved to an entirely TCP/IP based DNS implementation which
could
explain why those clients on my network can perform successful lookups

while the Linux hosts fail.

Still stumped...

Daniel


Timothy J. Bogart wrote:
> Daniel de Vries wrote:
>
>> Timothy J. Bogart wrote:
>>
>>> Daniel de Vries wrote:
>>>
>>>> I usually have a domain entry but in my last round of
>>>> troubleshooting I had removed it and forgotten to put it back :-)

>>>>
>>>> In any case the problems exists with and without the domain
entry.
>>>>
>>>> I guess the question I am really asking the forum is, How can I >>>> force Suse to use TCP instead of UDP for its DNS queries?
>>>>
>>>>
>>>>
>>>> GofBorg wrote:
>>>>
>>>>>> /etc/resolv.conf
>>>>>> --------------------------
>>>>>> nameserver 212.104.130.9 # ISP nameserver 1
>>>>>> nameserver 212.104.130.65 # ISP nameserver 2
>>>>>> nameserver 172.16.1.1 # Vigor 2600We Router
>>>>>>
>>>>>
>>>>>
>>>>> I don't see a "domain" entry in your resolv.conf.
>>>>>
>>>>> domain mysite.com # My domain
>>>>>
>>>>>
>>>>> Not sure if that would create the problem you have.
>>>
>>>
>>>
>>>
>>> When a lookup fails, how is the lookup done? Can you do a
>>>
>>> dig www.ibm.com @212.104.130.9
>>>
>>> for example?
>
> > Issuing the command...
> >
> > > dig www.ibm.com @212.104.130.9
> >
> > gives...
> >
> > ------------------
> > ; <<>> DiG 9.3.1 <<>> www.ibm.com @212.104.130.9
> > ; (1 server found)
> > ;; global options: printcmd
> > ;; connection timed out; no servers could be reached
> > ------------------
> >
> > and the following log entry is sent from router to syslog...
> >
> > ------------------
> > Mar 23 20:07:11 router Vigor: Directed ARP request - ARP request> > directly directed to a host (not broadcasted)
> > ------------------
> >
> > The request definitely hits the router, after that I'm not sure.> >
> > As I said previously, using 'host' instead of 'dig' fails in the
same
> > way, except when I use the '-T' option forcing it to use TCP/IP
instead
> > of the default UDP. Checking the man pages for dig I couldn't see
an
> > equivalent option.
> >
> >
> >
> >
>
> Hmm, I had missed the -T discussion, sorry.
>
> In my case, a certain internet cafe just stops responding to DNS
> requests, but a ping (default ping, UDP) works to the DNS server.
Then
> it just comes back and is fine - then may or may not mysteriously
drop
> out. I don't see this other places. Seemingly there are not
complaints
> from Windows users, but an OSX (BSD) user confirms the behaviour.
>
> So, I don't see this as a legitimate security thing, since in both
your
> case and my case it isn't always blocked. And what ever is broken
tends
> to get ignored because 'it works with Windows'.
>
> Frustrating.

I found the 'use tcp' option for dig and as you could have guessed got

the following result:

------------------------------------------
dig +tcp www.ibm.com @212.104.130.9

; <<>> DiG 9.3.1 <<>> +tcp www.ibm.com @212.104.130.9
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17655
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.ibm.com. IN A

;; ANSWER SECTION:
www.ibm.com. 143 IN A 129.42.19.99
www.ibm.com. 143 IN A 129.42.20.99
www.ibm.com. 143 IN A 129.42.21.99
www.ibm.com. 143 IN A 129.42.16.99
www.ibm.com. 143 IN A 129.42.17.99
www.ibm.com. 143 IN A 129.42.18.99

;; Query time: 22 msec
;; SERVER: 212.104.130.9#53(212.104.130.9)
;; WHEN: Thu Mar 24 10:47:32 2005
;; MSG SIZE rcvd: 125
------------------------------------------

So really I'm back to my original question...

"How can I force Linux to use TCP when querying DNS ?"

Daniel



Daniel de Vries wrote:
> Yeah it is a bit of a pickle. I can't help thinking that there is
> something I'm missing as surely more people would be complaining of
this
> problem?
>
> I read this morning that as of 2000 a certain proprietary operating

> system moved to an entirely TCP/IP based DNS implementation which
could
> explain why those clients on my network can perform successful
lookups
> while the Linux hosts fail.
>
> Still stumped...
>
> Daniel
>
>
> Timothy J. Bogart wrote:
>
>> Daniel de Vries wrote:
>>
>>> Timothy J. Bogart wrote:
>>>
>>>> Daniel de Vries wrote:
>>>>
>>>>> I usually have a domain entry but in my last round of
>>>>> troubleshooting I had removed it and forgotten to put it back
:-)
>>>>>
>>>>> In any case the problems exists with and without the domain
entry.
>>>>>
>>>>> I guess the question I am really asking the forum is, How can I

>>>>> force Suse to use TCP instead of UDP for its DNS queries?
>>>>>
>>>>>
>>>>>
>>>>> GofBorg wrote:
>>>>>
>>>>>>> /etc/resolv.conf
>>>>>>> --------------------------
>>>>>>> nameserver 212.104.130.9 # ISP nameserver 1
>>>>>>> nameserver 212.104.130.65 # ISP nameserver 2
>>>>>>> nameserver 172.16.1.1 # Vigor 2600We Router
>>>>>>>
>>>>>>
>>>>>>
>>>>>> I don't see a "domain" entry in your resolv.conf.
>>>>>>
>>>>>> domain mysite.com # My domain
>>>>>>
>>>>>>
>>>>>> Not sure if that would create the problem you have.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> When a lookup fails, how is the lookup done? Can you do a
>>>>
>>>> dig www.ibm.com @212.104.130.9
>>>>
>>>> for example?
>>
>>
>> > Issuing the command...
>> >
>> > > dig www.ibm.com @212.104.130.9
>> >
>> > gives...
>> >
>> > ------------------
>> > ; <<>> DiG 9.3.1 <<>> www.ibm.com @212.104.130.9
>> > ; (1 server found)
>> > ;; global options: printcmd
>> > ;; connection timed out; no servers could be reached
>> > ------------------
>> >
>> > and the following log entry is sent from router to syslog...
>> >
>> > ------------------
>> > Mar 23 20:07:11 router Vigor: Directed ARP request - ARP request

>> > directly directed to a host (not broadcasted)
>> > ------------------
>> >
>> > The request definitely hits the router, after that I'm not sure.

>> >
>> > As I said previously, using 'host' instead of 'dig' fails in the
same
>> > way, except when I use the '-T' option forcing it to use TCP/IP

>> instead
>> > of the default UDP. Checking the man pages for dig I couldn't
see an
>> > equivalent option.
>> >
>> >
>> >
>> >
>>
>> Hmm, I had missed the -T discussion, sorry.
>>
>> In my case, a certain internet cafe just stops responding to DNS
>> requests, but a ping (default ping, UDP) works to the DNS server.

>> Then it just comes back and is fine - then may or may not
mysteriously
>> drop out. I don't see this other places. Seemingly there are not

>> complaints from Windows users, but an OSX (BSD) user confirms the >> behaviour.
>>
>> So, I don't see this as a legitimate security thing, since in both

>> your case and my case it isn't always blocked. And what ever is
>> broken tends to get ignored because 'it works with Windows'.
>>
>> Frustrating.

> So really I'm back to my original question...
>
> "How can I force Linux to use TCP when querying DNS ?"

You wouldn't have a Firewall involved here would you?
Perhaps the SuSE firewall?

I know some firewalls are configured to dump UDP queries.
I ran into this problem myself when working with DNS from
my Linux server. My solution was to open a port for the reverse
UDP transaction. Then all was well. I don't know of a way to force
one protocol over the other.

GofBorg wrote:
>>So really I'm back to my original question...
>>
>>"How can I force Linux to use TCP when querying DNS ?"
>
>
> You wouldn't have a Firewall involved here would you?
> Perhaps the SuSE firewall?
>
> I know some firewalls are configured to dump UDP queries.
> I ran into this problem myself when working with DNS from
> my Linux server. My solution was to open a port for the reverse
> UDP transaction. Then all was well. I don't know of a way to force> one protocol over the other.
>
>
Yeah I that occurred to me too. I don't have the Suse firewall enabled

by default and even with the routers built in firewall and 'DOS'
protection disabled the problem still exists.

:-(

Daniel de Vries wrote:

I haven't seen question about 3 entries in your /etc/resolv.conf.
Your router address is last entry. Try to put it first, or to make it
the
only choice.

Have you tried:
dig www.ibm.com @172.16.1.1


--
Greetings,
Rajko