[bdNOG] Yahoo Mail can't communicate with my domain servers

Anurag Bhatia me at anuragbhatia.com
Thu Dec 24 00:04:11 BDT 2015


Dear Jasim



As Brian & Suman mentioned - it's purely setup issue on DNS zone itself.




I tried querying ns1.btraccl.net. (103.9.185.229) and ns2.btraccl.net.
(103.9.185.230) on both UDP and TCP port 53 and it's failing.


anurag at server7:~$ dig @103.9.185.229 btraccl.net ns

; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> @103.9.185.229 btraccl.net ns
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
anurag at server7:~$

anurag at server7:~$ telnet 103.9.185.229 53
Trying 103.9.185.229...
telnet: Unable to connect to remote host: Connection timed out
anurag at server7:~$


(same result for other server as well)



The only reason it appears partially working is because popular DNS
recursors like Google Public DNS, OpenDNS, etc are still resolving it. It
could just because they have records in cache (and when someone queried in
past when your auth DNS servers were working).

Btw I have noticed this specifically with Google multiple times that if
authoritative DNS of servers of a zone becomes unavailable then Google
serves old working data even after expiry of TTL.



For your specific issue - check if server is locally listening to requests
by running *dig @localhost btraccl.net <http://btraccl.net> ns *on server
itself and if that works then focus on firewall rules. It could be internal
server firewall like iptables or any external firewall in your setup
dropping off traffic. Incase server doesn't replies to query done locally
then focus on DNS server software and verify daemon is running and config
is OK.





Good luck!




On Wed, Dec 23, 2015 at 10:31 PM, Brian Candler <brian at nsrc.org> wrote:

> On 23/12/2015 16:44, Jasim Alam wrote:
>
>> I understand this not a proper implementation. But this  setup is running
>> from years, until this week we didn't face any similar problem .
>>
>
> Then you have been lucky.
>
> Infact another domain of ours having ns boxes in same subnet not facing
>> any similar issue.
>>
>> [root at Jasim ~]# host -t ns btraccl.com
>> btraccl.com name server ns2.aknetbd.com.
>> btraccl.com name server ns1.aknetbd.com.
>> [root at Jasim ~]# host ns1.aknetbd.com
>> ns1.aknetbd.com has address 221.120.96.2
>> [root at Jasim ~]# host ns2.aknetbd.com
>> ns2.aknetbd.com has address 221.120.96.3
>>
>> You are also lucky that works. The fact that it works today does not mean
> it will work next week - nor that this is a good or reliable configuration.
>
> RFC 2182 was written by people who really, really know what they are
> talking about. If you ignore their advice, your nameservice is liable to
> break in exactly the way you are experiencing.  Don't say they didn't tell
> you :-)
>
> "3.2. Unsuitable Configurations
>
>    While it is unfortunately quite common, servers for a zone should
>    certainly not all be placed on the same LAN segment in the same room
>    of the same building - or any of those.  Such a configuration almost
>    defeats the requirement, and utility, of having multiple servers."
>
> If DNS is important to your business, isn't it worth paying $5 per month
> for off-site secondary? That would cover an unlimited number of domains.
>
>
> Regards,
>
> Brian.
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>



-- 


Anurag Bhatia
anuragbhatia.com


PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151223/6c167e43/attachment.html>


More information about the nog mailing list