<div dir="ltr">Dear Jasim <div><br></div><div><br></div><div><br></div><div>As Brian & Suman mentioned - it's purely setup issue on DNS zone itself. </div><div><br></div><div><br></div><div><br></div><div><br></div><div>I tried querying <a href="http://ns1.btraccl.net" target="_blank">ns1.btraccl.net</a>. (103.9.185.229) and <a href="http://ns2.btraccl.net" target="_blank">ns2.btraccl.net</a>. (103.9.185.230) on both UDP and TCP port 53 and it's failing. </div><div><br></div><div><font size="1" face="monospace, monospace"><br></font></div><div><div><font size="1" face="monospace, monospace">anurag@server7:~$ dig @<a href="http://103.9.185.229" target="_blank">103.9.185.229</a> <a href="http://btraccl.net" target="_blank">btraccl.net</a> ns</font></div><div><font size="1" face="monospace, monospace"><br></font></div><div><font size="1" face="monospace, monospace">; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> @<a href="http://103.9.185.229" target="_blank">103.9.185.229</a> <a href="http://btraccl.net" target="_blank">btraccl.net</a> ns</font></div><div><font size="1" face="monospace, monospace">; (1 server found)</font></div><div><font size="1" face="monospace, monospace">;; global options: +cmd</font></div><div><font size="1" face="monospace, monospace">;; connection timed out; no servers could be reached</font></div><div><font size="1" face="monospace, monospace">anurag@server7:~$</font></div><div><font size="1" face="monospace, monospace"><br></font></div><div><font size="1" face="monospace, monospace">anurag@server7:~$ telnet 103.9.185.229 53</font></div><div><font size="1" face="monospace, monospace">Trying 103.9.185.229...</font></div><div><font size="1" face="monospace, monospace">telnet: Unable to connect to remote host: Connection timed out</font></div><div><font size="1" face="monospace, monospace">anurag@server7:~$</font></div></div><div><br></div><div><br></div><div>(same result for other server as well)</div><div><br></div><div><br></div><div><br></div><div>The only reason it appears partially working is because popular DNS recursors like Google Public DNS, OpenDNS, etc are still resolving it. It could just because they have records in cache (and when someone queried in past when your auth DNS servers were working). </div><div><br></div><div>Btw I have noticed this specifically with Google multiple times that if authoritative DNS of servers of a zone becomes unavailable then Google serves old working data even after expiry of TTL. </div><div><br></div><div><br></div><br>For your specific issue - check if server is locally listening to requests by running <b>dig @localhost <a href="http://btraccl.net" target="_blank">btraccl.net</a> ns </b>on server itself and if that works then focus on firewall rules. It could be internal server firewall like iptables or any external firewall in your setup dropping off traffic. Incase server doesn't replies to query done locally then focus on DNS server software and verify daemon is running and config is OK. <div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>Good luck! <br><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Dec 23, 2015 at 10:31 PM, Brian Candler <span dir="ltr"><<a href="mailto:brian@nsrc.org" target="_blank">brian@nsrc.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 23/12/2015 16:44, Jasim Alam wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I understand this not a proper implementation. But this setup is running from years, until this week we didn't face any similar problem .<br>
</blockquote>
<br></span>
Then you have been lucky.<span><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Infact another domain of ours having ns boxes in same subnet not facing any similar issue.<br>
<br>
[root@Jasim ~]# host -t ns <a href="http://btraccl.com" rel="noreferrer" target="_blank">btraccl.com</a><br>
<a href="http://btraccl.com" rel="noreferrer" target="_blank">btraccl.com</a> name server <a href="http://ns2.aknetbd.com" rel="noreferrer" target="_blank">ns2.aknetbd.com</a>.<br>
<a href="http://btraccl.com" rel="noreferrer" target="_blank">btraccl.com</a> name server <a href="http://ns1.aknetbd.com" rel="noreferrer" target="_blank">ns1.aknetbd.com</a>.<br>
[root@Jasim ~]# host <a href="http://ns1.aknetbd.com" rel="noreferrer" target="_blank">ns1.aknetbd.com</a><br>
<a href="http://ns1.aknetbd.com" rel="noreferrer" target="_blank">ns1.aknetbd.com</a> has address 221.120.96.2<br>
[root@Jasim ~]# host <a href="http://ns2.aknetbd.com" rel="noreferrer" target="_blank">ns2.aknetbd.com</a><br>
<a href="http://ns2.aknetbd.com" rel="noreferrer" target="_blank">ns2.aknetbd.com</a> has address 221.120.96.3<br>
<br>
</blockquote></span>
You are also lucky that works. The fact that it works today does not mean it will work next week - nor that this is a good or reliable configuration.<br>
<br>
RFC 2182 was written by people who really, really know what they are talking about. If you ignore their advice, your nameservice is liable to break in exactly the way you are experiencing. Don't say they didn't tell you :-)<br>
<br>
"3.2. Unsuitable Configurations<br>
<br>
While it is unfortunately quite common, servers for a zone should<br>
certainly not all be placed on the same LAN segment in the same room<br>
of the same building - or any of those. Such a configuration almost<br>
defeats the requirement, and utility, of having multiple servers."<br>
<br>
If DNS is important to your business, isn't it worth paying $5 per month for off-site secondary? That would cover an unlimited number of domains.<div><div><br>
<br>
Regards,<br>
<br>
Brian.<br>
<br>
_______________________________________________<br>
nog mailing list<br>
<a href="mailto:nog@bdnog.org" target="_blank">nog@bdnog.org</a><br>
<a href="http://mailman.bdnog.org/mailman/listinfo/nog" rel="noreferrer" target="_blank">http://mailman.bdnog.org/mailman/listinfo/nog</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><font face="arial, helvetica, sans-serif"><br></font></div><div><br></div><font face="arial, helvetica, sans-serif">Anurag Bhatia<br></font><div></div><div><font face="arial, helvetica, sans-serif"><a href="http://anuragbhatia.com" target="_blank">anuragbhatia.com</a></font><div><br></div></div><div><font face="arial, helvetica, sans-serif"><a><br></a></font></div><div>PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2</div></div></div></div></div>
</div></div>