RE: [squid-users] DNS not resolving for one name

From: Alan Lehman <alehman_at_gbateam.com>
Date: Sun, 27 Nov 2011 16:29:39 -0600

> On Mon, 21 Nov 2011 13:11:11 -0600, Alan Lehman wrote:
> > I'm having trouble with Squid not resolving "eldo.us" or
> "www.eldo.us"
> >
> > The browser reports :
> > Unable to determine IP address from host name www.eldo.us The DNS
> > server returned:
> > Server Failure: The name server was unable to process this query.
>
> In command line tests this displays as "SERVFAIL" from the DNS server.
>
> >
> > /etc/resolv.conf points to the local IP and to a dns server on
> another
> > system on our network.
> > nslookup on both DNS servers works properly.
> >
> > I've tried restarting squid and bind, but no change.
> >
> > squid-3.1.6
> > bind-9.3.6
> >
> > Any ideas would be most appreciated.
> >
>
> Interesting combo there. An IPv4-only domain being serviced by a CDN
> with IPv6 nameservers.
>
> Maybe 3.1.16 will help. There are a lot of stack changes later in the
> 3.1 series.
>
>
> For testing, ensure that you have tried AAAA record lookups in your
> DNS
> servers. Which is what Squid will be doing. Somehow one of them is
> presenting Squid with SERVFAIL responses instead of NXDOMAIN (on the
> AAAA lookup) or a usable IP (on the A lookup).
>
> Amos

Amos,
Thanks for the suggestions. I upgraded to 3.1.16, but no joy. Ran a few nslookups on my DNS servers. AAAA lookups seem to work.

I'm wondering if the problem is that the browser always adds "www." in front of "eldo.us"? But it works if I bypass the proxy. Weird.

# nslookup eldo.us
Server: 172.16.4.59
Address: 172.16.4.59#53

Non-authoritative answer:
Name: eldo.us
Address: 72.47.224.77

# nslookup www.eldo.us
;; Got SERVFAIL reply from 172.16.4.59, trying next server
;; Got SERVFAIL reply from 172.16.4.59, trying next server
Server: 172.16.4.50
Address: 172.16.4.50#53

** server can't find www.eldo.us: NXDOMAIN

# nslookup -q=AAAA eldo.us
Server: 172.16.4.59
Address: 172.16.4.59#53

Non-authoritative answer:
*** Can't find eldo.us: No answer

Authoritative answers can be found from:
eldo.us
        origin = ns1.mediatemple.net
        mail addr = dnsadmin.mediatemple.net
        serial = 2011092203
        refresh = 10800
        retry = 3600
        expire = 1209600
        minimum = 43200

# nslookup -q=AAAA www.eldo.us
;; Got SERVFAIL reply from 172.16.4.59, trying next server
;; Got SERVFAIL reply from 172.16.4.59, trying next server
Server: 172.16.4.50
Address: 172.16.4.50#53

** server can't find www.eldo.us: NXDOMAIN

CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you
Received on Sun Nov 27 2011 - 22:29:52 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 28 2011 - 12:00:02 MST