[nSLUG] resolving bellaliant.net while on fibreop

George N. White III gnwiii at gmail.com
Sun Aug 16 16:17:07 ADT 2015


On Sun, Aug 16, 2015 at 9:22 AM, D G Teed <donald.teed at gmail.com> wrote:

Setup:
>
> fibreop home ISP
>
> Two Linux systems behind Asus router cannot resolve
> bellaliant.net using bind9 (host,nslookup or dig)
>
> e.g. host bellaliant.net 192.168.0.10
> where 192.168.0.10 is my Linux box.
>
> Linux systems can resolve bellaliant.net using 8.8.8.8 as resolver
>
> Windows system also behind Asus router can resolve bellaliant.net
> using Linux systems as resolver - testing with nslookup on Windows
>
> Asus router can resolve bellaliant.net using nslookup on router
> (Merlin firmware)
>
> Linux systems behind router can resolve random domains to lookup, such
> as cbc.ca or england.com
>
> dig with +trace on Linux ends like this:
>
> ;; Received 489 bytes from 199.7.83.42#53(199.7.83.42) in 982 ms
>
> bellaliant.net. 172800 IN NS dns-nb00.aliant.net.
> bellaliant.net. 172800 IN NS dns-ns00.aliant.net.
> ;; Received 117 bytes from 192.54.112.30#53(192.54.112.30) in 10142 ms
>
> ;; connection timed out; no servers could be reached
>
>

"dig <host> +trace" adds "+dnssec".   "Applications don't necessarily need
DNSSEC support to benefit from it. If the local nameserver is configured to
make DNSSEC mandatory, then the applications will receive a SERVFAIL error
trying to access any domain that is DNSSEC enabled if the signature data
isn't valid."  See: https://wiki.debian.org/DNSSEC




> Linux can look up dns-nb00.aliant.net and get 198.164.30.2
>
> but then:
>
> host bellaliant.net 198.164.30.2
> ;; connection timed out; no servers could be reached
>
> On my work Linux desktop, I can do the above lookup using 198.164.30.2
> and get an answer.
>
> Since the Asus router can do the lookup, I can add 192.168.0.1 to
> resolv.conf as a workaround, but I'm really puzzled as to why this
> situation exists.  Does anyone else run their own bind resolver on
> Bell FibreOp?  Just dealing with a bind9 resolver, not dealing with
> running a domain's DNS.
>
> The failure seems specific to lookup of bellaliant.net while having a
> Linux client talk to the Bell Aliant NS for resolving.
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
>



-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20150816/17d1d179/attachment.html>


More information about the nSLUG mailing list