From: Sean C (upp_and_upp@hotmail.com)
Date: Tue Jun 12 2007 - 17:38:50 ART
Hi Joshua,
If possible, have the users open a command prompt and do a nslookup for your
domain (depending on what their PC's OS is). Or, like Scott mentioned, you
can have them change which DNS server they use to recieve answers from.
Also, 'set d2' will give debugs for nslookup. Dig is another option...
I doubt it, but they could be receiving a wrong A or CNAME record. Or
perhaps they have a cached entry if you recently changed IPs and the TTL has
not expired yet.
HTH,
Sean #17085
For example, to lookup CNN's record:
nslookup
> cnn.com
Server: 192.168.0.3
Address: 192.168.0.3#53
Non-authoritative answer:
Name: cnn.com
Address: 64.236.16.20
Name: cnn.com
Address: 64.236.16.52
Name: cnn.com
Address: 64.236.24.12
Name: cnn.com
Address: 64.236.29.120
*********************************************
To change which server the remote users use to resolve queiries:
nslookup
> server 4.2.2.2 <--- I set nslookup to use 4.2.2.2 for DNS requests
Default server: 4.2.2.2
Address: 4.2.2.2#53
> cnn.com
Server: 4.2.2.2
Address: 4.2.2.2#53
Non-authoritative answer:
Name: cnn.com
Address: 64.236.16.52
Name: cnn.com
Address: 64.236.24.12
Name: cnn.com
Address: 64.236.29.120
Name: cnn.com
Address: 64.236.16.20
*********************************************
To do nslookup debugs
> set d2
> cnn.com
addlookup()
make_empty_lookup()
looking up cnn.com
start_lookup()
setup_lookup(0x8adb058)
resetting lookup counter.
cloning server list
clone_server_list()
make_server(192.168.0.3)
using root origin
recursive query
add_question()
starting to render the message
done rendering
create query 0x8acbba8 linked to lookup 0x8adb058
do_lookup()
send_udp(0x8acbba8)
bringup_timer()
have local timeout of 5
working on lookup 0x8adb058, query 0x8acbba8
sockcount=1
recving with lookup=0x8adb058, query=0x8acbba8, sock=0x8accd20
recvcount=1
sending a request
lock_lookup dighost.c:1524
success
send_done()
sendcount=0
check_if_done()
list empty
unlock_lookup dighost.c:1533
recv_done()
lock_lookup dighost.c:2200
success
recvcount=0
lookup=0x8adb058, query=0x8acbba8
before parse starts
after parse
printmessage()
Server: 192.168.0.3
Address: 192.168.0.3#53
Non-authoritative answer:
printsection()
Name: cnn.com
Address: 64.236.29.120
Name: cnn.com
Address: 64.236.16.20
Name: cnn.com
Address: 64.236.16.52
Name: cnn.com
Address: 64.236.24.12
still pending.
cancel_lookup()
check_if_done()
list empty
clear_query(0x8acbba8)
sockcount=0
check_next_lookup(0x8adb058)
try_clear_lookup(0x8adb058)
cleared
freeing server 0x8acb318 belonging to 0x8adb058
start_lookup()
check_if_done()
list empty
shutting down
dighost_shutdown()
unlock_lookup dighost.c:2549
> exit
*******************************************
Or use dig:
dig cnn.com
; <<>> DiG 9.2.4 <<>> cnn.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37127
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;cnn.com. IN A
;; ANSWER SECTION:
cnn.com. 300 IN A 64.236.29.120
cnn.com. 300 IN A 64.236.16.20
cnn.com. 300 IN A 64.236.16.52
cnn.com. 300 IN A 64.236.24.12
;; AUTHORITY SECTION:
cnn.com. 600 IN NS twdns-03.ns.aol.com.
cnn.com. 600 IN NS twdns-04.ns.aol.com.
cnn.com. 600 IN NS twdns-01.ns.aol.com.
cnn.com. 600 IN NS twdns-02.ns.aol.com.
;; Query time: 106 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Tue Jun 12 16:35:46 2007
;; MSG SIZE rcvd: 188
----- Original Message -----
From: "Scott Morris" <smorris@ipexpert.com>
To: "'Joshua'" <joshualixin@gmail.com>; <ccielab@groupstudy.com>
Sent: Tuesday, June 12, 2007 3:38 PM
Subject: RE: DNS Issue
> Are all the users with problems in the same location, or spread out among
> different DNS servers?
>
> There's lots of reasons that could be going on depending on who's having
> the
> issues. DNS servers are often set to only recurse routes for certain IP
> address ranges (so if you change Ips, you may need to updated named.conf
> (if
> a unix box)).
>
> Otherwise, for global reachability, people should look up your domain with
> the root DNS servers and presumably get the same information for your
> authoratative servers. As long as there's no ACL issues reaching them
> from
> certain Ips, life should be good.
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
> #153, CISSP, et al.
> CCSI/JNCI-M/JNCI-J
> VP - Technical Training - IPexpert, Inc.
> IPexpert Sr. Technical Instructor
>
> A Cisco Learning Partner - We Accept Learning Credits!
>
> smorris@ipexpert.com
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> http://www.ipexpert.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Joshua
> Sent: Tuesday, June 12, 2007 3:32 PM
> To: ccielab@groupstudy.com
> Subject: DNS Issue
>
> Hello,
>
> I know the topic may be not right to put over here. But i still do hope
> somebody could give me a hint. Some remote users have difficult to resolve
> my company's DNS name from Internet, but they could brower other sites.
> Only
> some users have this problem. Anybody aware any DNS server issue in
> Internet? Where should i looking for the information?
>
> Thanks,
>
> Joshua
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:48 ART