View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions dhcp'd nameservers not resolving remote domain
Log in to Ask a Question

dhcp'd nameservers not resolving remote domain

networking

every few days, for a few hours at time, my node's unable to resolve dns lookup for 'www.hpc.ncep.noaa.gov'… I get temporary failure. That site's been around for years and four other (non-Linode) servers I have resolve without problems. (it failed for a hour late July 2nd, and it's been failing for four hours right now…)

I suspect the nameservers I'm getting via DHCP (74.207.242.5, 74.207.241.5) can resolve most sites, but fails for the above domain… why intermittently?

$ dig www.hpc.ncep.noaa.gov
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32906

yet using google's dns succeeds:

$ dig www.hpc.ncep.noaa.gov @8.8.8.8
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51063
;; ANSWER SECTION:
www.hpc.ncep.noaa.gov.    86185   IN  CNAME   edge-nws.woc.noaa.gov.
edge-nws.woc.noaa.gov.    85  IN  CNAME   edge-rev.lb.noaa.gov.
edge-rev.lb.noaa.gov.    28  IN  A   140.172.17.23
edge-rev.lb.noaa.gov.    28  IN  A   129.15.96.23
edge-rev.lb.noaa.gov.    28  IN  A   140.90.33.23
edge-rev.lb.noaa.gov.    28  IN  A   140.90.200.23

I suppose I could resort to hard-coded nameservers, but I'm not sure how to do that without resorting to fully static interface definition & I'd prefer to have the Linode nameservers work.

Thoughts?

I'm new to Linode.com – are their nameservers generally this bad?

  • Peter

6 Replies

Edit /etc/dhcp3/dhclient.conf

supersede domain-name-servers 8.8.8.8, 8.8.4.4;

There's plenty of good trouble free nameservers in the world, use which ever ones work best for you.

I have the same problem with ftp.ncep.noaa.gov

It is the first time I have noticed the failure. I wonder if you've found a good solution.

vonskippy,

I couldn't locate

/etc/dhcp3/dhclient.conf

so I modified /etc/resolv.conf

to add

nameserver 8.8.8.8

nameserver 8.8.4.4

It seems to be working fine now.

Hoverver, I've just seen that /etc/resolv.conf is generated by a script

$ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search members.linode.com
nameserver 8.8.8.8
nameserver 8.8.4.4

Will that be modified without warning?, is there a way of preventing further modifications?

Thanks

It might be worth opening a ticket so the Linode folks can take a look at it and perhaps fix it…

(the nameservers are working at the moment, so it's difficult to debug. I've also opened a ticket with Linode.)

I note that google's NS 8.8.8.8 doesn't return an "AUTHORITY SECTION" in response to dig, but linode's response does:

$ dig  ftp.ncep.noaa.gov

; <<>> DiG 9.7.3 <<>> ftp.ncep.noaa.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45006
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;ftp.ncep.noaa.gov.        IN  A

;; ANSWER SECTION:
ftp.ncep.noaa.gov.    19105   IN  CNAME   ftp-ftpprd-woc.lb.noaa.gov.
ftp-ftpprd-woc.lb.noaa.gov. 30    IN  A   140.90.33.41
ftp-ftpprd-woc.lb.noaa.gov. 30    IN  A   140.90.33.31

;; AUTHORITY SECTION:
lb.noaa.gov.        86400   IN  NS  ns-e.noaa.gov.
lb.noaa.gov.        86400   IN  NS  ns-nw.noaa.gov.
lb.noaa.gov.        86400   IN  NS  ns-mw.noaa.gov.

;; Query time: 97 msec
;; SERVER: 74.207.242.5#53(74.207.242.5)
;; WHEN: Wed Jul  6 07:45:38 2011
;; MSG SIZE  rcvd: 158

Google's the same, but without AUTHORITY:

$ dig  @8.8.8.8 ftp.ncep.noaa.gov

; <<>> DiG 9.7.3 <<>> @8.8.8.8 ftp.ncep.noaa.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30640
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ftp.ncep.noaa.gov.        IN  A

;; ANSWER SECTION:
ftp.ncep.noaa.gov.    69660   IN  CNAME   ftp-ftpprd-woc.lb.noaa.gov.
ftp-ftpprd-woc.lb.noaa.gov. 30    IN  A   140.90.33.41
ftp-ftpprd-woc.lb.noaa.gov. 30    IN  A   140.90.33.31

;; Query time: 98 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul  6 07:49:17 2011
;; MSG SIZE  rcvd: 99

Note sure if that means anything, but it's a difference!

-Peter

Support suggests the problem is with DNSSEC issues on .gov domains (i.e., some .gov domain's configuration isn't fully correct). Other resolvers, which don't verify the DNSSEC signatures won't see the name resolution problem.

Will continue to monitor.

Thanks for following it up.

j.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct