I saw many references about this in the archives but I haven't seen a solution to it and we just started seeing this problem. Beginning sometime very recently, our DNS servers are not able to resolve www.yahoo.com. I have no problem if I point my PC to an external DNS server, but when I point it back at our internal servers I get timeouts when trying to resolve that domain. A Google search turned up dozens of posts over the past few years regarding people not being able to resolve www.yahoo.com, but the solutions don't seem to apply to our environment. We're running a version of BIND 8 on Solaris 9, and it's likely that this behavior began this weekend after we applied the most recent patch cluster for Solaris 9 and rebooted the server. For quite a while, all external DNS was failing and we still have some odd intermittent problems but the most noticable issue that is 100% reproducible is the failure to resolve Yahoo addresses. I saw a few Usenet posts that mentioned this could be a problem with Extensions for DNS and the fact that DNS replies could be larger than 512 bytes. This would be a problem if you were behind a PIX firewall running a certain version of software and with a certain feature configured because it would drop all UDP DNS packets over 512 bytes. This doesn't really fit our environment so I'm still looking for answers. Any thoughts? Thanks, John --
John.Neiberger@efirstbank.com ("John Neiberger") writes:
... Beginning sometime very recently, our DNS servers are not able to resolve www.yahoo.com. I have no problem if I point my PC to an external DNS server, but when I point it back at our internal servers I get timeouts when trying to resolve that domain.
... We're running a version of BIND 8 on Solaris 9, and it's likely that this behavior began this weekend after we applied the most recent patch cluster for Solaris 9 and rebooted the server. For quite a while, all external DNS was failing and we still have some odd intermittent problems but the most noticable issue that is 100% reproducible is the failure to resolve Yahoo addresses.
...
you'll need to get tcpdump running, and watch what queries are sent to whom, and whether a nonrecognizable response is coming back. this sounds like a problem with your ip source address or port number, rather than EDNS or packet size. -- Paul Vixie
participants (2)
-
John Neiberger
-
Paul Vixie