Forum Discussion

aprilson_anies_'s avatar
aprilson_anies_
Icon for Nimbostratus rankNimbostratus
Feb 15, 2018

BIG-IP DNS Resolver Cache cannot resolve certain domains

Need help in figuring this out. Our BIG-IP DNS is set as Resolver Cache. The domain daaz.ph below cannot give A records and results to "connection timed out; no servers could be reached." My question is how come google and our BIG-IP DNS resolver has the same trace but only google can resolve it? All other domains are working and being resolved by our BIG-IP DNS.

 

Regards, Ep

 

application delivery
BIG-IP
  • aprilson_anies_'s avatar
    aprilson_anies_
    Icon for Nimbostratus rankNimbostratus
    Feb 15, 2018

    See dig trace below. BIG-IP DNS: dig @ daaz.ph ; <<>> DiG 9.9.9-P6 <<>> @ daaz.ph ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached

     

    dig @ daaz.ph +trace ; <<>> DiG 9.9.9-P6 <<>> @ daaz.ph +trace ; (1 server found) ;; global options: +cmd . 518359 IN NS a.root-servers.net. . 518359 IN NS b.root-servers.net. . 518359 IN NS c.root-servers.net. . 518359 IN NS d.root-servers.net. . 518359 IN NS e.root-servers.net. . 518359 IN NS f.root-servers.net. . 518359 IN NS g.root-servers.net. . 518359 IN NS h.root-servers.net. . 518359 IN NS i.root-servers.net. . 518359 IN NS j.root-servers.net. . 518359 IN NS k.root-servers.net. . 518359 IN NS l.root-servers.net. . 518359 IN NS m.root-servers.net. . 518359 IN RRSIG NS 8 0 518400 20180228050000 20180215040000 41824 . YPMX8HBJfA/DF7lm4VlafVlDHFw1LaQBmo7kTOsoLpFYsc7WswDnoOxq /3jfLFJq01HJ/Fea3G2+mAG4n8kqRcCNiAB04Z+ugCTmft3d6qhgdDRK QoFvHfo7v3BrjsmvOGCn/awojaCfg+CJVPuqApvIEYV446T/o50+5VqD /CxUCDWneRLwR4lzS615dcIeawGcnP1aECIZUH7D71xOz3sRPGCfefTo U7zITjutK3b1jaIMUJ+ozYZMprG8S/IA1MImOUXyINzLhgQc+wr2wga6 3+fjLX2I5mXovO0qk9BFRWIKGfyRaKrai8Jb+zAbM4MeX/h04rYz4OK1 31LsTw== ;; Received 1097 bytes from 124.106.4.3753(124.106.4.37) in 0 ms

     

    ph. 172800 IN NS 1.ns.ph. ph. 172800 IN NS ph.communitydns.net. ph. 172800 IN NS ns2.cuhk.edu.hk. ph. 172800 IN NS ns4.apnic.net. ph. 172800 IN NS sns-pb.isc.org. ph. 86400 IN NSEC pharmacy. NS RRSIG NSEC ph. 86400 IN RRSIG NSEC 8 1 86400 20180228050000 20180215040000 41824 . WuuC9Rt7XzTScH97GVT8kefatuTHn53oqwH+2Wom8KGuEnVck8/GKqUJ Ux0SPO3T1J2ZIsjsDrC1tawtRl1Pm2SRIWPAOvCIKAWbDa62ZsYqwfXs ez9Vl54yK2se2yLtlBoUAfYkKugTaiIpRKqC+jqbY9M+2Z5+GjjEbPWM Otr8b0H8Bho7Hyj1ZKwEwsmGgL6XSveGORt5xfZNx+rC8yK+TXXVtaUm tVV/QcvlWw42NtmiBl0K77exvx5t9U9KnZyBBB4rLLbN2fYRSlAm2qDl k7g2viuq9Pq2irUv5hxRVuWvNfsZj7/LYv9peb7xN23TWcVaMuqy4LxP rTJ92A== ;; Received 706 bytes from 199.7.83.4253(l.root-servers.net) in 0 ms

     

    daaz.ph. 86400 IN NS admiralns1.goldenwebsitemaker.com. daaz.ph. 86400 IN NS admiralns2.goldenwebsitemaker.com. ;; Received 108 bytes from 192.5.4.153(sns-pb.isc.org) in 179 ms

     

    ;; connection timed out; no servers could be reached

     

    Comparison to Google 8.8.8.8 dig @8.8.8.8 daaz.ph

     

    ; <<>> DiG 9.9.9-P6 <<>> @8.8.8.8 daaz.ph ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36559 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

     

    ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;daaz.ph. IN A

     

    ;; ANSWER SECTION: daaz.ph. 14399 IN A 104.152.168.20

     

    ;; Query time: 303 msec ;; SERVER: 8.8.8.853(8.8.8.8) ;; WHEN: Thu Feb 15 18:36:20 PHT 2018 ;; MSG SIZE rcvd: 52

     

    dig @8.8.8.8 daaz.ph +trace

     

    ; <<>> DiG 9.9.9-P6 <<>> @8.8.8.8 daaz.ph +trace ; (1 server found) ;; global options: +cmd . 231662 IN NS f.root-servers.net. . 231662 IN NS g.root-servers.net. . 231662 IN NS c.root-servers.net. . 231662 IN NS b.root-servers.net. . 231662 IN NS a.root-servers.net. . 231662 IN NS e.root-servers.net. . 231662 IN NS d.root-servers.net. . 231662 IN NS i.root-servers.net. . 231662 IN NS m.root-servers.net. . 231662 IN NS l.root-servers.net. . 231662 IN NS h.root-servers.net. . 231662 IN NS k.root-servers.net. . 231662 IN NS j.root-servers.net. . 231662 IN RRSIG NS 8 0 518400 20180226170000 20180213160000 41824 . DmvFP9AChX2slV8TZ2Ak7QCl6WbeWrahSTBu/RgibP3m00AFhctdcH0D RfpX6hi+ianCHnp/hCMxlBwv9O+avnEN00x7rwMT5zHfVHqNqN9Tq3sm KyKGfuK718K5lg5oODx85Wk8FiwFJEwstMHwBQzcPdv0KKS5RYuz63Vp gVkPDbfp26GHwhnYGJfmwdJ6UknBCot6PWSSeP3q7sTTOzogYp6xfXdd 0nw5hyk2zYo+Q3+T/SAUaISpEh5G8Hut2dJBWZqBucxliW8Qh+MqjsoM HnxvF564LJz9AhraruQQ3gw/RpPWCTNxHHM2yWaQDbGuWSa3a7lBzdCN 8jRlBw== ;; Received 525 bytes from 8.8.8.853(8.8.8.8) in 28 ms

     

    ph. 172800 IN NS 1.ns.ph. ph. 172800 IN NS ph.communitydns.net. ph. 172800 IN NS ns2.cuhk.edu.hk. ph. 172800 IN NS ns4.apnic.net. ph. 172800 IN NS sns-pb.isc.org. ph. 86400 IN NSEC pharmacy. NS RRSIG NSEC ph. 86400 IN RRSIG NSEC 8 1 86400 20180228050000 20180215040000 41824 . WuuC9Rt7XzTScH97GVT8kefatuTHn53oqwH+2Wom8KGuEnVck8/GKqUJ Ux0SPO3T1J2ZIsjsDrC1tawtRl1Pm2SRIWPAOvCIKAWbDa62ZsYqwfXs ez9Vl54yK2se2yLtlBoUAfYkKugTaiIpRKqC+jqbY9M+2Z5+GjjEbPWM Otr8b0H8Bho7Hyj1ZKwEwsmGgL6XSveGORt5xfZNx+rC8yK+TXXVtaUm tVV/QcvlWw42NtmiBl0K77exvx5t9U9KnZyBBB4rLLbN2fYRSlAm2qDl k7g2viuq9Pq2irUv5hxRVuWvNfsZj7/LYv9peb7xN23TWcVaMuqy4LxP rTJ92A== ;; Received 706 bytes from 199.7.83.4253(l.root-servers.net) in 0 ms

     

    daaz.ph. 86400 IN NS admiralns2.goldenwebsitemaker.com. daaz.ph. 86400 IN NS admiralns1.goldenwebsitemaker.com. ;; Received 108 bytes from 2620:171:805:ad2:7068::153(1.ns.ph) in 36 ms

     

    ;; connection timed out; no servers could be reached dig @8.8.8.8 daaz.ph ; <<>> DiG 9.9.9-P6 <<>> @8.8.8.8 daaz.ph ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 181 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;daaz.ph. IN A ;; ANSWER SECTION: daaz.ph. 14399 IN A 104.152.168.20 ;; Query time: 228 msec ;; SERVER: 8.8.8.853(8.8.8.8) ;; WHEN: Thu Feb 15 18:33:19 PHT 2018 ;; MSG SIZE rcvd: 52

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Feb 16, 2018

    It did not work in the two examples using "+trace" you cited above.

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Feb 19, 2018

    Yes, I did. But that is not really relevant, as what matters is what you can get from your own environment.

     

    You have not cited an example of the outcome you get running a query without "+trace" upon your own server.

     

    [Edit] Changed "I have not" to "You have not".

     

  • aprilson_anies_'s avatar
    aprilson_anies_
    Icon for Nimbostratus rankNimbostratus
    Feb 19, 2018

    Here's the result of dig without trace.

     

    ; <<>> DiG 9.9.9-P6 <<>> @ ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached

     

     

    ; <<>> DiG 9.9.9-P6 <<>> @ daaz.ph ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached

     

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Feb 19, 2018

    Your name server, whatever it is (apparently edited out from the response output), is not reachable (firewall issue? Network issue?).

     

  • aprilson_anies_'s avatar
    aprilson_anies_
    Icon for Nimbostratus rankNimbostratus
    Feb 19, 2018

    Tried to recheck network since we do not receive response from nameservers admiralns2.goldenwebsitemaker.com. and admiralns1.goldenwebsitemaker.com.