PDA

View Full Version : unable to resolve domain names with dns on another subnet



glio
12-May-2015, 02:23
I must say this is a bizarre condition...

Environment: SLES 10, running DHCP and DNS on 172.16.0.0/24. It acts as the DNS for the whole network, which comprises of a number of subnets(172.16.1.0/24, 172.16.2.0/24...) The DNS was running okay before a network upgrade (simply added a bunch on switches to expand the network).

After the upgrade, PCs on the same subnet as the DNS can resolve domain names, but PCs on other subnets fail to do so.

Below is a screen captured from the CMD prompt of a PC hosted on a different subnet. Instead of giving the IPs of the specified domain names, the DNS gives me something else. Normal log appears to be okay.


C:\Users\student>nslookup
Server: XXX.YYY.com
Address: 172.16.0.27

> www.oracle.com
Server: XXX.YYY.com
Address: 172.16.0.27

Non-authoritative answer:
Non-authoritative answer:
Name: www.oracle.com
Served by:
- n4x.akamaiedge.net

x.akamaiedge.net
- n5x.akamaiedge.net

x.akamaiedge.net
- n6x.akamaiedge.net

x.akamaiedge.net
- n7x.akamaiedge.net

x.akamaiedge.net
- n0x.akamaiedge.net

x.akamaiedge.net
- n1x.akamaiedge.net

x.akamaiedge.net
- n2x.akamaiedge.net

x.akamaiedge.net
- n3x.akamaiedge.net

x.akamaiedge.net

ab
12-May-2015, 02:57
Since you're posting this in a SLES forum (vs. in a windows forum) I
presume you are thinking this is a problem with the SLES box, but you also
mention that things work correctly if things are on the same network.
What happens if you try the lookup from the DNS server itself?



dig @172.16.0.27 www.oracle.com


vs. querying something on the Internet:



dig @8.8.8.8 www.oracle.com


Something else worth doing is probably getting a LAN trace, probably from
the workstation that fails, to see what is happening there.

Most DNS lookups use UDP by default, and it may be that your new networks
are blocking that somehow. Alternatively, perhaps your SLES box is
blocking UDP via some IP ranges with its firewall settings. A LAN trace
from the workstation should show you something in any case, especially
when combined with the commands above from the server.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

jmozdzen
19-May-2015, 16:30
Hi glio,

> After the upgrade, PCs on the same subnet as the DNS can resolve domain names, but PCs on other subnets fail to do so.

how's "allow-query" and "allow-recursion" set in your named.conf?

Regards,
Jens