Topic: Please help, DNS problems :(

[Reaper82]

Hi,

I've been having intermittent issues with a large range of random sites and have narrowed the issue down to DNS caching.  I completely rebuilt the server but the issue wasn't solved,  this is how I managed to stumble across it in the logs.

What I want to know is,  what are the DNS servers that SME 7.0 uses?  Are they the ones obtained from my ISP on login or are they different?  Is this the issue and if so how can I change the default DNS?  I have part of the log, and can provide the whole log if needed. What I noticed was the sites would work, then fail minutes later, and work again after numerous tries. I only posted this because I have a site I cannot access at home but I can SSH/RDP into work and it works there (also running 7.0).

What I'm interested in is whether my ISP is responsible,  or if I'm able to do anything to resolve this.  As you can probably understand it has been a frustrating week.  

Here is part of the log output (it's dated last week but has been on and off for about 10 days).  I can make any logs available on request.
http://www.users.on.net/~reaper82/dnscache.log

[mrkiwi]

I had the same problem, only it was mail which alerted me to the problem.

My Scenario; my sme server "SME2", in server-only mode, qmail queueing outgoing mail due to problems finding the mx servers for the recipients of mail.
Confirmation;
dig @sme2 gmail.com mx
"DNS request timed out"

tail /var/log/dnscache.forwarder/current
"servfail gmail.com. input/output error"

tail /var/log/qmail/current
"delivery 342: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/"

Solution; Go through the Server Console and "Configure this Server" - i had 10.1.1.1 as an additional DNS server (my ADSL router) so i took this out.

Hope this helps someone

[Reaper82]

Not the same problem but thanks for replying.

SME is in Server and Gateway mode.

The issue is intermittent,  as the sites work one minute and won't resolv the next.  I want to find out where the issue lies, which I believe is with the ISP but I can't say with a certainty.

I don't have any additional DSN servers set,  I have checked it all (and have installed the server fresh) and found nothing out of the ordinary except for this.

I would appreciate any help,  even if it is just to point me in the right direction as to who is responsible.

Thanks,

Reaper

[Reaper82]

server lag,  double post.  Sorry.

[raem]

Reaper82

> what are the DNS servers that SME 7.0 uses?  

sme server uses its own DNS server/resolver and you are strongly advised to use the default setup which should use the sme as DNS server by default. This does lookup external root DNS servers and performs as good as your ISP's DNS servers.

You should configure all your workstations to use the sme as DNS server, if network cards are automatically configured by your workstations then this should happen automatically. If not you need to configure manually.
On your workstation check with
ipconfig /all

Ethernet adapter Local Area Connection:
        DHCP Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.2.xx
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.2.1
        DHCP Server . . . . . . . . . . . : 192.168.2.1
        DNS Servers . . . . . . . . . . . : 192.168.2.1
        Primary WINS Server . . . . . . . : 192.168.2.1

The DNS server IP is usually the same as your sme server local IP.

Check server manager Review Configuration for your DNS server IP

All the above assumes you have not configured a different external DNS server during sme setup ie in the admin console Configure this server screens.
 
see
http://forums.contribs.org/index.php?topic=32243.0

[raem]

Reaper82

Check these:

/etc/init.d/tinydns status
/service/tinydns: run (pid 2576) 71738 seconds, normally down

/etc/init.d/dnscache status
/service/dnscache: run (pid 2418) 71764 seconds, normally down

rpm -q e-smith-tinydns
e-smith-tinydns-1.0.0-02

rpm -q e-smith-dnscache
e-smith-dnscache-1.0.0-03

rpm -q djbdns
djbdns-1.05-02

config show tinydns
tinydns=service
    UDPPorts=53
    access=localhost
    status=enabled

config show dnscache
dnscache=service
    TCPPort=53
    UDPPort=53
    access=private
    status=enabled

[Reaper82]

/service/tinydns: run (pid 2815) 20526 seconds, normally down

/service/dnscache: run (pid 3733) 20360 seconds, normally down

e-smith-tinydns-1.0.0-02

e-smith-dnscache-1.0.0-03

djbdns-1.05-02

    tinydns=service
    UDPPorts=53
    access=localhost
    status=enabled

    dnscache=service
    Forwarder=
    Forwarder2=
    TCPPort=53
    UDPPort=53
    access=private
    status=enabled

Don't know why mine has blank forwarders in there.  I haven't changed anything from the defaults,  and it is a fresh install (well was 2 weeks ago).  It is only occasionally,  which can mean it works for days then just stops resolving that site.  If my work connection (Same SME version) is using the same DNS as my connection then I can't understand why some sites would work from there and not here (they are on different ISPs).  I have a site that hasn't worked for a couple of weeks,  but was working before that just  fine.  Coincidentally I can no longer access my work connection from here,  while I was able to last week and the week before that.  I use SSH between the two for RDP.

I have static IP set on my lan,  but gateway and DNS are set to the server IP.

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45
        Physical Address. . . . . . . . . : <removed>
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.0.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.1
        Primary WINS Server . . . . . . . : 192.168.0.1

[raem]

Reaper82

Have you checked all your cables and connections etc, eg LAN, WAN, phone line etc. Even swap cables around to see if the problem "moves".

>    dnscache=service
>    Forwarder=
>    Forwarder2=

> Don't know why mine has blank forwarders in there.

That's the Corporate DNS server settings, blank is OK.  
The other settings look OK.


> If my work connection is using the same DNS as my connection then I > can't understand why some sites would work from there and not here
> (they are on different ISPs).

What do you mean by "using the same DNS". How is it that your work and home are using the same DNS if you didn't set anything related to that ?

[Reaper82]

Have you checked all your cables and connections etc, eg LAN, WAN, phone line etc. Even swap cables around to see if the problem "moves".

I've replaced the server (whole PC), both cables and even changed both nics (with same result so changed them back,  the test ones were 1/10mbit).  I have used 2 different modems,  both bridged (Netgear DG632 and Bipac 711CE).  I've tried replacing everything,  except the HDD that SME is installed on (it is a 30gb Maxtor and all HDD tests come up clean)

What do you mean by "using the same DNS". How is it that your work and home are using the same DNS if you didn't set anything related to that ?

Well I figured they would be using identical named.root lists and resolving from the same root servers though I may have misunderstood what you said earlier.

[raem]

Reaper82

>..they would be using identical named.root lists and resolving from the same root servers

OK you mean "same DNS" generically speaking.

All I could suggest now is to check your workstations to see if the browsers are configured to use your server proxy port, usually auto detect is OK, as long as there are no other bypass settings in there.

Also Refresh the browser cache
in IE Ctrl F5
in Firefox Ctrl R (I think)
as you may still be reading old (bad) pages that are in the browsers cached memory.

You might also look at flushing the squid cache in your sme server.
Again you could just be reading old (bad) pages that are in the servers cache
Search for the commands to use or install this contrib
http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=viewsdownload&sid=62

Failing that, someone else will need to suggest what to do, or you could contact your ISP to see if they have any answers.

[Reaper82]

It isn't a matter of viewing old pages,  as that wouldn't get I/O serverfail messages with dnscache.   I get the same for jbhifi.com.au and www.jbhifi.com.au,  as well as my work http://computer-rescue.com.au/ which was working up until last week.

While trying to retrieve the URL: http://jbhifi.com.au/

The following error was encountered:

    Unable to determine IP address from host name for jbhifi.com.au

The dnsserver returned:

    No DNS records

This means that:

 The cache was not able to resolve the hostname presented in the URL.
 Check if the address is correct.

Your cache administrator is admin@reaper.homelinux.org.
Generated Thu, 05 Oct 2006 07:20:14 GMT by server.reaper.homelinux.org (squid/2.5.STABLE6)

I've installed that squid manager,  I had an older version so it updated nicely.  But the problem remains *sigh*

Thanks for your help,  I guess I'll have to talk to my ISPs engineers to see whether there is a problem.  Some others have noticed DNS issues with the ISP (a small number) but SME isn't supposed to be using my ISPs DNS if it is using the servers in the root list.

[raem]

Reaper82

I tried htp://jbhifi.com.au
and get

The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: http://jbhifi.com.au/
The following error was encountered:
Unable to determine IP address from host name for jbhifi.com.au
The dnsserver returned:
No DNS records
This means that:
 The cache was not able to resolve the hostname presented in the URL.
 Check if the address is correct.


I tried www.jbhifi.com.au
and get
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: http://www.jbhifi.com.au/
The following error was encountered:
Unable to determine IP address from host name for www.jbhifi.com.au
The dnsserver returned:
Server Failure: The name server was unable to process this query.
This means that:
 The cache was not able to resolve the hostname presented in the URL.
 Check if the address is correct.


I tried http://computer-rescue.com.au
and get

The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: http://computer-rescue.com.au/
The following error was encountered:
Unable to determine IP address from host name for computer-rescue.com.au
The dnsserver returned:
Server Failure: The name server was unable to process this query.
This means that:
 The cache was not able to resolve the hostname presented in the URL.
 Check if the address is correct.


I think your problem is external & is with the DNS records for those sites and/or the DNS host servers & nameservers.
see
http://www.dnsreport.com/tools/dnsreport.ch?domain=jbhifi.com.au

http://www.dnsreport.com/tools/dnsreport.ch?domain=www.jbhifi.com.au

http://www.dnsreport.com/tools/dnsreport.ch?domain=computer-rescue.com.au

[Reaper82]

Well I just checked our Custom DNS account (for our work domain) with dyndns.org and it seems to have lapsed (30th September) so I'll renew that tomorrow.  The zone is listed inactive as a result,  so that would explain that one.  It is still accessible via IP address.


I have used SSH and RDP to my work PC which is using the same version of SME and no additional contribs and have no trouble opening www.jbhifi.com.au .

I don't understand the inconsistencies.  If the site was down I could understand and let it go,  but it is driving me mad lol.  I guess I'll just have to accept that something is borked and I don't know where to start.

Thanks for your time,  I hope it wasn't wasted.

[raem]

Reaper82

> I don't understand the inconsistencies.

Forgive me for possibly being rude here, but are you deliberately trying to be stupid.
There are clearly problems with the DNS configuration for those sites, that's why access is inconsistent.
eg
ERROR: I couldn't find any A records for www.jbhifi.com.au. If you want a website at www.jbhifi.com.au, you will need an A record for www.jbhifi.com.au. If you do not want a website at www.jbhifi.com.au, you can ignore this error.

Read all the links to DNS Reports I posted.


> Thanks for your time,  I hope it wasn't wasted.

It's starting to be wasted now if you don't take notice of what those reports are saying.

> I guess I'll just have to accept that something is borked and I don't know where to start.

If you can't see what the problem is when I poke it right under your nose, then you are stupid. Get the DNS for those sites correctly configured.

[Reaper82]

Forgive me for possibly being rude here, but are you deliberately trying to be stupid.
There are clearly problems with the DNS configuration for those sites, that's why access is inconsistent.

I did read the links and that is what drew me to check my work domains configuration,  which requires action.  

I am still learning these things,  and after doing some of my own research on the web I now have a better understanding of how it works.  DNS issues are not something I come across often,  so it has escaped me until now.  There is no need to be rude just because I'm not at the same technical level you are,  I'm sure you wouldn't appreciate it.

If you can't see what the problem is when I poke it right under your nose, then you are stupid. Get the DNS for those sites correctly configured.

I'll have my work domain back online tomorrow when I can get into the office.