lubuntu-desktop team mailing list archive
Mailing list archive
DNS troubleshooting basics (was: www.lxde.org is down!)
On 10/25/2011 03:36 PM, Ali Linx wrote:
> Network Error (dns_server_failure)
> Your request could not be processed because an error occurred contacting
> the DNS server. ...
Here is how to troubleshoot this kind of issue:
(1) Use dig +nssearch to find out the nameservers for the domain:
dig lxde.org +nssearch
This should return information on the reachability of each registered
nameserver for the domain, and the DNS serial number of the information
it contains. Unfortunately, for lxde.org, I get currently "connection
timed out; no servers could be reached", which indicates a significant
problem. To see what kind of information you get when things are
working correctly, try
dig lubuntu.net +nssearch
(1B) Since that lookup for lxde.org totally failed (!), use whois to
determine what the listed nameservers for the domain are, instead:
This returns a bunch of information, including:
So, now we know the four authoritative nameservers for lxde.org,
according to whois. (Note: when changes are being made, whois
information can be up to 24 hours behind reality; if nameserver
information from dig +nssearch and whois is different, info from dig is
much more likely to be correct).
(2) Check each of the authoritative nameservers in turn, to see if they
are working, and whether they return the correct (expected) result for
the site you are trying to access:
dig @linux3.cc.ntu.edu.tw www.lxde.org.
That gets me a SERVFAIL response and no A record. Strike one!
dig @ns1.xinh.org www.lxde.org.
That gets me a "connection timed out; no servers could be reached".
dig @ns2.xinh.org www.lxde.org.
That also gets me a "connection timed out; no servers could be reached".
dig @dns.lxde.org www.lxde.org.
This gets me a "dig: couldn't get address for 'dns.lxde.org': not found".
None of the specified authoritative DNS servers for the lxde.org zone
are working. In case it is not obvious: this is really bad and needs
(3) Fortunately, some cached DNS information does still exist out there,
on other public DNS servers, for example
dig @126.96.36.199 www.lxde.org.
returns an CNAME and A record:
www.lxde.org. 47028 IN CNAME start.lxde.org.
start.lxde.org. 47028 IN A 188.8.131.52
This info looks like it will expire in 47028 seconds, which is about 13
hours... unless the Google DNS server (184.108.40.206) has better connectivity
to the official DNS servers for lxde.org than I have.
At least for now, anyone using Google's public DNS servers will still be
able to access www.lxde.org. Anyone using their own caching DNS server
that does not yet have lxde.org information cached in it, or using their
ISPs DNS server that does not yet have lxde.org information cached in
it, will *not* be able to look up the IP address for www.lxde.org and so
will be unable to browse to that site.
If it would be useful, I would be happy to run DNS for lxde.org on one
or two small DNS servers under my control, at no cost. They run DNS for
only a couple of hundred domains or so, and so far are a lot more
reliable than the current lxde.org DNS servers seem to be :) Currently
they each run a different version of BSD, and are completely independent
in terms of power and network connectivity (they are located on opposite
coasts of the USA).
I vaguely remember offering this once before, and there was some reason
why it didn't make sense to do it...?
PS. Just for fun: note that even the mighty Google can't work around
completely broken or missing information:
dig @220.127.116.11 dns.lxde.org
returns a SERVFAIL, and does not return an A record. Looking up
start.lxde.org in the same way fails similarly.