lubuntu-desktop team mailing list archive

[Jonathan Marsden <jmarsden@xxxxxxxxxxx>]

On 10/25/2011 03:36 PM, Ali Linx wrote:

> Network Error (dns_server_failure)
> 
>   Your request could not be processed because an error occurred contacting
> the DNS server.  ...


Here is how to troubleshoot this kind of issue:

(1) Use dig +nssearch to find out the nameservers for the domain:

  dig lxde.org +nssearch

This should return information on the reachability of each registered
nameserver for the domain, and the DNS serial number of the information
it contains.  Unfortunately, for lxde.org, I get currently "connection
timed out; no servers could be reached", which indicates a significant
problem.  To see what kind of information you get when things are
working correctly, try

  dig lubuntu.net +nssearch

(1B) Since that lookup for lxde.org totally failed (!), use whois to
determine what the listed nameservers for the domain are, instead:

  whois lxde.org

This returns a bunch of information, including:

  Name Server:LINUX3.CC.NTU.EDU.TW
  Name Server:NS1.XINH.ORG
  Name Server:NS2.XINH.ORG
  Name Server:DNS.LXDE.ORG

So, now we know the four authoritative nameservers for lxde.org,
according to whois. (Note: when changes are being made, whois
information can be up to 24 hours behind reality; if nameserver
information from dig +nssearch and whois is different, info from dig is
much more likely to be correct).

(2) Check each of the authoritative nameservers in turn, to see if they
are working, and whether they return the correct (expected) result for
the site you are trying to access:

  dig @linux3.cc.ntu.edu.tw www.lxde.org.

That gets me a SERVFAIL response and no A record.  Strike one!

  dig @ns1.xinh.org www.lxde.org.

That gets me a "connection timed out; no servers could be reached".
Strike two!

  dig @ns2.xinh.org www.lxde.org.

That also gets me a "connection timed out; no servers could be reached".
 Strike three!

  dig @dns.lxde.org  www.lxde.org.

This gets me a "dig: couldn't get address for 'dns.lxde.org': not found".

None of the specified authoritative DNS servers for the lxde.org zone
are working.  In case it is not obvious: this is really bad and needs
fixing.

(3) Fortunately, some cached DNS information does still exist out there,
on other public DNS servers, for example

  dig @8.8.8.8 www.lxde.org.

returns an CNAME and A record:

 www.lxde.org.		47028	IN	CNAME	start.lxde.org.
 start.lxde.org.	47028	IN	A	210.240.39.201

This info looks like it will expire in 47028 seconds, which is about 13
hours... unless the Google DNS server (8.8.8.8) has better connectivity
to the official DNS servers for lxde.org than I have.

BOTTOM LINE:

At least for now, anyone using Google's public DNS servers will still be
able to access www.lxde.org.  Anyone using their own caching DNS server
that does not yet have lxde.org information cached in it, or using their
ISPs DNS server that does not yet have lxde.org information cached in
it, will *not* be able to look up the IP address for www.lxde.org and so
will be unable to browse to that site.

POSSIBLE FIXES:

If it would be useful, I would be happy to run DNS for lxde.org on one
or two small DNS servers under my control, at no cost.  They run DNS for
only a couple of hundred domains or so, and so far are a lot more
reliable than the current lxde.org DNS servers seem to be :)  Currently
they each run a different version of BSD, and are completely independent
in terms of power and network connectivity (they are located on opposite
coasts of the USA).

I vaguely remember offering this once before, and there was some reason
why it didn't make sense to do it...?

Jonathan

PS.  Just for fun: note that even the mighty Google can't work around
completely broken or missing information:

  dig @8.8.8.8 dns.lxde.org

returns a SERVFAIL, and does not return an A record.  Looking up
start.lxde.org in the same way fails similarly.