Ticket #3594 (closed defect: invalid)
DNS configuration question
| Reported by: | bzflaglegomaniac@… | Owned by: | ejhernandez@… |
|---|---|---|---|
| Milestone: | Component: | dns | |
| Severity: | normal | Keywords: | |
| Cc: |
Description
My Zentyal server is hosting about 50 domains. Not really, of course, just one real one. The others are bandwidth leaching sites like doublclick.com. I point them at the local machine 127.0.0.1 so they don't use up bandwidth when downloading a page and we don't get to see the ads (snif!).
So here's my problem: one of the sites my kids do want to see is now unreachable. It has a domain: www.webkinz.com.
I was expecting that the main www.webkinz.com site would still be available but only the ads (from ads.webkinz.com) would be blocked, and that worked for a while.
Recently, I added a pile of other unrelated domains to the DNS (and pointed them to 127.0.0.1), but now www.webkinz.com is unreachable.
For testing purposes I renamed the ads.webkinz.com domain to xads.webkinz.com to see if that was the culprit. It wasn't.
telnet www.webkinz.com 80 telnet: could not resolve www.webkinz.com/80: Name or service not known
nslookup www.webkinz.com Server: 192.168.0.2 Address: 192.168.0.2#53
server can't find www.webkinz.com: NXDOMAIN
nslookup ads.webkinz.com Server: 192.168.0.2 Address: 192.168.0.2#53
Non-authoritative answer: Name: ads.webkinz.com Address: 66.48.83.158
matthias@AsusP8H67-MLE:/etc$ nslookup xads.webkinz.com Server: 192.168.0.2 Address: 192.168.0.2#53
Name: xads.webkinz.com Address: 127.0.0.1
OK, so I can resolve ads.webkinz.com but not www.webkinz.com and my DNS server is working as expected as xads was pointed at the local machine.
So whatever happened to www.webkinz.com?
On my Zentyal server under Network->DNS I have three entries:
192.168.0.2 (the server itself) 207.164.234.193 (ISP's DNS server) 207.164.234.129 (ISP's DNS server)
nslookup www.webkinz.com 207.164.234.193
returns a valid entry.
So this leads me to wonder: Under Network->DNS, am I not supposed to use the server itself, to force Squid to check my own DNS entries before it tries to cache something from the net that I don't want?
Also, if the Zentyal server is not hosting a DNS entry, doesn't it default to getting one from one of the two ISP servers? Why would it be that querying my the Zentyal server for www.webkinz.com returns nothing but querying and ISP's server does? It implies that Zentyal isn't forwarding the requests to the ISP when it doesn't have an authoritative answer, but if that was actually true, even trac.zentyal.org shouldn't be working.
It implies that Zentyal is forwarding DNS requests for almost all sites but not for www.webkinz.com, and I just don't understand that.
Can someone A) confirm that the Zentyal server pointing to itself is appropriate and necessary for Squid, and, B) give me a clue as to where I should be looking for a solution to this problem?
BTW. The canonical name for www.webkinz.com, as given by the ISP's DNS server, is a1339.g.akamai.net. and querying Zentyal for akamai.net yeilds "Non-authoritative answer: * Can't find akamai.net: No answer" but deliberatly mis-spelling it akamaai.net yeilds something slightly different: " server can't find akamaai.net: NXDOMAIN"
I suspect this is a configuration problem on my part, but I can't tell for sure. I hate being a noob.
Configuration questions should be posted at http://forum.zentyal.org, this trac is only for reporting bugs. Please ask there, thank you.