Project

General

Profile

Bug #2725

Setting DNS to UCSB servers breaks resolution at ORC

Added by Dave Vieglais over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Dave Vieglais
Category:
Support Operations
Target version:
Sprint-2012.21-Block.3.3
Start date:
2012-05-09
Due date:
% Done:

100%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

Setting resolv.conf as:

search dataone.org
nameserver 128.111.220.18
nameserver 128.111.220.16
nameserver 174.37.196.55
nameserver 8.8.8.8
nameserver 8.8.4.4

breaks DNS resolution. Moving the google name servers to the top of the list restores normal operations.

This issue may affect responsiveness to the situation where a CN is taken offline by removing from rr-dns.

History

#1 Updated by Dave Vieglais over 12 years ago

Might be a configuration issue with DNS at UCSB?

e.g. with 128.111.220.18 as primary DNS:

vieglais@cn-orc-1:~$ nslookup security.ubuntu.com
;; Got recursion not available from 128.111.220.18, trying next server
;; Got recursion not available from 128.111.220.16, trying next server
;; Got recursion not available from 128.111.220.18, trying next server
;; Got recursion not available from 128.111.220.16, trying next server
Server: 174.37.196.55
Address: 174.37.196.55#53

** server can't find security.ubuntu.com: NXDOMAIN

#2 Updated by Dave Vieglais over 12 years ago

  • Category changed from Environment.Production to Support Operations

Issue is that recursion is not enabled at either the UCSB or afraid.org name servers. This means that for resolv.conf should probably be configured with

search dataone.org
nameserver 128.111.220.18
nameserver 174.37.196.55
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 128.111.220.16

Note that for 10.04, MAXNS, the maximum number of nameservers used in resolve.conf, is 3. So in the example above, resolve will check 128.111.220.18, which will be ok for dataone.org addresses but will fail for most everything else. 174.37.196.55 will be tried next, and will similarly fail for some addresses. Finally 8.8.8.8 will be tried next, and that nameserver should always work.

This approach gives highest priority to dataone.org names, and so should be responsive to changes in rr-dns for the environment.

Changing category to general operations, since this will affect all installations.

#3 Updated by Dave Vieglais over 12 years ago

  • Status changed from New to Closed

Suggested configuration appears to be working fine.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)