I’m not sure if this is related to Cloudmin or not but it is a mighty strange issue that I’m struggling to get to the bottom of. I’ve posted the question over at Server Fault and the kind people there have troubleshooted with me, but I thought that as my local DNS server is running Cloudmin, that I can scratch that off the list for being a misconfiguration issue.
http://serverfault.com/questions/443663/bind-dns-strange-behaviour-resolving-dns/443708
Thanks for your time,
Paul
Howdy,
Yeah, that connection timed out error is a bit unusual… do you receive that for any other lookups as well? Or just the one you showed there?
When that occurs, are you seeing any errors in any of your logs?
-Eric
Hi Eric,
Yeah it occurs on a few domains, code.jquery.com, and cdn.sublimevideo.net to name another one. i just cant see why my local dns lookup would be blocked on certain domains.
Paul
I’d start out by checking the exact delegation path of the problematic domain, using dig domainthatdoesntwork.com +trace. You might want to post the result here for further inspection. 
Does the problem occur with all third-level domains?
Ok, a bit more digging and i’ve come up with this. These cant be resolved:
code.jquery.com (jquery.com is resolved) - edgecast
cdn.sublimevideo.net (sublimevideo.net resolved) - edgecast
However I can access:
code.google.com
en.wikipedia.org
help.yahoo.com
However, I cant access http://www.edgecast.com/ which is the cdn for sublime and jquery. So it is sounding highly likely (as said in discussions from serverfault) that my ip address is being blocked by edgecast when doing dns lookups?
Can you please, as I requested, post the result of a “dig +trace” for a domain that doesn’t work?
sure:
dig edgecastcdn.net +trace
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.5 <<>> edgecastcdn.net +trace
;; global options: +cmd
. 336970 IN NS c.root-servers.net.
. 336970 IN NS j.root-servers.net.
. 336970 IN NS m.root-servers.net.
. 336970 IN NS l.root-servers.net.
. 336970 IN NS i.root-servers.net.
. 336970 IN NS d.root-servers.net.
. 336970 IN NS b.root-servers.net.
. 336970 IN NS k.root-servers.net.
. 336970 IN NS f.root-servers.net.
. 336970 IN NS e.root-servers.net.
. 336970 IN NS h.root-servers.net.
. 336970 IN NS a.root-servers.net.
. 336970 IN NS g.root-servers.net.
;; Received 508 bytes from 127.0.0.1#53(127.0.0.1) in 4 ms
net. 172800 IN NS a.gtld-servers.net.
net. 172800 IN NS b.gtld-servers.net.
net. 172800 IN NS c.gtld-servers.net.
net. 172800 IN NS d.gtld-servers.net.
net. 172800 IN NS e.gtld-servers.net.
net. 172800 IN NS f.gtld-servers.net.
net. 172800 IN NS g.gtld-servers.net.
net. 172800 IN NS h.gtld-servers.net.
net. 172800 IN NS i.gtld-servers.net.
net. 172800 IN NS j.gtld-servers.net.
net. 172800 IN NS k.gtld-servers.net.
net. 172800 IN NS l.gtld-servers.net.
net. 172800 IN NS m.gtld-servers.net.
;; Received 490 bytes from 193.0.14.129#53(193.0.14.129) in 923 ms
edgecastcdn.net. 172800 IN NS ns1.edgecastcdn.net.
edgecastcdn.net. 172800 IN NS ns2.edgecastcdn.net.
;; Received 101 bytes from 192.43.172.30#53(192.43.172.30) in 11066 ms
;; connection timed out; no servers could be reached
Okay, it indeed seems that for some reason DNS requests from your test system to “ns*.edgecastcdn.net” are blocked.
The IPs are as follows:
edgecastcdn.net. 3600 IN A 93.184.221.133
edgecastcdn.net. 172800 IN NS ns1.edgecastcdn.net.
edgecastcdn.net. 172800 IN NS ns2.edgecastcdn.net.
;; Received 188 bytes from 72.21.80.5#53(ns1.edgecastcdn.net) in 7 ms
ns1.edgecastcdn.net. 172703 IN A 72.21.80.5
ns2.edgecastcdn.net. 172800 IN A 72.21.80.6
You might want to try “mtr” to trace the route to those nameservers and see where it fails. It should look like this if it works okay:
[code] Host Loss% Snt Last Avg Best Wrst StDev