Previous | Table of Contents | Next |
Youll start off your Internet connection adventure by doing the same kinds of things
This router or firewall is called the choke point because its the point at which all traffic could get choked off if it malfunctions.
youd normally do internally. The easy part of Internet troubleshooting is that because you more than likely only have one router or firewall, its pretty easy to point the finger at whats down if you cannot get to the Internet at all.
If you cannot ping an address right outside your firewall, router, or proxy server, you have a pretty good idea that your choke point is down. Remember to ping by IP address rather than DNS nameyou always want to make sure that IP connections work before dragging name resolution into the picture. (If IP connections arent working, you can bet your bottom dollar that DNS resolution isnt working either.)
How do you know what address to ping? Good question! You can ask your provider for the far side address of its router. (No, thats not a router with snakes, cows, chickens,
You can also use traceroute to trace your path to your favorite WWW address while everything is working and then write down the second hop that traceroute reports. This is probably the far side address of your ISPs router.
and a bizarre sense of humor. Its the router interface farthest from youthe end that isnt connected to your system.) You could also simply keep the IP addresses of several reliable Internet hosts handy. Usually, a ping will resolve a DNS name to an IP address, so just ping a couple of your favorite WWW addresses and write them down.
My preference tends to be to ping my ISP first and then ping an outside address. If your ISP link is up but you cant get to anything else, your link to your ISP could be fine but the ISPs link to the outside world may be having problems. Although your ISP probably already knows that its having problems with its link to the outside world, it couldnt hurt to call and report this.
Suppose your IP connectivity is okay. However, although you can ping by IP addresses all day, the second you bring a domain name into the picture, your browser barfs. No problem! Lets take a look at the types of DNS problems youre likely to see:
For either type of problem, the tool of choice is nslookup. The nslookup tool allows you to connect to a given DNS server and find out what that DNS server thinks about things.
Using Windows 95 or 98? Bummer! Although Microsoft has an exact UNIX-like version of nslookup for NT, for some reason, it doesnt supply this program with Windows 95/98. Fret not. You can find reasonable equivalents by searching your local shareware site (www.shareware.com, www.tucows.com, and so on) for nslookup. I cant find the exact equivalent out there, but several programs offer nslookup-like functionality, including these:
- dns11.zip
- nsb32-5.zip
- lookup.zip
- setuptk.exe
In other words, when you ping, youre forced to use the DNS server configured into your TCP/IP stack, but nslookup allows you to bypass this and choose which server to talk to. You can specify servers by IP address (when name resolution isnt working at all) or by name (when youre trying to track down a strange problem) and tell nslookup what type of information to give back to you.
The DNS Hierarchy
To be able to use the nslookup tool effectively, youll need to know the basics of the DNS hierarchy. Like your hard drive, the DNS has so many individual records that its separated into many different levels (folders on your hard drive; zones in the DNS world). Take a look at Figure 19.6. Its drawn as a tree, and you read it from the top down (dots separate the zones). Not too bad, right? Thats the way the entire DNS is organized.
Figure 19.6 DNS zones, like the folders on your hard drive, are arranged in a tree structure.
Now lets consider how this is implemented in real life. Each zone is usually handled by one primary server and several secondary servers. How does everybody know which server is responsible for which zone? Each zone also has a special record called the SOA, which stands for start of authority. Each zones SOA record details which servers are responsible for that zone, and, among other administrative records, contain contact information for the party responsible for that zone.
Although secondary servers get their information from the primary server for the zone, they otherwise act exactly like a primary server for the zone. Furthermore, the secondary servers may live at any IP addressthey do not have to be geographically or physically close to the primary server. The zone is a logical concept and has no physical restraints.
Finally, because DNS is hierarchical, if the DNS server that you use does not know the answer for a DNS query, it must kick the query up the tree to the zone server above it to see if it can get an answer. If it does get an answer, it stores the answer in its cache. That way, if it gets asked for the same hostname again, it can give an answer back to the DNS client without having to query the zone above it.
With this information in mind, lets look at a real-world inside-to-outside DNS problem.
Previous | Table of Contents | Next |