A customer in Ohio called me early this morning. Mail was not working and browsing was also intermittently failing. This had also happened to him two days earlier, but before I could locate a cause, it had mysteriously fixed itself. But here it was again.

Notice my email in that log: it says my aplawrence.com domain does not exist. Well, that's wrong..

I first logged into his email server with ssh and confirmed that it could not resolve hosts. His /etc/resolv.conf pointed at the Kerio Control firewall, so I checked there. Oddly, Ip Tools there could resolve hosts. What could be wrong?

I turned on DNS debugging and could see that it was contacting Google's public servers as it was configured to. However, it was saying that responses were truncated. I tried switching the DNS to their ISP's DNS, but nothing changed. At that point, I called Kerio.

After some false starts and rechecking of things I had already done, Vladimir at Kerio suggested trying a Czech DNS server: That started working instantly.

So what's going on? I'm not sure. I think maybe Google is having a local problem there and maybe IP Tools ignores the truncate bit? Maybe the ISP is using Google DNS itself? I do not know. I have posted to Google's public DNS forum to notify them of the error; I've seen no response yet.

