Why does not "dig" work?

Wed Feb 23 06:49:11 UTC 2000

	ns1.pubnetplus.ne.kr is sending back answers from the wrong IP address
	for both UDP and TCP.  Its kernel is broken.

	The most probable reason for the different responses is differing
	versions of the resolver library.  Modern resolver libraries block
	answers from the wrong address either at the UDP layer or in the
	library itself.  A new dig and a old nslookup would give this sought
	of responses.

	Mark

tcpdump -n udp port 53 or icmp
tcpdump: listening on se0
17:11:34.610987 130.155.191.233.2207 > 210.220.16.7.53: 44039 A? www.cisco.com. (31)
17:11:35.624778 210.220.16.241.53 > 130.155.191.233.2207: 44039 1/2/2 (124)
17:11:35.624948 130.155.191.233 > 210.220.16.241: icmp: 130.155.191.233 udp port 2207 unreachable
17:11:39.610311 130.155.191.233.2207 > 210.220.16.7.53: 44039 A? www.cisco.com. (31)
17:11:40.706208 210.220.16.241.53 > 130.155.191.233.2207: 44039 1/2/2 (124)
17:11:40.706381 130.155.191.233 > 210.220.16.241: icmp: 130.155.191.233 udp port 2207 unreachable
17:11:49.610217 130.155.191.233.2207 > 210.220.16.7.53: 44039 A? www.cisco.com. (31)
17:11:50.766606 210.220.16.241.53 > 130.155.191.233.2207: 44039 1/2/2 (124)
17:11:50.766773 130.155.191.233 > 210.220.16.241: icmp: 130.155.191.233 udp port 2207 unreachable
^C
11 packets received by filter
0 packets dropped by kernel


tcpdump -n tcp port 53 or icmp
tcpdump: listening on se0
17:41:09.017099 130.155.191.233.1430 > 210.220.16.7.53: S 2458963027:2458963027(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 521820 0> (DF)
17:41:10.135638 210.220.16.241.53 > 130.155.191.233.1430: S 4079833559:4079833559(0) ack 2458963028 win 32736 <mss 1460>
17:41:10.135793 130.155.191.233.1430 > 210.220.16.241.53: R 2458963028:2458963028(0) win 0
17:41:10.990187 130.155.191.233.1430 > 210.220.16.7.53: S 2458963027:2458963027(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 521823 0> (DF)
17:41:12.157842 210.220.16.241.53 > 130.155.191.233.1430: S 4081854564:4081854564(0) ack 2458963028 win 32736 <mss 1460>
17:41:12.157997 130.155.191.233.1430 > 210.220.16.241.53: R 2458963028:2458963028(0) win 0
17:41:14.990199 130.155.191.233.1430 > 210.220.16.7.53: S 2458963027:2458963027(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 521831 0> (DF)
17:41:16.168705 210.220.16.241.53 > 130.155.191.233.1430: S 4085859793:4085859793(0) ack 2458963028 win 32736 <mss 1460>
17:41:16.168860 130.155.191.233.1430 > 210.220.16.241.53: R 2458963028:2458963028(0) win 0
17:41:22.990170 130.155.191.233.1430 > 210.220.16.7.53: S 2458963027:2458963027(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 521847 0> (DF)
17:41:24.134010 210.220.16.241.53 > 130.155.191.233.1430: S 4093826743:4093826743(0) ack 2458963028 win 32736 <mss 1460>
17:41:24.134165 130.155.191.233.1430 > 210.220.16.241.53: R 2458963028:2458963028(0) win 0
17:41:38.990194 130.155.191.233.1430 > 210.220.16.7.53: S 2458963027:2458963027(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 521879 0> (DF)
17:41:40.075879 210.220.16.241.53 > 130.155.191.233.1430: S 4109761718:4109761718(0) ack 2458963028 win 32736 <mss 1460>
17:41:40.076031 130.155.191.233.1430 > 210.220.16.241.53: R 2458963028:2458963028(0) win 0
17:42:10.990207 130.155.191.233.1430 > 210.220.16.7.53: S 2458963027:2458963027(0) win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 521943 0> (DF)
17:42:12.111197 210.220.16.242.53 > 130.155.191.233.1430: S 2377183844:2377183844(0) ack 2458963028 win 32736 <mss 1460>
17:42:12.111357 130.155.191.233.1430 > 210.220.16.242.53: R 2458963028:2458963028(0) win 0
^C
21 packets received by filter
0 packets dropped by kernel

> 
> Hi all!
> When I use "dig" command on my server(203.248.240.x), it doesn't work.
> But when I use "nslookup" command, it does work.
> What makes these difference?
> Could you explain this problem?
> Thank you!!!!
> 
> When I use dig :
> [root cidr]# dig @ns.pubnetplus.ne.kr www.cisco.com a
> 
> ; <<>> DiG 8.2 <<>> @ns.pubnetplus.ne.kr www.cisco.com a
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; res_nsend to server ns.pubnetplus.ne.kr  210.220.16.7: Connection timed ou
> t
> 
> When I use nslookup :
> > server ns.pubnetplus.ne.kr
> Default Server:  ns.pubnetplus.ne.kr
> Address:  210.220.16.7
> 
> > www.cisco.com.
> Server:  ns.pubnetplus.ne.kr
> Address:  210.220.16.7
> 
> Non-authoritative answer:
> Name:    www.cisco.com
> Address:  198.133.219.25
> 
>  
> 
> ==========================
> µ¥ÀÌÄÞ 
> ÀÎÅÍ³Ý ÃßÁøº»ºÎ º¸¶ó³Ý ¿î¿ëÆÀ
> ÀÌÈñº¹
> TEL : +82 2 2220-7419
> FAX : +82 2 2220-7429
> 
> 
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com