cannot resolve one address, others fine

[James A Griffin]

Good clue, Peter.  

Most likely mcrc22.med.nyu.edu is running MS Win NT 4 without the fix
for multihomed hosts.  Saw a problem with email and http on a government
intranet about 3 years ago.  The agency with the server never did get it
fixed.  There is a MS Knowledge Base entry that I found at the time, but
given the inter-agency 'issues' (think politics) it was easier for the
agency using Solaris to solve the problem by dropping the inter-agency
circuit so all the traffic went over the public Internet.  Someone may
want to run nmap -O. <Additional remarks censored and deleted>

Regards,

Jim

peter at icke-reklam.ipsec.nu.invalid wrote:
> 
> Jeff Berliner <jeff at endeavor.med.nyu.edu> wrote:
> 
> Maybe a clue :
> 
> this server seems to use several addresses, both 128.122.244.5 (mcrc22.med.nyu.edu.)
> and 5.244.122.128.in-addr.arpa.  1H IN PTR  mcrc22.med.nyu.edu.
> 
> As many hosts it is confused by this and when i ask a question :
> sweet% dig datek.com @128.122.244.5 ns
> 
> My quiestion goes out, byt the reply comes from another address ( which
> my fw cuts off. If the firewall didn't cut it my bind would.
> 
> It's simply doing wrong.
> 
> gw:peter {103} tcpdump host sweet.manet.nu
> tcpdump: listening on rl0
> 21:53:02.234049 sweet.manet.nu.4033 > mcrc22.med.nyu.edu.domain:  6+ NS? datek.com. (27)
> 21:53:07.228269 sweet.manet.nu.4033 > mcrc22.med.nyu.edu.domain:  6+ NS? datek.com. (27)
> 21:53:09.177648 mcs01-ext.med.nyu.edu.601 > sweet.manet.nu.4033:  udp 128 (DF)
> 
> Peter h
> >     For the past few days I've been dealing with a most perplexing
> > problem.  An otherwise fully functional nameserver on my
> > network (128.122.244.5) cannot resolve the address for
> > www.datek.com.  What makes this more troubling is that I can resolve
> > the name using other networks' dns machines.
> 
> >     More perplexing is that I _am_ able, with nslookup, to connect to
> > and resolve the names of datek.com's nameservers.  And querying those
> > directly I can resolve the name.  This, plus the fact that I can
> > access the website if I use an IP address, lead me to believe that we
> > have not somehow been blocked intentionally.
> 
> >      My next thought was that something poisoned the cache of my ns,
> > but I've cleared it, and also killed/restarted named, to no avail.  I
> > fear that I'm missing something obvious here, but I am at a loss to
> > explain it.  Any help is appreciated.  If I can provide more info,
> > please let me know.  Thanks!
> 
> > % nslookup
> > Default Server:  mcrc22.med.nyu.edu
> > Address:  128.122.244.5
> 
> >> datek.com
> > Server:  mcrc22.med.nyu.edu
> > Address:  128.122.244.5
> 
> > *** mcrc22.med.nyu.edu can't find datek.com: Non-existent host/domain
> >> ns.datek.com
> > Server:  mcrc22.med.nyu.edu
> > Address:  128.122.244.5
> 
> > Non-authoritative answer:
> > Name:    ns.datek.com
> > Address:  209.3.82.11
> 
> >> server 209.3.82.11
> > Default Server:  ns.hrld.com
> > Address:  209.3.82.11
> 
> >> datek.com
> > Server:  ns.hrld.com
> > Address:  209.3.82.11
> 
> > Name:    datek.com
> > Addresses:  209.191.156.89, 209.191.132.6
> 
> >>
> 
> >                                                      - Jeff
> 
> > --
> > Jeff Berliner
> > jeff at popmail.med.nyu.edu
> > Information Technology,                         Phone: (212) 263-2501
> > New York University School of Medicine  Fax:   (212) 263-8542
> 
> --
> Peter Håkanson               Phone     +46707328101       Fax +4631223190
> IPSec sverige                Email      peter at ipsec.nu
> "Safe by design"             Address    Bror Nilssons gata 16  Lundbystrand
>                                         S-417 55  Gothenburg   Sweden