cannot resolve one address, others fine
James A Griffin
agriffin at cpcug.org
Wed Mar 14 03:17:25 UTC 2001
Good clue, Peter.
Most likely mcrc22.med.nyu.edu is running MS Win NT 4 without the fix
for multihomed hosts. Saw a problem with email and http on a government
intranet about 3 years ago. The agency with the server never did get it
fixed. There is a MS Knowledge Base entry that I found at the time, but
given the inter-agency 'issues' (think politics) it was easier for the
agency using Solaris to solve the problem by dropping the inter-agency
circuit so all the traffic went over the public Internet. Someone may
want to run nmap -O. <Additional remarks censored and deleted>
Regards,
Jim
peter at icke-reklam.ipsec.nu.invalid wrote:
>
> Jeff Berliner <jeff at endeavor.med.nyu.edu> wrote:
>
> Maybe a clue :
>
> this server seems to use several addresses, both 128.122.244.5 (mcrc22.med.nyu.edu.)
> and 5.244.122.128.in-addr.arpa. 1H IN PTR mcrc22.med.nyu.edu.
>
> As many hosts it is confused by this and when i ask a question :
> sweet% dig datek.com @128.122.244.5 ns
>
> My quiestion goes out, byt the reply comes from another address ( which
> my fw cuts off. If the firewall didn't cut it my bind would.
>
> It's simply doing wrong.
>
> gw:peter {103} tcpdump host sweet.manet.nu
> tcpdump: listening on rl0
> 21:53:02.234049 sweet.manet.nu.4033 > mcrc22.med.nyu.edu.domain: 6+ NS? datek.com. (27)
> 21:53:07.228269 sweet.manet.nu.4033 > mcrc22.med.nyu.edu.domain: 6+ NS? datek.com. (27)
> 21:53:09.177648 mcs01-ext.med.nyu.edu.601 > sweet.manet.nu.4033: udp 128 (DF)
>
> Peter h
> > For the past few days I've been dealing with a most perplexing
> > problem. An otherwise fully functional nameserver on my
> > network (128.122.244.5) cannot resolve the address for
> > www.datek.com. What makes this more troubling is that I can resolve
> > the name using other networks' dns machines.
>
> > More perplexing is that I _am_ able, with nslookup, to connect to
> > and resolve the names of datek.com's nameservers. And querying those
> > directly I can resolve the name. This, plus the fact that I can
> > access the website if I use an IP address, lead me to believe that we
> > have not somehow been blocked intentionally.
>
> > My next thought was that something poisoned the cache of my ns,
> > but I've cleared it, and also killed/restarted named, to no avail. I
> > fear that I'm missing something obvious here, but I am at a loss to
> > explain it. Any help is appreciated. If I can provide more info,
> > please let me know. Thanks!
>
> > % nslookup
> > Default Server: mcrc22.med.nyu.edu
> > Address: 128.122.244.5
>
> >> datek.com
> > Server: mcrc22.med.nyu.edu
> > Address: 128.122.244.5
>
> > *** mcrc22.med.nyu.edu can't find datek.com: Non-existent host/domain
> >> ns.datek.com
> > Server: mcrc22.med.nyu.edu
> > Address: 128.122.244.5
>
> > Non-authoritative answer:
> > Name: ns.datek.com
> > Address: 209.3.82.11
>
> >> server 209.3.82.11
> > Default Server: ns.hrld.com
> > Address: 209.3.82.11
>
> >> datek.com
> > Server: ns.hrld.com
> > Address: 209.3.82.11
>
> > Name: datek.com
> > Addresses: 209.191.156.89, 209.191.132.6
>
> >>
>
> > - Jeff
>
> > --
> > Jeff Berliner
> > jeff at popmail.med.nyu.edu
> > Information Technology, Phone: (212) 263-2501
> > New York University School of Medicine Fax: (212) 263-8542
>
> --
> Peter Håkanson Phone +46707328101 Fax +4631223190
> IPSec sverige Email peter at ipsec.nu
> "Safe by design" Address Bror Nilssons gata 16 Lundbystrand
> S-417 55 Gothenburg Sweden
More information about the bind-users
mailing list