Mozilla, ipv6 and BIND
Joseph Fannin
jhf at rivenstone.dyndns.org
Mon Mar 26 04:15:49 UTC 2001
I'm having some trouble with Mozilla (Bugzilla bug #73298) that
seems to be related to ipv6 support in BIND. Mozilla has some support
for ipv6, so it attempts to look up ipv6-type AAAA address records
before looking up "standard" A records. When my resolver is pointed at
my ISP's nameservers, this is fine; but when I use the caching-only BIND
nameserver on my local LAN, all lookups of "ad.doubleclick.net" fail.
(Good riddance, right? Well, no; Mozilla pops up a blocking dialog box
for every link to ad.doubleclick.net in a page -- very annoying).
I'm using the 100% stock RedHat caching-nameserver config of BIND
8.2.3 to eliminate administrator error on my end in my bug hunt, so my
local BIND knows about the loopback address and the root nameserver
hints and looks up everything else itself. Mozilla runs on 192.168.1.2
and the local nameserver runs on 192.168.2.1; the two subnets are joined
at the masquerading router (which has the external DNS
dhcp065-024-121-117.columbus.rr.com). Running tcpdump on the router
during a (failing) attempt to lookup ad.doubleclick.net produces this:
20:57:36.523434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27098+
AAAA? ad.doubleclick.net. (36) (DF)
20:57:36.523434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27098+
AAAA? ad.doubleclick.net. (36) (DF)
20:57:36.533434 eth1 < 192.168.2.1.1028 > 208.211.225.10.domain: 57923
AAAA? gd7.doubleclick.net. (37) (DF)
20:57:36.533434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 >
208.211.225.10.domain: 57923 AAAA? gd7.doubleclick.net. (37) (DF)
20:57:36.593434 eth0 < 208.211.225.10.domain >
dhcp065-024-121-117.columbus.rr.com.1028: 57923- 0/8/8 (365) (DF)
20:57:36.593434 eth1 > 208.211.225.10.domain > 192.168.2.1.1028: 57923-
0/8/8 (365) (DF)
20:57:36.593434 eth1 < 192.168.2.1.1028 >
dcnyadgds2.doubleclick.net.domain: 5488 AAAA? gd7.doubleclick.net. (37) (DF)
20:57:36.593434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 >
dcnyadgds2.doubleclick.net.domain: 5488 AAAA? gd7.doubleclick.net. (37) (DF)
20:57:36.653434 eth0 < dcnyadgds2.doubleclick.net.domain >
dhcp065-024-121-117.columbus.rr.com.1028: 5488 NXDomain- 0/0/0 (37) (DF)
20:57:36.653434 eth1 > dcnyadgds2.doubleclick.net.domain >
192.168.2.1.1028: 5488 NXDomain- 0/0/0 (37) (DF)
20:57:36.663434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27098
NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
20:57:36.663434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27098
NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
20:57:36.663434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27099+
AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
20:57:36.663434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27099+
AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
20:57:36.663434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27099
NXDomain 0/1/0 (112) (DF)
20:57:36.663434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27099
NXDomain 0/1/0 (112) (DF)
20:57:36.663434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27100+ A?
ad.doubleclick.net. (36) (DF)
20:57:36.663434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27100+ A?
ad.doubleclick.net. (36) (DF)
20:57:36.663434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27100
NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
20:57:36.663434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27100
NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
20:57:36.663434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27101+ A?
ad.doubleclick.net.rivenstone.net. (51) (DF)
20:57:36.663434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27101+ A?
ad.doubleclick.net.rivenstone.net. (51) (DF)
20:57:36.673434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27101
NXDomain 0/1/0 (112) (DF)
20:57:36.673434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27101
NXDomain 0/1/0 (112) (DF)
20:57:41.773434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27102+
AAAA? ad.doubleclick.net. (36) (DF)
20:57:41.773434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27102+
AAAA? ad.doubleclick.net. (36) (DF)
20:57:41.783434 eth1 < 192.168.2.1.1028 > 208.211.225.10.domain: 59703
AAAA? gd7.doubleclick.net. (37) (DF)
20:57:41.783434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 >
208.211.225.10.domain: 59703 AAAA? gd7.doubleclick.net. (37) (DF)
20:57:41.823434 eth0 < 208.211.225.10.domain >
dhcp065-024-121-117.columbus.rr.com.1028: 59703- 0/8/8 (365) (DF)
20:57:41.823434 eth1 > 208.211.225.10.domain > 192.168.2.1.1028: 59703-
0/8/8 (365) (DF)
20:57:41.833434 eth1 < 192.168.2.1.1028 > 208.32.211.70.domain: 26398
AAAA? gd7.doubleclick.net. (37) (DF)
20:57:41.833434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 >
208.32.211.70.domain: 26398 AAAA? gd7.doubleclick.net. (37) (DF)
20:57:41.963434 eth0 < 208.32.211.70.domain >
dhcp065-024-121-117.columbus.rr.com.1028: 26398 NXDomain- 0/0/0 (37) (DF)
20:57:41.963434 eth1 > 208.32.211.70.domain > 192.168.2.1.1028: 26398
NXDomain- 0/0/0 (37) (DF)
20:57:41.963434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27102
NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
20:57:41.963434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27102
NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
20:57:41.963434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27103+
AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
20:57:41.963434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27103+
AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
20:57:41.963434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27103
NXDomain 0/1/0 (112) (DF)
20:57:41.963434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27103
NXDomain 0/1/0 (112) (DF)
20:57:41.963434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27104+ A?
ad.doubleclick.net. (36) (DF)
20:57:41.963434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27104+ A?
ad.doubleclick.net. (36) (DF)
20:57:41.963434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27104
NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
20:57:41.963434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27104
NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
20:57:41.973434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27105+ A?
ad.doubleclick.net.rivenstone.net. (51) (DF)
20:57:41.983434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27105+ A?
ad.doubleclick.net.rivenstone.net. (51) (DF)
20:57:41.983434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27105
NXDomain 0/1/0 (112) (DF)
20:57:41.983434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27105
NXDomain 0/1/0 (112) (DF)
The 5th and 6th lines from the bottom seem strange to me. Why would
BIND report "no such domain" and an CNAME record at the same time? For
comparison, here is a tcpdump log of a successful lookup via my ISP's
nameserver (clmboh1-dns3.columbus.rr.com):
21:04:23.773434 eth2 < 192.168.1.2.1039 >
clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net.
(36) (DF)
21:04:23.773434 eth0 > dhcp065-024-121-117.columbus.rr.com.1039 >
clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net.
(36) (DF)
21:04:24.403434 eth0 < clmboh1-dns3.columbus.rr.com.domain >
dhcp065-024-121-117.columbus.rr.com.1039: 57077 ServFail 1/0/0 CNAME
gd7.doubleclick.net. (54) (DF)
21:04:24.403434 eth2 > clmboh1-dns3.columbus.rr.com.domain >
192.168.1.2.1039: 57077 ServFail 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
21:04:24.403434 eth2 < 192.168.1.2.1039 >
clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net.
(36) (DF)
21:04:24.403434 eth0 > dhcp065-024-121-117.columbus.rr.com.1039 >
clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net.
(36) (DF)
21:04:24.983434 eth0 < clmboh1-dns3.columbus.rr.com.domain >
dhcp065-024-121-117.columbus.rr.com.1039: 57077 1/0/0 CNAME
gd7.doubleclick.net. (72) (DF)
21:04:24.983434 eth2 > clmboh1-dns3.columbus.rr.com.domain >
192.168.1.2.1039: 57077 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
21:04:24.983434 eth2 < 192.168.1.2.1039 >
clmboh1-dns3.columbus.rr.com.domain: 57078+ A? ad.doubleclick.net. (36) (DF)
21:04:24.983434 eth0 > dhcp065-024-121-117.columbus.rr.com.1039 >
clmboh1-dns3.columbus.rr.com.domain: 57078+ A? ad.doubleclick.net. (36) (DF)
21:04:25.013434 eth0 < clmboh1-dns3.columbus.rr.com.domain >
dhcp065-024-121-117.columbus.rr.com.1039: 57078 2/8/8 CNAME
gd7.doubleclick.net., A ad.us.doubleclick.net (398) (DF)
21:04:25.013434 eth2 > clmboh1-dns3.columbus.rr.com.domain >
192.168.1.2.1039: 57078 2/8/8 CNAME gd7.doubleclick.net., A
ad.us.doubleclick.net (398) (DF)
21:04:25.013434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: S
1225558505:1225558505(0) win 5840 <mss 1460,sackOK,timestamp 29465282
0,nop,wscale 0> (DF)
21:04:25.013434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
ad.us.doubleclick.net.www: S 1225558505:1225558505(0) win 5840 <mss
1460,sackOK,timestamp 29465282 0,nop,wscale 0> (DF) [tos 0x10]
21:04:25.053434 eth0 < ad.us.doubleclick.net.www >
dhcp065-024-121-117.columbus.rr.com.1421: S 1649240000:1649240000(0) ack
1225558506 win 8760 <mss 1460>
21:04:25.053434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: S
1649240000:1649240000(0) ack 1225558506 win 8760 <mss 1460>
21:04:25.063434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: .
1:1(0) ack 1 win 5840 (DF)
21:04:25.063434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
ad.us.doubleclick.net.www: . 1:1(0) ack 1 win 5840 (DF) [tos 0x10]
21:04:25.063434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: P
1:378(377) ack 1 win 5840 (DF)
21:04:25.063434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
ad.us.doubleclick.net.www: P 1:378(377) ack 1 win 5840 (DF) [tos 0x10]
21:04:25.113434 eth0 < ad.us.doubleclick.net.www >
dhcp065-024-121-117.columbus.rr.com.1421: P 1:441(440) ack 378 win 8383
21:04:25.113434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: P
1:441(440) ack 378 win 8383
21:04:25.113434 eth0 < ad.us.doubleclick.net.www >
dhcp065-024-121-117.columbus.rr.com.1421: F 441:441(0) ack 378 win 8383
21:04:25.113434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: F
441:441(0) ack 378 win 8383
21:04:25.113434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: .
378:378(0) ack 441 win 6432 (DF)
21:04:25.113434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
ad.us.doubleclick.net.www: . 378:378(0) ack 441 win 6432 (DF) [tos 0x10]
21:04:25.113434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: F
378:378(0) ack 442 win 6432 (DF)
21:04:25.113434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
ad.us.doubleclick.net.www: F 378:378(0) ack 442 win 6432 (DF) [tos 0x10]
21:04:25.163434 eth0 < ad.us.doubleclick.net.www >
dhcp065-024-121-117.columbus.rr.com.1421: . 442:442(0) ack 379 win 8383
21:04:25.163434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: .
442:442(0) ack 379 win 8383
Is this an obvious misconfiguration on my (RedHat's) part? A bug in
BIND? A bug in Mozilla? The result of botched DNS records at
doubleclick.net? Or all four? I'm a bit over my head on this one,
trying to at least narrow the problem down to one system; can anyone see
where the problem lies? Any help would be appreciated.
--
Joseph Fannin
jhf at rivenstone.net
More information about the bind-users
mailing list