name resolution questions - bad queries
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Mon Feb 25 00:36:04 UTC 2002
>
> hi all,
>
> playing with ethereal, Ive found that some name queries which should be
> answered by /etc/hosts are trickling into ROOT nameservers. This
> appears to correct itself after the 1st try, but the whole thing hints
> that my 'private' domain-name is leaking out..
>
>
> #/etc/host.conf
> order hosts,bind
>
> #/etc/hosts
> 192.168.100.1
> groucho.vnet
> 192.168.100.2
> harpo.vnet
> 192.168.1.1
> groucho.dmz
> 192.168.1.2
> harpo.dmz
>
> #/etc/resolv.conf
> # dont have dns on localhost
> # nameserver 127.0.0.1
> nameserver 192.168.1.1
> nameserver 206.196.128.1
> nameserver 204.147.80.5
>
>
> so I capture 'port domain' packets with ethereal,
> ssh from harpo.dmz to groucho.dmz,
> and get following:
>
>
> [jimc at harpo jimc]$ more name-resolve
> No. Time Source Destination
> Protocol Info
> 1 0.000000 harpo.dmz groucho.dmz DNS
> Standard query AAAA groucho.vnet
> 2 0.002565 10.0.0.3 b.root-servers.net DNS
> Standard query AAAA groucho.vnet
> 3 0.121574 b.root-servers.net 10.0.0.3 DNS
> Standard query response, No such name
> 4 0.122976 groucho.dmz harpo.dmz DNS
> Standard query response, No such name
> 5 0.123412 harpo.dmz groucho.dmz DNS
> Standard query AAAA groucho.vnet.jimc.earth
> 6 0.125094 10.0.0.3 a.root-servers.net DNS
> Standard query AAAA groucho.vnet.jimc.earth
> 7 0.228021 a.root-servers.net 10.0.0.3 DNS
> Standard query response, No such name
> 8 0.229215 groucho.dmz harpo.dmz DNS
> Standard query response, No such name
> 9 26.852387 harpo.dmz groucho.dmz DNS
> Standard query AAAA groucho.vnet
> 10 26.853501 groucho.dmz harpo.dmz DNS
> Standard query response, No such name
> 11 26.853849 harpo.dmz groucho.dmz DNS
> Standard query AAAA groucho.vnet.jimc.earth
> 12 26.854840 groucho.dmz harpo.dmz DNS
> Standard query response, No such name
>
>
> so questions are lettered, after line that prompts them
>
>
> line 1. harpo queries my caching DNS server. (groucho.dmz)
>
> a-
> harpo queries groucho.dmz (see resolv.conf) for
> (oddly enough) groucho.dmz
> b-
> why is it doing IPv6 query ?
Because you have a IPv6 capable OS.
>
> line 2. caching DNS server prompts questions
>
> a- why is a DNS query is run when the answer is in /etc/hosts
But the answer isn't in /etc/hosts. You have no IPv6 addresses
for these machine in /etc/hosts so the lookup proceeds to use
the DNS.
> b- Im querying b.root-servers.net. Why wasnt this my nameserver ?
> did it pass on the query to root for some reason
Well the default resolution path is to ask the root servers and
work down from there. If you don't want to query the root servers
you need to pre-configure your nameservers with knowledge about
where to get the answers for the domains being looked up.
>
> line 5, query is re-tried, after tacking on my 'private' domain name.
>
> a-
> is re-try due to groucho's /etc/resolv.conf line:
> 'search jimc.earth' - should I remove this line ?
It's due to the search directive. Removal is up to you but if
yuo don't remove it you should ensure that your nameserver knows
how to answer for this zone without going to the root servers.
Same with "vnet" and "dmz".
> line 9. 26 seconds later I do another ssh groucho.dmz
>
> this time, root-server is not queried - DNS on groucho.dmz
> remembers the bad lookup, and doesnt try again..
Well negative caching works.
>
> The problems seem to start in ssh,
>
> [jimc at groucho jimc]$ ssh -v
> OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
>
>
> have I missed or misinterpreted something ?
> any free advice ?
>
> tia,
> jimc
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list