Intermitting problems with resolutions in caching name server
Jean Paul Gatt
ganniterix at gmail.com
Mon Dec 22 07:48:05 UTC 2008
Marc, Thanks for the reply.
I am particularly agreeable to your answer, in fact it was roaming my head,
but I was trying not to suggest it :-) to see if someone came up with it!
In fact i'm observing the same kind of behaviour also with Windows DNS
server
on windows 2003. My NAT box is running ddwrt 0.24. I am running dnsmasq on
it,
but I don't think it's responsible for intercepting my queries. DNSmasq
itself is
just forwarding queries to the ISP DNS servers. I am trying to avoid
forwarind queries
to the ISP servers in my setup!!!
Is it is common for ISP's to do this kind of proxying?
On Mon, Dec 22, 2008 at 3:01 AM, Mark Andrews <Mark_Andrews at isc.org> wrote:
>
> Looks like someone is running a "transparent" DNS proxy and
> is intercepting your queries. You see these sorts of results
> in hotels which just re-direct all DNS queries to a local
> recursive server.
>
> First thing I would be looking at is your NAT box and making
> sure it is not doing the interception.
>
> For reference below is what the responses should look like.
>
> Note the servers for redhat.com are allowing you to see
> their cache contents so the final answer for that query
> may vary.
>
> Mark
>
> ; <<>> DiG 9.3.5-P2 <<>> +trace www.google.com
> ;; global options: printcmd
> . 471722 IN NS l.root-servers.net.
> . 471722 IN NS h.root-servers.net.
> . 471722 IN NS j.root-servers.net.
> . 471722 IN NS e.root-servers.net.
> . 471722 IN NS d.root-servers.net.
> . 471722 IN NS c.root-servers.net.
> . 471722 IN NS i.root-servers.net.
> . 471722 IN NS g.root-servers.net.
> . 471722 IN NS b.root-servers.net.
> . 471722 IN NS f.root-servers.net.
> . 471722 IN NS k.root-servers.net.
> . 471722 IN NS m.root-servers.net.
> . 471722 IN NS a.root-servers.net.
> ;; Received 504 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
>
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS b.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS j.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> ;; Received 492 bytes from 2001:500:3::42#53(l.root-servers.net) in 175 ms
>
> google.com. 172800 IN NS ns1.google.com.
> google.com. 172800 IN NS ns2.google.com.
> google.com. 172800 IN NS ns3.google.com.
> google.com. 172800 IN NS ns4.google.com.
> ;; Received 168 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in
> 367 ms
>
> www.google.com. 604800 IN CNAME www.l.google.com.
> l.google.com. 86400 IN NS a.l.google.com.
> l.google.com. 86400 IN NS e.l.google.com.
> l.google.com. 86400 IN NS b.l.google.com.
> l.google.com. 86400 IN NS d.l.google.com.
> l.google.com. 86400 IN NS g.l.google.com.
> l.google.com. 86400 IN NS f.l.google.com.
> l.google.com. 86400 IN NS c.l.google.com.
> ;; Received 276 bytes from 216.239.32.10#53(ns1.google.com) in 186 ms
>
>
>
> ; <<>> DiG 9.3.5-P2 <<>> +trace www.redhat.com
> ;; global options: printcmd
> . 471702 IN NS g.root-servers.net.
> . 471702 IN NS h.root-servers.net.
> . 471702 IN NS l.root-servers.net.
> . 471702 IN NS k.root-servers.net.
> . 471702 IN NS b.root-servers.net.
> . 471702 IN NS a.root-servers.net.
> . 471702 IN NS f.root-servers.net.
> . 471702 IN NS j.root-servers.net.
> . 471702 IN NS e.root-servers.net.
> . 471702 IN NS i.root-servers.net.
> . 471702 IN NS m.root-servers.net.
> . 471702 IN NS c.root-servers.net.
> . 471702 IN NS d.root-servers.net.
> ;; Received 504 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
>
> com. 172800 IN NS C.GTLD-SERVERS.NET.
> com. 172800 IN NS M.GTLD-SERVERS.NET.
> com. 172800 IN NS E.GTLD-SERVERS.NET.
> com. 172800 IN NS H.GTLD-SERVERS.NET.
> com. 172800 IN NS K.GTLD-SERVERS.NET.
> com. 172800 IN NS L.GTLD-SERVERS.NET.
> com. 172800 IN NS G.GTLD-SERVERS.NET.
> com. 172800 IN NS J.GTLD-SERVERS.NET.
> com. 172800 IN NS B.GTLD-SERVERS.NET.
> com. 172800 IN NS I.GTLD-SERVERS.NET.
> com. 172800 IN NS F.GTLD-SERVERS.NET.
> com. 172800 IN NS D.GTLD-SERVERS.NET.
> com. 172800 IN NS A.GTLD-SERVERS.NET.
> ;; Received 492 bytes from 192.112.36.4#53(g.root-servers.net) in 226 ms
>
> redhat.com. 172800 IN NS ns1.redhat.com.
> redhat.com. 172800 IN NS ns2.redhat.com.
> redhat.com. 172800 IN NS ns3.redhat.com.
> ;; Received 134 bytes from 192.26.92.30#53(C.GTLD-SERVERS.NET) in 236 ms
>
> www.redhat.com. 60 IN CNAME www.redhat.com.edgekey.net
> .
> www.redhat.com.edgekey.net. 2138 IN CNAME
> www.redhat.com.edgekey.net.globalredir.akadns.net.
> www.redhat.com.edgekey.net.globalredir.akadns.net. 3130 IN CNAME
> e86.b.akamaiedge.net.
> e86.b.akamaiedge.net. 12 IN A 96.6.32.112
> b.akamaiedge.net. 853 IN NS n4b.akamaiedge.net.
> b.akamaiedge.net. 853 IN NS n5b.akamaiedge.net.
> b.akamaiedge.net. 853 IN NS n6b.akamaiedge.net.
> b.akamaiedge.net. 853 IN NS n7b.akamaiedge.net.
> b.akamaiedge.net. 853 IN NS n8b.akamaiedge.net.
> b.akamaiedge.net. 853 IN NS n0b.akamaiedge.net.
> b.akamaiedge.net. 853 IN NS n1b.akamaiedge.net.
> b.akamaiedge.net. 853 IN NS n2b.akamaiedge.net.
> b.akamaiedge.net. 853 IN NS n3b.akamaiedge.net.
> ;; Received 341 bytes from 66.187.233.210#53(ns1.redhat.com) in 223 ms
>
> In message <
> f1b68ea6-7257-4d19-a602-2bec0daadaa8 at n33g2000pri.googlegroups.com>,
> Ganniterix writes:
> > Hi all. Hope someone can enlighten me. I have a strange problem with
> > my caching name server, and I have run out of ideas on where to debug
> > next. Basically my BIND server decides on it's own which names to
> > resolve and which not. For example ...
> >
> > [root at server named]# dig +trace www.google.com
> >
> > ; <<>> DiG 9.5.1b3-RedHat-9.5.1-0.9.b3.fc10 <<>> +trace www.google.com
> > ;; global options: printcmd
> > . 518400 IN NS L.ROOT-SERVERS.NET.
> > . 518400 IN NS C.ROOT-SERVERS.NET.
> > . 518400 IN NS H.ROOT-SERVERS.NET.
> > . 518400 IN NS I.ROOT-SERVERS.NET.
> > . 518400 IN NS G.ROOT-SERVERS.NET.
> > . 518400 IN NS B.ROOT-SERVERS.NET.
> > . 518400 IN NS E.ROOT-SERVERS.NET.
> > . 518400 IN NS J.ROOT-SERVERS.NET.
> > . 518400 IN NS M.ROOT-SERVERS.NET.
> > . 518400 IN NS K.ROOT-SERVERS.NET.
> > . 518400 IN NS A.ROOT-SERVERS.NET.
> > . 518400 IN NS D.ROOT-SERVERS.NET.
> > . 518400 IN NS F.ROOT-SERVERS.NET.
> > ;; Received 288 bytes from 172.16.0.1#53(172.16.0.1) in 1 ms
> >
> > www.google.com. 397954 IN CNAME www.l.google.com.
> > www.l.google.com. 3 IN A 209.85.135.104
> > www.l.google.com. 3 IN A 209.85.135.147
> > www.l.google.com. 3 IN A 209.85.135.99
> > www.l.google.com. 3 IN A 209.85.135.103
> > l.google.com. 52352 IN NS b.l.google.com.
> > l.google.com. 52352 IN NS c.l.google.com.
> > l.google.com. 52352 IN NS d.l.google.com.
> > l.google.com. 52352 IN NS e.l.google.com.
> > l.google.com. 52352 IN NS f.l.google.com.
> > l.google.com. 52352 IN NS g.l.google.com.
> > l.google.com. 52352 IN NS a.l.google.com.
> > ;; Received 340 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 102
> > ms
> >
> > .... this works!! But this ...
> >
> > [root at server named]# dig +trace www.redhat.com
> >
> > ; <<>> DiG 9.5.1b3-RedHat-9.5.1-0.9.b3.fc10 <<>> +trace www.redhat.com
> > ;; global options: printcmd
> > . 518400 IN NS H.ROOT-SERVERS.NET.
> > . 518400 IN NS D.ROOT-SERVERS.NET.
> > . 518400 IN NS E.ROOT-SERVERS.NET.
> > . 518400 IN NS B.ROOT-SERVERS.NET.
> > . 518400 IN NS L.ROOT-SERVERS.NET.
> > . 518400 IN NS K.ROOT-SERVERS.NET.
> > . 518400 IN NS G.ROOT-SERVERS.NET.
> > . 518400 IN NS C.ROOT-SERVERS.NET.
> > . 518400 IN NS J.ROOT-SERVERS.NET.
> > . 518400 IN NS F.ROOT-SERVERS.NET.
> > . 518400 IN NS A.ROOT-SERVERS.NET.
> > . 518400 IN NS M.ROOT-SERVERS.NET.
> > . 518400 IN NS I.ROOT-SERVERS.NET.
> > ;; Received 228 bytes from 172.16.0.1#53(172.16.0.1) in 1 ms
> >
> > redhat.com. 126692 IN NS ns1.redhat.com.
> > redhat.com. 126692 IN NS ns2.redhat.com.
> > redhat.com. 126692 IN NS ns3.redhat.com.
> > ;; Received 134 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 105
> > ms
> >
> > redhat.com. 126681 IN NS ns2.redhat.com.
> > redhat.com. 126681 IN NS ns3.redhat.com.
> > redhat.com. 126681 IN NS ns1.redhat.com.
> > ;; BAD (HORIZONTAL) REFERRAL
> > ;; Received 134 bytes from 66.187.224.210#53(ns2.redhat.com) in 16662
> > ms
> >
> > does not.
> >
> > My base OS is Fedora Core 10, version of bind is 9.5.1. The
> > configuration file in use is :
> >
> > options {
> > directory "/var/named";
> > dump-file "/var/named/data/cache_dump.db";
> > statistics-file "/var/named/data/named_stats.txt";
> > recursion yes;
> > allow-query {
> > localhost;
> > 172.16/16;
> > };
> > listen-on port 53 {
> > 127.0.0.1;
> > 172.16.0.1;
> > };
> > memstatistics-file "/var/named/data/named_mem_stats.txt";
> > };
> >
> > logging {
> > channel default_debug {
> > file "data/named.run";
> > severity dynamic;
> > };
> >
> > category lame-servers {
> > null;
> > };
> > };
> >
> > zone "0.0.127.in-addr.arpa" {
> > type master;
> > file "named.loopback";
> > };
> >
> > zone "." IN {
> > type hint;
> > file "named.ca";
> > };
> >
> > include "/etc/named.rfc1912.zones";
> > include "/etc/rndc.key";
> >
> > My server is running behind the NAT firewall.
> >
> > Any suggestions where to continue?
> > _______________________________________________
> bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081222/b8f0b5fc/attachment.html>
More information about the bind-users
mailing list