can't-resolve

Warren Kumari warren at kumari.net
Fri Dec 26 23:27:25 UTC 2014 

Also, from querying from the outside (with TCP):

 ~# dig +tcp www.auth-servers.net   @212.119.64.228
; <<>> DiG 9.10.1-P1 <<>> +tcp www.auth-servers.net @212.119.64.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20716
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.auth-servers.net.          IN      A

;; Query time: 8260 msec
;; SERVER: 212.119.64.228#53(212.119.64.228)
;; WHEN: Fri Dec 26 18:18:30 EST 2014
;; MSG SIZE  rcvd: 49

Then trying the same query a few seconds later:
dig +tcp www.auth-servers.net   @212.119.64.228

; <<>> DiG 9.10.1-P1 <<>> +tcp www.auth-servers.net @212.119.64.228
;; global options: +cmd
;; connection timed out; no servers could be reached

This really looks like a firewall -- perhaps there is some firewall
software on the box itself?

W


On Fri, Dec 26, 2014 at 6:17 PM, Warren Kumari <warren at kumari.net> wrote:
> What OS is this machine running?
>
> Interestingly enough, it is unpingable, and a quick nmap fingerprints it as:
> Running: Sun Solaris 8
> OS CPE: cpe:/o:sun:sunos:5.8
> OS details: Sun Solaris 8 (SPARC)
>
> nmap could only find one open port (TCP 53 :-)) and so its
> fingerprinting is unreliable, but it *does* look like you are behind a
> firewall type devices.
> It is unusual for machines themselves to not respond to pings.
>
> fpdns says:
> fingerprint (212.119.64.228, 212.119.64.228): ISC BIND 9.2.3rc1 --
> 9.6.1-P1 [recursion enabled]
>
>
>
> On Fri, Dec 26, 2014 at 5:55 PM, Barry Margolin <barmar at alum.mit.edu> wrote:
>> In article <mailman.1330.1419633581.26362.bind-users at lists.isc.org>,
>>  "Ejaz" <mejaz at cyberia.net.sa> wrote:
>>
>>> I am sure sir there is no firewall on  in the server you can make sure by
>>> telnet to the port 53 of this IP 212.119.64.228
>>
>> That doesn't mean anything. The firewall may be blocking OUTGOING
>> packets to port 53, or they're blocking the returning replies (which go
>> to an ephemeral port).
>>
>>>
>>>
>>> Regards,
>>> Mohammed Ejaz
>>> CYBERIAR SAUDI ARABIA
>>> P.O.Box 301079, Riyadh 11372, Saudi Arabia
>>> Tel: +966 11 464 7114 Ext. 140
>>> Fax: +966 11 465 4735
>>>
>>> -----Original Message-----
>>> From: bind-users-bounces at lists.isc.org
>>> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Matus UHLAR -
>>> fantomas
>>> Sent: Friday, December 26, 2014 7:35 PM
>>> To: bind-users at lists.isc.org
>>> Subject: Re: can't-resolve
>>>
>>> On 26.12.14 19:21, Ejaz wrote:
>>> >When  run "dig a yahoo.com @212.119.64.228 below is the ouput.
>>> >
>>> >yahoo.com. (38)
>>> >17:39:41.363532 IP 212.119.64.228.37891 > 212.119.64.228.domain: 34168+
>>> >[1au] A?                           yahoo.com. (38)
>>> >17:39:42.246993 IP 212.119.64.228.53702 > 192.5.5.241.domain: 58238 [1au]
>>> A?
>>> >yah                          oo.com. (38)
>>> >17:39:42.247012 IP 212.119.64.228.45701 > 192.5.5.241.domain: 13223 [1au]
>>> >NS? .                           (28)
>>> >17:39:43.047148 IP 212.119.64.228.43795 > 128.63.2.53.domain: 1539 A?
>>> >yahoo.com.                           (27)
>>> >17:39:43.047154 IP 212.119.64.228.55178 > 128.63.2.53.domain: 56002 NS? .
>>> >(17)
>>> >17:39:43.847447 IP 212.119.64.228.61664 > 192.58.128.30.domain: 165 A?
>>> >yahoo.com                          . (27)
>>> >17:39:43.847542 IP 212.119.64.228.30239 > 192.58.128.30.domain: 11435 NS? .
>>> >(17)
>>> >17:39:44.995096 IP 212.119.64.228.24477 > 199.7.83.42.domain: 25645 [1au]
>>> A?
>>> >yahoo.com. (38)
>>> >17:39:44.995162 IP 212.119.64.228.22170 > 199.7.83.42.domain: 44767
>>> >[1au] NS? . (28)
>>> >17:39:45.897226 IP 212.119.64.228.35574 > 199.7.91.13.domain: 29284 A?
>>> >yahoo.com. (27)
>>> >17:39:45.897233 IP 212.119.64.228.36946 > 199.7.91.13.domain: 17626 NS? .
>>> >(17)
>>> >17:39:46.363642 IP 212.119.64.228.37891 > 212.119.64.228.domain: 34168+
>>> >[1au] A? yahoo.com. (38)
>>> >17:39:46.370282 IP 212.119.64.228.domain > 212.119.64.228.37891: 34168
>>> >ServFail 0/0/1 (38)
>>>
>>> these are just outgoing DNS requests , no replies coming back.
>>> Are you sure there is no firewall, or "security" gateway between your server
>>> and the world?
>>>
>>>
>>> --
>>> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>>> Warning: I wish NOT to receive e-mail advertising to this address.
>>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>> 42.7 percent of all statistics are made up on the spot.
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>> --
>> Barry Margolin
>> Arlington, MA
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

More information about the bind-users mailing list