Different answer when querying @server from different clients
Arthur Ramsey
arthur_ramsey at mediture.com
Fri Mar 6 22:46:29 UTC 2015
I don't think it is views. The same thing happens against Google's
public DNS. The two hosts route to the Internet differently and that
seems to at the root of the issue somehow.
[root at dc01 ~]# dig +short ns1.mediture.com
74.113.249.135
[root at dc01 ~]# dig +short ns2.mediture.com
107.23.33.118
[root at dc01 ~]# dig @8.8.8.8 +trace great.truchart.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @8.8.8.8 +trace great.truchart.com
; (1 server found)
;; global options: +cmd
. 18851 IN NS h.root-servers.net.
. 18851 IN NS c.root-servers.net.
. 18851 IN NS f.root-servers.net.
. 18851 IN NS k.root-servers.net.
. 18851 IN NS j.root-servers.net.
. 18851 IN NS m.root-servers.net.
. 18851 IN NS l.root-servers.net.
. 18851 IN NS a.root-servers.net.
. 18851 IN NS g.root-servers.net.
. 18851 IN NS e.root-servers.net.
. 18851 IN NS b.root-servers.net.
. 18851 IN NS i.root-servers.net.
. 18851 IN NS d.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 144 ms
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
;; Received 496 bytes from 192.228.79.201#53(192.228.79.201) in 146 ms
truchart.com. 172800 IN NS ns1.mediture.com.
truchart.com. 172800 IN NS ns2.mediture.com.
;; Received 113 bytes from 192.52.178.30#53(192.52.178.30) in 129 ms
great.truchart.com. 3600 IN A 192.168.168.225
truchart.com. 86400 IN NS ns1.mediture.com.
truchart.com. 86400 IN NS ns2.mediture.com.
;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms
[root at www02 ~]# dig @8.8.8.8 +trace great.truchart.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8 +trace great.truchart.com
; (1 server found)
;; global options: +cmd
. 18813 IN NS h.root-servers.net.
. 18813 IN NS c.root-servers.net.
. 18813 IN NS f.root-servers.net.
. 18813 IN NS k.root-servers.net.
. 18813 IN NS j.root-servers.net.
. 18813 IN NS m.root-servers.net.
. 18813 IN NS l.root-servers.net.
. 18813 IN NS a.root-servers.net.
. 18813 IN NS g.root-servers.net.
. 18813 IN NS e.root-servers.net.
. 18813 IN NS b.root-servers.net.
. 18813 IN NS i.root-servers.net.
. 18813 IN NS d.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 94 ms
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
;; Received 508 bytes from 192.58.128.30#53(192.58.128.30) in 220 ms
truchart.com. 172800 IN NS ns1.mediture.com.
truchart.com. 172800 IN NS ns2.mediture.com.
;; Received 113 bytes from 192.48.79.30#53(192.48.79.30) in 224 ms
great.truchart.com. 3600 IN A 198.181.115.225
truchart.com. 86400 IN NS ns2.mediture.com.
truchart.com. 86400 IN NS ns1.mediture.com.
;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 32 ms
[root at www02 ~]# dig +short ns1.mediture.com
74.113.249.135
[root at www02 ~]# dig +short ns2.mediture.com
107.23.33.118
On 03/06/2015 03:54 PM, Lightner, Jeff wrote:
> Check where each host thinks the 2 mediture.com name servers are.
>
> I saw an issue recently where I was getting different answers inside my organization than I did outside and it turned out that one of the subsequent lookups in the trace was being answered differently so the final answer was different as a result. (In our case it was because we host the same domain separately on both external BIND servers and on internal Windows DNS servers.)
>
> It took me a while looking at it to realize what was happening because I thought trace always starts at root servers and go down the outside path from there but what it actually does it start at root servers then does lookups for each subsequent domain referenced which often enough will be different than the domain you were tracing.
>
>
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Arthur Ramsey
> Sent: Friday, March 06, 2015 4:44 PM
> To: bind-users at lists.isc.org
> Subject: Different answer when querying @server from different clients
>
> I can't figure out why these two hosts resolve great.truchart.com differently when querying the authoritative server.
>
> [root at dc01 ~]# dig +trace great.truchart.com @74.113.249.135
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> +trace great.truchart.com @74.113.249.135 ;; global options: +cmd
> . 513596 IN NS i.root-servers.net.
> . 513596 IN NS j.root-servers.net.
> . 513596 IN NS f.root-servers.net.
> . 513596 IN NS e.root-servers.net.
> . 513596 IN NS m.root-servers.net.
> . 513596 IN NS l.root-servers.net.
> . 513596 IN NS c.root-servers.net.
> . 513596 IN NS a.root-servers.net.
> . 513596 IN NS g.root-servers.net.
> . 513596 IN NS h.root-servers.net.
> . 513596 IN NS b.root-servers.net.
> . 513596 IN NS d.root-servers.net.
> . 513596 IN NS k.root-servers.net.
> ;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 125 ms
>
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS b.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS j.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> ;; Received 496 bytes from 198.41.0.4#53(198.41.0.4) in 121 ms
>
> truchart.com. 172800 IN NS ns1.mediture.com.
> truchart.com. 172800 IN NS ns2.mediture.com.
> ;; Received 113 bytes from 192.33.14.30#53(192.33.14.30) in 111 ms
>
> great.truchart.com. 3600 IN A 192.168.168.225
> truchart.com. 86400 IN NS ns2.mediture.com.
> truchart.com. 86400 IN NS ns1.mediture.com.
> ;; Received 129 bytes from 74.113.249.135#53(74.113.249.135) in 3 ms
>
> [root at www02 ~]# dig +trace great.truchart.com @74.113.249.135
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> +trace great.truchart.com @74.113.249.135 ;; global options: +cmd
> . 514584 IN NS d.root-servers.net.
> . 514584 IN NS h.root-servers.net.
> . 514584 IN NS l.root-servers.net.
> . 514584 IN NS g.root-servers.net.
> . 514584 IN NS j.root-servers.net.
> . 514584 IN NS m.root-servers.net.
> . 514584 IN NS b.root-servers.net.
> . 514584 IN NS k.root-servers.net.
> . 514584 IN NS a.root-servers.net.
> . 514584 IN NS c.root-servers.net.
> . 514584 IN NS e.root-servers.net.
> . 514584 IN NS f.root-servers.net.
> . 514584 IN NS i.root-servers.net.
> ;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 183 ms
>
> com. 172800 IN NS b.gtld-servers.net.
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS j.gtld-servers.net.
> ;; Received 496 bytes from 202.12.27.33#53(202.12.27.33) in 267 ms
>
> truchart.com. 172800 IN NS ns1.mediture.com.
> truchart.com. 172800 IN NS ns2.mediture.com.
> ;; Received 113 bytes from 192.43.172.30#53(192.43.172.30) in 70 ms
>
> great.truchart.com. 3600 IN A 198.181.115.225
> truchart.com. 86400 IN NS ns2.mediture.com.
> truchart.com. 86400 IN NS ns1.mediture.com.
> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms
>
> --
> Arthur Ramsey
> Systems Administrator
> Mediture
> arthur_ramsey at mediture.com
> 952.400.0323
>
> This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323
This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
More information about the bind-users
mailing list