Different answer when querying @server from different clients

Arthur Ramsey arthur_ramsey at mediture.com
Fri Mar 6 22:46:29 UTC 2015 

I don't think it is views.  The same thing happens against Google's 
public DNS.  The two hosts route to the Internet differently and that 
seems to at the root of the issue somehow.

[root at dc01 ~]# dig +short ns1.mediture.com
74.113.249.135
[root at dc01 ~]# dig +short ns2.mediture.com
107.23.33.118

[root at dc01 ~]# dig @8.8.8.8 +trace great.truchart.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @8.8.8.8 +trace great.truchart.com
; (1 server found)
;; global options: +cmd
.			18851	IN	NS	h.root-servers.net.
.			18851	IN	NS	c.root-servers.net.
.			18851	IN	NS	f.root-servers.net.
.			18851	IN	NS	k.root-servers.net.
.			18851	IN	NS	j.root-servers.net.
.			18851	IN	NS	m.root-servers.net.
.			18851	IN	NS	l.root-servers.net.
.			18851	IN	NS	a.root-servers.net.
.			18851	IN	NS	g.root-servers.net.
.			18851	IN	NS	e.root-servers.net.
.			18851	IN	NS	b.root-servers.net.
.			18851	IN	NS	i.root-servers.net.
.			18851	IN	NS	d.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 144 ms

com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
;; Received 496 bytes from 192.228.79.201#53(192.228.79.201) in 146 ms

truchart.com.		172800	IN	NS	ns1.mediture.com.
truchart.com.		172800	IN	NS	ns2.mediture.com.
;; Received 113 bytes from 192.52.178.30#53(192.52.178.30) in 129 ms

great.truchart.com.	3600	IN	A	192.168.168.225
truchart.com.		86400	IN	NS	ns1.mediture.com.
truchart.com.		86400	IN	NS	ns2.mediture.com.
;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms

[root at www02 ~]# dig @8.8.8.8 +trace great.truchart.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8 +trace great.truchart.com
; (1 server found)
;; global options: +cmd
.			18813	IN	NS	h.root-servers.net.
.			18813	IN	NS	c.root-servers.net.
.			18813	IN	NS	f.root-servers.net.
.			18813	IN	NS	k.root-servers.net.
.			18813	IN	NS	j.root-servers.net.
.			18813	IN	NS	m.root-servers.net.
.			18813	IN	NS	l.root-servers.net.
.			18813	IN	NS	a.root-servers.net.
.			18813	IN	NS	g.root-servers.net.
.			18813	IN	NS	e.root-servers.net.
.			18813	IN	NS	b.root-servers.net.
.			18813	IN	NS	i.root-servers.net.
.			18813	IN	NS	d.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 94 ms

com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
;; Received 508 bytes from 192.58.128.30#53(192.58.128.30) in 220 ms

truchart.com.		172800	IN	NS	ns1.mediture.com.
truchart.com.		172800	IN	NS	ns2.mediture.com.
;; Received 113 bytes from 192.48.79.30#53(192.48.79.30) in 224 ms

great.truchart.com.	3600	IN	A	198.181.115.225
truchart.com.		86400	IN	NS	ns2.mediture.com.
truchart.com.		86400	IN	NS	ns1.mediture.com.
;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 32 ms

[root at www02 ~]# dig +short ns1.mediture.com
74.113.249.135
[root at www02 ~]# dig +short ns2.mediture.com
107.23.33.118

On 03/06/2015 03:54 PM, Lightner, Jeff wrote:
> Check where each host thinks the 2 mediture.com name servers are.
>
> I saw an issue recently where I was getting different answers inside my organization than I did outside and it turned out that one of the subsequent lookups in the trace was being answered differently so the final answer was different as a result.   (In our case it was because we host the same domain separately on both external BIND servers and on internal Windows DNS servers.)
>
> It took me a while looking at it to realize what was happening because I thought trace always starts at root servers and go down the outside path from there but what it actually does it start at root servers then does lookups for each subsequent domain referenced which often enough will be different than the domain you were tracing.
>
>
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Arthur Ramsey
> Sent: Friday, March 06, 2015 4:44 PM
> To: bind-users at lists.isc.org
> Subject: Different answer when querying @server from different clients
>
> I can't figure out why these two hosts resolve great.truchart.com differently when querying the authoritative server.
>
> [root at dc01 ~]# dig +trace great.truchart.com @74.113.249.135
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> +trace great.truchart.com @74.113.249.135 ;; global options: +cmd
> .			513596	IN	NS	i.root-servers.net.
> .			513596	IN	NS	j.root-servers.net.
> .			513596	IN	NS	f.root-servers.net.
> .			513596	IN	NS	e.root-servers.net.
> .			513596	IN	NS	m.root-servers.net.
> .			513596	IN	NS	l.root-servers.net.
> .			513596	IN	NS	c.root-servers.net.
> .			513596	IN	NS	a.root-servers.net.
> .			513596	IN	NS	g.root-servers.net.
> .			513596	IN	NS	h.root-servers.net.
> .			513596	IN	NS	b.root-servers.net.
> .			513596	IN	NS	d.root-servers.net.
> .			513596	IN	NS	k.root-servers.net.
> ;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 125 ms
>
> com.			172800	IN	NS	a.gtld-servers.net.
> com.			172800	IN	NS	b.gtld-servers.net.
> com.			172800	IN	NS	c.gtld-servers.net.
> com.			172800	IN	NS	d.gtld-servers.net.
> com.			172800	IN	NS	e.gtld-servers.net.
> com.			172800	IN	NS	f.gtld-servers.net.
> com.			172800	IN	NS	g.gtld-servers.net.
> com.			172800	IN	NS	h.gtld-servers.net.
> com.			172800	IN	NS	i.gtld-servers.net.
> com.			172800	IN	NS	j.gtld-servers.net.
> com.			172800	IN	NS	k.gtld-servers.net.
> com.			172800	IN	NS	l.gtld-servers.net.
> com.			172800	IN	NS	m.gtld-servers.net.
> ;; Received 496 bytes from 198.41.0.4#53(198.41.0.4) in 121 ms
>
> truchart.com.		172800	IN	NS	ns1.mediture.com.
> truchart.com.		172800	IN	NS	ns2.mediture.com.
> ;; Received 113 bytes from 192.33.14.30#53(192.33.14.30) in 111 ms
>
> great.truchart.com.	3600	IN	A	192.168.168.225
> truchart.com.		86400	IN	NS	ns2.mediture.com.
> truchart.com.		86400	IN	NS	ns1.mediture.com.
> ;; Received 129 bytes from 74.113.249.135#53(74.113.249.135) in 3 ms
>
> [root at www02 ~]# dig +trace great.truchart.com @74.113.249.135
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> +trace great.truchart.com @74.113.249.135 ;; global options: +cmd
> .			514584	IN	NS	d.root-servers.net.
> .			514584	IN	NS	h.root-servers.net.
> .			514584	IN	NS	l.root-servers.net.
> .			514584	IN	NS	g.root-servers.net.
> .			514584	IN	NS	j.root-servers.net.
> .			514584	IN	NS	m.root-servers.net.
> .			514584	IN	NS	b.root-servers.net.
> .			514584	IN	NS	k.root-servers.net.
> .			514584	IN	NS	a.root-servers.net.
> .			514584	IN	NS	c.root-servers.net.
> .			514584	IN	NS	e.root-servers.net.
> .			514584	IN	NS	f.root-servers.net.
> .			514584	IN	NS	i.root-servers.net.
> ;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 183 ms
>
> com.			172800	IN	NS	b.gtld-servers.net.
> com.			172800	IN	NS	f.gtld-servers.net.
> com.			172800	IN	NS	d.gtld-servers.net.
> com.			172800	IN	NS	a.gtld-servers.net.
> com.			172800	IN	NS	g.gtld-servers.net.
> com.			172800	IN	NS	e.gtld-servers.net.
> com.			172800	IN	NS	c.gtld-servers.net.
> com.			172800	IN	NS	k.gtld-servers.net.
> com.			172800	IN	NS	h.gtld-servers.net.
> com.			172800	IN	NS	m.gtld-servers.net.
> com.			172800	IN	NS	i.gtld-servers.net.
> com.			172800	IN	NS	l.gtld-servers.net.
> com.			172800	IN	NS	j.gtld-servers.net.
> ;; Received 496 bytes from 202.12.27.33#53(202.12.27.33) in 267 ms
>
> truchart.com.		172800	IN	NS	ns1.mediture.com.
> truchart.com.		172800	IN	NS	ns2.mediture.com.
> ;; Received 113 bytes from 192.43.172.30#53(192.43.172.30) in 70 ms
>
> great.truchart.com.	3600	IN	A	198.181.115.225
> truchart.com.		86400	IN	NS	ns2.mediture.com.
> truchart.com.		86400	IN	NS	ns1.mediture.com.
> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms
>
> --
> Arthur Ramsey
> Systems Administrator
> Mediture
> arthur_ramsey at mediture.com
> 952.400.0323
>
> This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323

This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.

More information about the bind-users mailing list