Fwd: Different answer when querying @server from different clients
Jeff Sadowski
jeff.sadowski at gmail.com
Fri Mar 6 22:59:07 UTC 2015
P.S. I think that is an outdated method. It should break DNSSEC. Views
from bind would probably be a better way.
On Fri, Mar 6, 2015 at 3:52 PM, Arthur Ramsey
<arthur_ramsey at mediture.com> wrote:
> I had to disable DNS ALG on Juniper SRX series firewall.
>
> Thanks for the help,
> Arthur
>
>
> On 03/06/2015 04:51 PM, Jeff Sadowski wrote:
>>
>> I remember a network engineer that rewrote some DNS entries with a
>> cisco router replacing w.x.y.z with a.b.c.d
>>
>> On Fri, Mar 6, 2015 at 3:46 PM, Arthur Ramsey
>> <arthur_ramsey at mediture.com> wrote:
>>>
>>> I don't think it is views. The same thing happens against Google's
>>> public
>>> DNS. The two hosts route to the Internet differently and that seems to
>>> at
>>> the root of the issue somehow.
>>>
>>> [root at dc01 ~]# dig +short ns1.mediture.com
>>> 74.113.249.135
>>> [root at dc01 ~]# dig +short ns2.mediture.com
>>> 107.23.33.118
>>>
>>> [root at dc01 ~]# dig @8.8.8.8 +trace great.truchart.com
>>>
>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @8.8.8.8 +trace
>>> great.truchart.com
>>> ; (1 server found)
>>> ;; global options: +cmd
>>> . 18851 IN NS h.root-servers.net.
>>> . 18851 IN NS c.root-servers.net.
>>> . 18851 IN NS f.root-servers.net.
>>> . 18851 IN NS k.root-servers.net.
>>> . 18851 IN NS j.root-servers.net.
>>> . 18851 IN NS m.root-servers.net.
>>> . 18851 IN NS l.root-servers.net.
>>> . 18851 IN NS a.root-servers.net.
>>> . 18851 IN NS g.root-servers.net.
>>> . 18851 IN NS e.root-servers.net.
>>> . 18851 IN NS b.root-servers.net.
>>> . 18851 IN NS i.root-servers.net.
>>> . 18851 IN NS d.root-servers.net.
>>> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 144 ms
>>>
>>> com. 172800 IN NS j.gtld-servers.net.
>>> com. 172800 IN NS d.gtld-servers.net.
>>> com. 172800 IN NS k.gtld-servers.net.
>>> com. 172800 IN NS m.gtld-servers.net.
>>> com. 172800 IN NS f.gtld-servers.net.
>>> com. 172800 IN NS c.gtld-servers.net.
>>> com. 172800 IN NS e.gtld-servers.net.
>>> com. 172800 IN NS g.gtld-servers.net.
>>> com. 172800 IN NS a.gtld-servers.net.
>>> com. 172800 IN NS l.gtld-servers.net.
>>> com. 172800 IN NS h.gtld-servers.net.
>>> com. 172800 IN NS i.gtld-servers.net.
>>> com. 172800 IN NS b.gtld-servers.net.
>>> ;; Received 496 bytes from 192.228.79.201#53(192.228.79.201) in 146 ms
>>>
>>> truchart.com. 172800 IN NS ns1.mediture.com.
>>> truchart.com. 172800 IN NS ns2.mediture.com.
>>> ;; Received 113 bytes from 192.52.178.30#53(192.52.178.30) in 129 ms
>>>
>>> great.truchart.com. 3600 IN A 192.168.168.225
>>> truchart.com. 86400 IN NS ns1.mediture.com.
>>> truchart.com. 86400 IN NS ns2.mediture.com.
>>> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms
>>>
>>> [root at www02 ~]# dig @8.8.8.8 +trace great.truchart.com
>>>
>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8 +trace
>>> great.truchart.com
>>> ; (1 server found)
>>> ;; global options: +cmd
>>> . 18813 IN NS h.root-servers.net.
>>> . 18813 IN NS c.root-servers.net.
>>> . 18813 IN NS f.root-servers.net.
>>> . 18813 IN NS k.root-servers.net.
>>> . 18813 IN NS j.root-servers.net.
>>> . 18813 IN NS m.root-servers.net.
>>> . 18813 IN NS l.root-servers.net.
>>> . 18813 IN NS a.root-servers.net.
>>> . 18813 IN NS g.root-servers.net.
>>> . 18813 IN NS e.root-servers.net.
>>> . 18813 IN NS b.root-servers.net.
>>> . 18813 IN NS i.root-servers.net.
>>> . 18813 IN NS d.root-servers.net.
>>> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 94 ms
>>>
>>> com. 172800 IN NS f.gtld-servers.net.
>>> com. 172800 IN NS b.gtld-servers.net.
>>> com. 172800 IN NS c.gtld-servers.net.
>>> com. 172800 IN NS l.gtld-servers.net.
>>> com. 172800 IN NS m.gtld-servers.net.
>>> com. 172800 IN NS k.gtld-servers.net.
>>> com. 172800 IN NS e.gtld-servers.net.
>>> com. 172800 IN NS j.gtld-servers.net.
>>> com. 172800 IN NS d.gtld-servers.net.
>>> com. 172800 IN NS g.gtld-servers.net.
>>> com. 172800 IN NS a.gtld-servers.net.
>>> com. 172800 IN NS i.gtld-servers.net.
>>> com. 172800 IN NS h.gtld-servers.net.
>>> ;; Received 508 bytes from 192.58.128.30#53(192.58.128.30) in 220 ms
>>>
>>> truchart.com. 172800 IN NS ns1.mediture.com.
>>> truchart.com. 172800 IN NS ns2.mediture.com.
>>> ;; Received 113 bytes from 192.48.79.30#53(192.48.79.30) in 224 ms
>>>
>>> great.truchart.com. 3600 IN A 198.181.115.225
>>> truchart.com. 86400 IN NS ns2.mediture.com.
>>> truchart.com. 86400 IN NS ns1.mediture.com.
>>> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 32 ms
>>>
>>> [root at www02 ~]# dig +short ns1.mediture.com
>>> 74.113.249.135
>>> [root at www02 ~]# dig +short ns2.mediture.com
>>> 107.23.33.118
>>>
>>> On 03/06/2015 03:54 PM, Lightner, Jeff wrote:
>>>>
>>>> Check where each host thinks the 2 mediture.com name servers are.
>>>>
>>>> I saw an issue recently where I was getting different answers inside my
>>>> organization than I did outside and it turned out that one of the
>>>> subsequent
>>>> lookups in the trace was being answered differently so the final answer
>>>> was
>>>> different as a result. (In our case it was because we host the same
>>>> domain
>>>> separately on both external BIND servers and on internal Windows DNS
>>>> servers.)
>>>>
>>>> It took me a while looking at it to realize what was happening because I
>>>> thought trace always starts at root servers and go down the outside path
>>>> from there but what it actually does it start at root servers then does
>>>> lookups for each subsequent domain referenced which often enough will be
>>>> different than the domain you were tracing.
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: bind-users-bounces at lists.isc.org
>>>> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Arthur Ramsey
>>>> Sent: Friday, March 06, 2015 4:44 PM
>>>> To: bind-users at lists.isc.org
>>>> Subject: Different answer when querying @server from different clients
>>>>
>>>> I can't figure out why these two hosts resolve great.truchart.com
>>>> differently when querying the authoritative server.
>>>>
>>>> [root at dc01 ~]# dig +trace great.truchart.com @74.113.249.135
>>>>
>>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> +trace
>>>> great.truchart.com @74.113.249.135 ;; global options: +cmd
>>>> . 513596 IN NS i.root-servers.net.
>>>> . 513596 IN NS j.root-servers.net.
>>>> . 513596 IN NS f.root-servers.net.
>>>> . 513596 IN NS e.root-servers.net.
>>>> . 513596 IN NS m.root-servers.net.
>>>> . 513596 IN NS l.root-servers.net.
>>>> . 513596 IN NS c.root-servers.net.
>>>> . 513596 IN NS a.root-servers.net.
>>>> . 513596 IN NS g.root-servers.net.
>>>> . 513596 IN NS h.root-servers.net.
>>>> . 513596 IN NS b.root-servers.net.
>>>> . 513596 IN NS d.root-servers.net.
>>>> . 513596 IN NS k.root-servers.net.
>>>> ;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 125 ms
>>>>
>>>> com. 172800 IN NS a.gtld-servers.net.
>>>> com. 172800 IN NS b.gtld-servers.net.
>>>> com. 172800 IN NS c.gtld-servers.net.
>>>> com. 172800 IN NS d.gtld-servers.net.
>>>> com. 172800 IN NS e.gtld-servers.net.
>>>> com. 172800 IN NS f.gtld-servers.net.
>>>> com. 172800 IN NS g.gtld-servers.net.
>>>> com. 172800 IN NS h.gtld-servers.net.
>>>> com. 172800 IN NS i.gtld-servers.net.
>>>> com. 172800 IN NS j.gtld-servers.net.
>>>> com. 172800 IN NS k.gtld-servers.net.
>>>> com. 172800 IN NS l.gtld-servers.net.
>>>> com. 172800 IN NS m.gtld-servers.net.
>>>> ;; Received 496 bytes from 198.41.0.4#53(198.41.0.4) in 121 ms
>>>>
>>>> truchart.com. 172800 IN NS ns1.mediture.com.
>>>> truchart.com. 172800 IN NS ns2.mediture.com.
>>>> ;; Received 113 bytes from 192.33.14.30#53(192.33.14.30) in 111 ms
>>>>
>>>> great.truchart.com. 3600 IN A 192.168.168.225
>>>> truchart.com. 86400 IN NS ns2.mediture.com.
>>>> truchart.com. 86400 IN NS ns1.mediture.com.
>>>> ;; Received 129 bytes from 74.113.249.135#53(74.113.249.135) in 3 ms
>>>>
>>>> [root at www02 ~]# dig +trace great.truchart.com @74.113.249.135
>>>>
>>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> +trace
>>>> great.truchart.com @74.113.249.135 ;; global options: +cmd
>>>> . 514584 IN NS d.root-servers.net.
>>>> . 514584 IN NS h.root-servers.net.
>>>> . 514584 IN NS l.root-servers.net.
>>>> . 514584 IN NS g.root-servers.net.
>>>> . 514584 IN NS j.root-servers.net.
>>>> . 514584 IN NS m.root-servers.net.
>>>> . 514584 IN NS b.root-servers.net.
>>>> . 514584 IN NS k.root-servers.net.
>>>> . 514584 IN NS a.root-servers.net.
>>>> . 514584 IN NS c.root-servers.net.
>>>> . 514584 IN NS e.root-servers.net.
>>>> . 514584 IN NS f.root-servers.net.
>>>> . 514584 IN NS i.root-servers.net.
>>>> ;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 183 ms
>>>>
>>>> com. 172800 IN NS b.gtld-servers.net.
>>>> com. 172800 IN NS f.gtld-servers.net.
>>>> com. 172800 IN NS d.gtld-servers.net.
>>>> com. 172800 IN NS a.gtld-servers.net.
>>>> com. 172800 IN NS g.gtld-servers.net.
>>>> com. 172800 IN NS e.gtld-servers.net.
>>>> com. 172800 IN NS c.gtld-servers.net.
>>>> com. 172800 IN NS k.gtld-servers.net.
>>>> com. 172800 IN NS h.gtld-servers.net.
>>>> com. 172800 IN NS m.gtld-servers.net.
>>>> com. 172800 IN NS i.gtld-servers.net.
>>>> com. 172800 IN NS l.gtld-servers.net.
>>>> com. 172800 IN NS j.gtld-servers.net.
>>>> ;; Received 496 bytes from 202.12.27.33#53(202.12.27.33) in 267 ms
>>>>
>>>> truchart.com. 172800 IN NS ns1.mediture.com.
>>>> truchart.com. 172800 IN NS ns2.mediture.com.
>>>> ;; Received 113 bytes from 192.43.172.30#53(192.43.172.30) in 70 ms
>>>>
>>>> great.truchart.com. 3600 IN A 198.181.115.225
>>>> truchart.com. 86400 IN NS ns2.mediture.com.
>>>> truchart.com. 86400 IN NS ns1.mediture.com.
>>>> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms
>>>>
>>>> --
>>>> Arthur Ramsey
>>>> Systems Administrator
>>>> Mediture
>>>> arthur_ramsey at mediture.com
>>>> 952.400.0323
>>>>
>>>> This e-mail and any attachments may contain CONFIDENTIAL information,
>>>> including PROTECTED HEALTH INFORMATION. If you are not the intended
>>>> recipient, any use or disclosure of this information is STRICTLY
>>>> PROHIBITED;
>>>> you are requested to delete this e-mail and any attachments, notify the
>>>> sender immediately, and notify the Mediture Privacy Officer at
>>>> privacyofficer at mediture.com.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>>> unsubscribe from this list
>>>>
>>>> bind-users mailing list
>>>> bind-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>>>
>>> --
>>> Arthur Ramsey
>>> Systems Administrator
>>> Mediture
>>> arthur_ramsey at mediture.com
>>> 952.400.0323
>>>
>>> This e-mail and any attachments may contain CONFIDENTIAL information,
>>> including PROTECTED HEALTH INFORMATION. If you are not the intended
>>> recipient, any use or disclosure of this information is STRICTLY
>>> PROHIBITED;
>>> you are requested to delete this e-mail and any attachments, notify the
>>> sender immediately, and notify the Mediture Privacy Officer at
>>> privacyofficer at mediture.com.
>>>
>>>
>>>
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> --
> Arthur Ramsey
> Systems Administrator
> Mediture
> arthur_ramsey at mediture.com
> 952.400.0323
>
> This e-mail and any attachments may contain CONFIDENTIAL information,
> including PROTECTED HEALTH INFORMATION. If you are not the intended
> recipient, any use or disclosure of this information is STRICTLY PROHIBITED;
> you are requested to delete this e-mail and any attachments, notify the
> sender immediately, and notify the Mediture Privacy Officer at
> privacyofficer at mediture.com.
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list