Different answer when querying @server from different clients
Barry S. Finkel
bsfinkel at att.net
Sun Mar 8 13:50:51 UTC 2015
On 3/6/2015 4:52 PM, bind-users-request at lists.isc.org wrote:
> I don't think it is views. The same thing happens against Google's
> public DNS. The two hosts route to the Internet differently and that
> seems to at the root of the issue somehow.
>
> [root at dc01 ~]# dig +short ns1.mediture.com
> 74.113.249.135
> [root at dc01 ~]# dig +short ns2.mediture.com
> 107.23.33.118
>
> [root at dc01 ~]# dig @8.8.8.8 +trace great.truchart.com
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @8.8.8.8 +trace great.truchart.com
> ; (1 server found)
> ;; global options: +cmd
> . 18851 IN NS h.root-servers.net.
> . 18851 IN NS c.root-servers.net.
> . 18851 IN NS f.root-servers.net.
> . 18851 IN NS k.root-servers.net.
> . 18851 IN NS j.root-servers.net.
> . 18851 IN NS m.root-servers.net.
> . 18851 IN NS l.root-servers.net.
> . 18851 IN NS a.root-servers.net.
> . 18851 IN NS g.root-servers.net.
> . 18851 IN NS e.root-servers.net.
> . 18851 IN NS b.root-servers.net.
> . 18851 IN NS i.root-servers.net.
> . 18851 IN NS d.root-servers.net.
> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 144 ms
>
> com. 172800 IN NS j.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS b.gtld-servers.net.
> ;; Received 496 bytes from 192.228.79.201#53(192.228.79.201) in 146 ms
>
> truchart.com. 172800 IN NS ns1.mediture.com.
> truchart.com. 172800 IN NS ns2.mediture.com.
> ;; Received 113 bytes from 192.52.178.30#53(192.52.178.30) in 129 ms
>
> great.truchart.com. 3600 IN A 192.168.168.225
> truchart.com. 86400 IN NS ns1.mediture.com.
> truchart.com. 86400 IN NS ns2.mediture.com.
> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms
>
> [root at www02 ~]# dig @8.8.8.8 +trace great.truchart.com
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8 +trace great.truchart.com
> ; (1 server found)
> ;; global options: +cmd
> . 18813 IN NS h.root-servers.net.
> . 18813 IN NS c.root-servers.net.
> . 18813 IN NS f.root-servers.net.
> . 18813 IN NS k.root-servers.net.
> . 18813 IN NS j.root-servers.net.
> . 18813 IN NS m.root-servers.net.
> . 18813 IN NS l.root-servers.net.
> . 18813 IN NS a.root-servers.net.
> . 18813 IN NS g.root-servers.net.
> . 18813 IN NS e.root-servers.net.
> . 18813 IN NS b.root-servers.net.
> . 18813 IN NS i.root-servers.net.
> . 18813 IN NS d.root-servers.net.
> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 94 ms
>
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS b.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS j.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> ;; Received 508 bytes from 192.58.128.30#53(192.58.128.30) in 220 ms
>
> truchart.com. 172800 IN NS ns1.mediture.com.
> truchart.com. 172800 IN NS ns2.mediture.com.
> ;; Received 113 bytes from 192.48.79.30#53(192.48.79.30) in 224 ms
>
> great.truchart.com. 3600 IN A 198.181.115.225
> truchart.com. 86400 IN NS ns2.mediture.com.
> truchart.com. 86400 IN NS ns1.mediture.com.
> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 32 ms
>
> [root at www02 ~]# dig +short ns1.mediture.com
> 74.113.249.135
> [root at www02 ~]# dig +short ns2.mediture.com
> 107.23.33.118
>
> On 03/06/2015 03:54 PM, Lightner, Jeff wrote:
>> >Check where each host thinks the 2 mediture.com name servers are.
>> >
>> >I saw an issue recently where I was getting different answers inside my organization than I did outside and it turned out that one of the subsequent lookups in the trace was being answered differently so the final answer was different as a result. (In our case it was because we host the same domain separately on both external BIND servers and on internal Windows DNS servers.)
>> >
>> >It took me a while looking at it to realize what was happening because I thought trace always starts at root servers and go down the outside path from there but what it actually does it start at root servers then does lookups for each subsequent domain referenced which often enough will be different than the domain you were tracing.
>> >
>> >
>> >-----Original Message-----
>> >From:bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Arthur Ramsey
>> >Sent: Friday, March 06, 2015 4:44 PM
>> >To:bind-users at lists.isc.org
>> >Subject: Different answer when querying @server from different clients
>> >
>> >I can't figure out why these two hosts resolve great.truchart.com differently when querying the authoritative server.
>> >
>> >[root at dc01 ~]# dig +trace great.truchart.com @74.113.249.135
>> >
>> >; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> +trace great.truchart.com @74.113.249.135 ;; global options: +cmd
>> >. 513596 IN NS i.root-servers.net.
>> >. 513596 IN NS j.root-servers.net.
>> >. 513596 IN NS f.root-servers.net.
>> >. 513596 IN NS e.root-servers.net.
>> >. 513596 IN NS m.root-servers.net.
>> >. 513596 IN NS l.root-servers.net.
>> >. 513596 IN NS c.root-servers.net.
>> >. 513596 IN NS a.root-servers.net.
>> >. 513596 IN NS g.root-servers.net.
>> >. 513596 IN NS h.root-servers.net.
>> >. 513596 IN NS b.root-servers.net.
>> >. 513596 IN NS d.root-servers.net.
>> >. 513596 IN NS k.root-servers.net.
>> >;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 125 ms
>> >
>> >com. 172800 IN NS a.gtld-servers.net.
>> >com. 172800 IN NS b.gtld-servers.net.
>> >com. 172800 IN NS c.gtld-servers.net.
>> >com. 172800 IN NS d.gtld-servers.net.
>> >com. 172800 IN NS e.gtld-servers.net.
>> >com. 172800 IN NS f.gtld-servers.net.
>> >com. 172800 IN NS g.gtld-servers.net.
>> >com. 172800 IN NS h.gtld-servers.net.
>> >com. 172800 IN NS i.gtld-servers.net.
>> >com. 172800 IN NS j.gtld-servers.net.
>> >com. 172800 IN NS k.gtld-servers.net.
>> >com. 172800 IN NS l.gtld-servers.net.
>> >com. 172800 IN NS m.gtld-servers.net.
>> >;; Received 496 bytes from 198.41.0.4#53(198.41.0.4) in 121 ms
>> >
>> >truchart.com. 172800 IN NS ns1.mediture.com.
>> >truchart.com. 172800 IN NS ns2.mediture.com.
>> >;; Received 113 bytes from 192.33.14.30#53(192.33.14.30) in 111 ms
>> >
>> >great.truchart.com. 3600 IN A 192.168.168.225
>> >truchart.com. 86400 IN NS ns2.mediture.com.
>> >truchart.com. 86400 IN NS ns1.mediture.com.
>> >;; Received 129 bytes from 74.113.249.135#53(74.113.249.135) in 3 ms
>> >
>> >[root at www02 ~]# dig +trace great.truchart.com @74.113.249.135
>> >
>> >; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> +trace great.truchart.com @74.113.249.135 ;; global options: +cmd
>> >. 514584 IN NS d.root-servers.net.
>> >. 514584 IN NS h.root-servers.net.
>> >. 514584 IN NS l.root-servers.net.
>> >. 514584 IN NS g.root-servers.net.
>> >. 514584 IN NS j.root-servers.net.
>> >. 514584 IN NS m.root-servers.net.
>> >. 514584 IN NS b.root-servers.net.
>> >. 514584 IN NS k.root-servers.net.
>> >. 514584 IN NS a.root-servers.net.
>> >. 514584 IN NS c.root-servers.net.
>> >. 514584 IN NS e.root-servers.net.
>> >. 514584 IN NS f.root-servers.net.
>> >. 514584 IN NS i.root-servers.net.
>> >;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 183 ms
>> >
>> >com. 172800 IN NS b.gtld-servers.net.
>> >com. 172800 IN NS f.gtld-servers.net.
>> >com. 172800 IN NS d.gtld-servers.net.
>> >com. 172800 IN NS a.gtld-servers.net.
>> >com. 172800 IN NS g.gtld-servers.net.
>> >com. 172800 IN NS e.gtld-servers.net.
>> >com. 172800 IN NS c.gtld-servers.net.
>> >com. 172800 IN NS k.gtld-servers.net.
>> >com. 172800 IN NS h.gtld-servers.net.
>> >com. 172800 IN NS m.gtld-servers.net.
>> >com. 172800 IN NS i.gtld-servers.net.
>> >com. 172800 IN NS l.gtld-servers.net.
>> >com. 172800 IN NS j.gtld-servers.net.
>> >;; Received 496 bytes from 202.12.27.33#53(202.12.27.33) in 267 ms
>> >
>> >truchart.com. 172800 IN NS ns1.mediture.com.
>> >truchart.com. 172800 IN NS ns2.mediture.com.
>> >;; Received 113 bytes from 192.43.172.30#53(192.43.172.30) in 70 ms
>> >
>> >great.truchart.com. 3600 IN A 198.181.115.225
>> >truchart.com. 86400 IN NS ns2.mediture.com.
>> >truchart.com. 86400 IN NS ns1.mediture.com.
>> >;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms
>> >
>> >--
>> >Arthur Ramsey
>> >Systems Administrator
>> >Mediture
>> >arthur_ramsey at mediture.com
>> >952.400.0323
>> >
If I remember correctly, using "+trace" performs the query by
going to the root, then going to a server delegated from the root,
etc. until the question gets to an authorized server.
root --> .com --> truechart.com
Using "+trace" with "@8.8.8.8" ignores the "@8.8.8.8", as
that server is never queried when the query starts at the root
and moves down the DNS tree to authorized servers.
--Barry Finkel
More information about the bind-users
mailing list