Problem with recursion for windows bind for Teamviewer

Greg Choules gregchoules+bindusers at googlemail.com
Mon Nov 20 17:53:55 UTC 2023 

Have you checked the routeing table on this server?
Without any other evidence, this looks to me like packets are going places
you aren't expecting.

In the first screenshot the query goes to 213.227.191.1 and apparently a
response doesn't come back until 4s later. When I try it using dig I get an
immediate response:

; <<>> DiG 9.18.17 <<>> @213.227.191.1 router14.teamviewer.com +norecurs
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32608
;; flags: qr aa; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;router14.teamviewer.com. IN A

;; ANSWER SECTION:
router14.teamviewer.com. 3600 IN CNAME routerpool14.rlb.teamviewer.com.
routerpool14.rlb.teamviewer.com. 120 IN A 188.172.219.139
routerpool14.rlb.teamviewer.com. 120 IN A 188.172.198.141
routerpool14.rlb.teamviewer.com. 120 IN A 37.252.232.103
routerpool14.rlb.teamviewer.com. 120 IN A 37.252.246.104
routerpool14.rlb.teamviewer.com. 120 IN A 217.146.4.136

;; Query time: 11 msec
;; SERVER: 213.227.191.1#53(213.227.191.1) (UDP)
;; WHEN: Mon Nov 20 17:40:22 GMT 2023
;; MSG SIZE  rcvd: 177

In the second screenshot you see no response to #60. My suspicion again is
that it went somewhere you weren't monitoring, or just wasn't routed at all.

I would capture ALL packets, not just DNS, on ALL interfaces. See if you
can see where key packets are going, whether you receive ICMP unreachables
or retries etc.
Also do some tests. If you have BIND you should also have dig. If you don't
have dig, use Windows nslookup in interactive mode and send queries to the
teamviewer NSs.

Right now I would prove that the network is clean first. I see no reason to
suspect BIND at the moment.

Cheers, Greg

On Mon, 20 Nov 2023 at 17:40, legacyone via bind-users <
bind-users at lists.isc.org> wrote:

> This might show the problem even more on two interfaces WAN side and LAN
> you can see 192.168.53.19 ask for routerpool8 #60 then bind goes out #62
> gets a answer # 75 and no reply back to 192.168.53.19
>
> https://ufile.io/v8oob3jg
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231120/9b1df97b/attachment-0001.htm>

More information about the bind-users mailing list