[bind ipmasq] More information about weird DNS problems.

Karl M. Hegbloom karlheg at bittersweet.inetarena.com
Sun Mar 12 03:51:26 UTC 2000


 I started `ethereal' on the laptop, and on the DNS machine, then ran
 `host 192.168.1.1' to get a reverse lookup on the IP of my
 workstation, which is acting as the "ISP" for the proxy gateway
 machine.  Here's the pcap dumps...  You can view the .pcap files with
 `ethereal' (please do that so you can see what I mean).  Enclosed in
 the tarfile are what I believe is most of the relevant information.
 Let me know if you need anything more to help.

 After starting the sniffers, I ran `host 192.168.1.1' from 10.0.0.11.
 It's resolv.conf lists 10.0.0.10 and 192.168.1.1 as nameservers, in
 that order.  On 10.0.0.10, the same query shows a quick and valid
 response.  There resolv.conf has 127.0.0.1 then 192.168.1.1 as
 nameservers.

   <URL:http://bittersweet.inetarena.com/~karlheg/weird-dns.tar.gz>
     OR
   <URL:http://bittersweet.inetarena.com/~karlheg/weird-dns/>

 Notice that the second packet is a DNS response from 10.0.0.10, the
 proxy gateway box.  The same packet is different depending on which
 computer it was seen from!  From the machine that sent the response
 (.10) the packet is 3 bytes smaller than seen from the machine that
 recieved it (.11), and the address in the last part of the DNS
 response is different.  It sent `.1' but `.0' was recieved.  The
 similar thing happens in the first response packet coming from the
 secondary nameserver - the last digit sent is `.1', but the last
 digit recieved is `.3'.  What is causing this???

  The time differences in the capture is because of misconfigured
  /etc/timezone on the laptop (.11); I just fixed that, and it's not
  relevant.



More information about the bind-users mailing list