Mozilla, ipv6 and BIND

tmaestas at dnsconsultants.com tmaestas at dnsconsultants.com
Mon Mar 26 04:29:25 UTC 2001



	Funny that we were just talking about that.  See the few
	previous messages on this list.  My guess is that doubleclick's
	nameservers are broken.  A query for a record that exists as
	a record type other than what you are querying for should return
	the SOA for the zone, and a NOERROR status, not NXDOMAIN.

-Tim


On Sun, 25 Mar 2001, Joseph Fannin wrote:

> 
>      I'm having some trouble with Mozilla (Bugzilla bug #73298) that 
> seems to be related to ipv6 support in BIND.  Mozilla has some support 
> for ipv6, so it attempts to look up ipv6-type AAAA address records 
> before looking up "standard" A records.  When my resolver is pointed at 
> my ISP's nameservers, this is fine; but when I use the caching-only BIND 
> nameserver on my local LAN, all lookups of "ad.doubleclick.net" fail. 
> (Good riddance, right?  Well, no; Mozilla pops up a blocking dialog box 
> for every link to ad.doubleclick.net in a page -- very annoying).
>    I'm using the 100% stock RedHat caching-nameserver config of BIND 
> 8.2.3 to eliminate administrator error on my end in my bug hunt, so my 
> local BIND knows about the loopback address and the root nameserver 
> hints and looks up everything else itself.  Mozilla runs on 192.168.1.2 
> and the local nameserver runs on 192.168.2.1; the two subnets are joined 
> at the masquerading router (which has the external DNS 
> dhcp065-024-121-117.columbus.rr.com).  Running tcpdump on the router 
> during a (failing) attempt to lookup ad.doubleclick.net produces this:
> 
> 20:57:36.523434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27098+ 
> AAAA? ad.doubleclick.net. (36) (DF)
> 20:57:36.523434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27098+ 
> AAAA? ad.doubleclick.net. (36) (DF)
> 20:57:36.533434 eth1 < 192.168.2.1.1028 > 208.211.225.10.domain: 57923 
> AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:36.533434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 > 
> 208.211.225.10.domain: 57923 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:36.593434 eth0 < 208.211.225.10.domain > 
> dhcp065-024-121-117.columbus.rr.com.1028: 57923- 0/8/8 (365) (DF)
> 20:57:36.593434 eth1 > 208.211.225.10.domain > 192.168.2.1.1028: 57923- 
> 0/8/8 (365) (DF)
> 20:57:36.593434 eth1 < 192.168.2.1.1028 > 
> dcnyadgds2.doubleclick.net.domain: 5488 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:36.593434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 > 
> dcnyadgds2.doubleclick.net.domain: 5488 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:36.653434 eth0 < dcnyadgds2.doubleclick.net.domain > 
> dhcp065-024-121-117.columbus.rr.com.1028: 5488 NXDomain- 0/0/0 (37) (DF)
> 20:57:36.653434 eth1 > dcnyadgds2.doubleclick.net.domain > 
> 192.168.2.1.1028: 5488 NXDomain- 0/0/0 (37) (DF)
> 20:57:36.663434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27098 
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 20:57:36.663434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27098 
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 20:57:36.663434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27099+ 
> AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:36.663434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27099+ 
> AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:36.663434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27099 
> NXDomain 0/1/0 (112) (DF)
> 20:57:36.663434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27099 
> NXDomain 0/1/0 (112) (DF)
> 20:57:36.663434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27100+ A? 
> ad.doubleclick.net. (36) (DF)
> 20:57:36.663434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27100+ A? 
> ad.doubleclick.net. (36) (DF)
> 20:57:36.663434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27100 
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 20:57:36.663434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27100 
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 20:57:36.663434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27101+ A? 
> ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:36.663434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27101+ A? 
> ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:36.673434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27101 
> NXDomain 0/1/0 (112) (DF)
> 20:57:36.673434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27101 
> NXDomain 0/1/0 (112) (DF)
> 20:57:41.773434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27102+ 
> AAAA? ad.doubleclick.net. (36) (DF)
> 20:57:41.773434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27102+ 
> AAAA? ad.doubleclick.net. (36) (DF)
> 20:57:41.783434 eth1 < 192.168.2.1.1028 > 208.211.225.10.domain: 59703 
> AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:41.783434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 > 
> 208.211.225.10.domain: 59703 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:41.823434 eth0 < 208.211.225.10.domain > 
> dhcp065-024-121-117.columbus.rr.com.1028: 59703- 0/8/8 (365) (DF)
> 20:57:41.823434 eth1 > 208.211.225.10.domain > 192.168.2.1.1028: 59703- 
> 0/8/8 (365) (DF)
> 20:57:41.833434 eth1 < 192.168.2.1.1028 > 208.32.211.70.domain: 26398 
> AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:41.833434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 > 
> 208.32.211.70.domain: 26398 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:41.963434 eth0 < 208.32.211.70.domain > 
> dhcp065-024-121-117.columbus.rr.com.1028: 26398 NXDomain- 0/0/0 (37) (DF)
> 20:57:41.963434 eth1 > 208.32.211.70.domain > 192.168.2.1.1028: 26398 
> NXDomain- 0/0/0 (37) (DF)
> 20:57:41.963434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27102 
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 20:57:41.963434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27102 
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 20:57:41.963434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27103+ 
> AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:41.963434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27103+ 
> AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:41.963434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27103 
> NXDomain 0/1/0 (112) (DF)
> 20:57:41.963434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27103 
> NXDomain 0/1/0 (112) (DF)
> 20:57:41.963434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27104+ A? 
> ad.doubleclick.net. (36) (DF)
> 20:57:41.963434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27104+ A? 
> ad.doubleclick.net. (36) (DF)
> 20:57:41.963434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27104 
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 20:57:41.963434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27104 
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 20:57:41.973434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27105+ A? 
> ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:41.983434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27105+ A? 
> ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:41.983434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27105 
> NXDomain 0/1/0 (112) (DF)
> 20:57:41.983434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27105 
> NXDomain 0/1/0 (112) (DF)
> 
> 
>    The 5th and 6th lines from the bottom seem strange to me.  Why would 
> BIND report "no such domain" and an CNAME record at the same time?  For 
> comparison, here is a tcpdump log of a successful lookup via my ISP's 
> nameserver (clmboh1-dns3.columbus.rr.com):
> 
> 21:04:23.773434 eth2 < 192.168.1.2.1039 > 
> clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net. 
> (36) (DF)
> 21:04:23.773434 eth0 > dhcp065-024-121-117.columbus.rr.com.1039 > 
> clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net. 
> (36) (DF)
> 21:04:24.403434 eth0 < clmboh1-dns3.columbus.rr.com.domain > 
> dhcp065-024-121-117.columbus.rr.com.1039: 57077 ServFail 1/0/0 CNAME 
> gd7.doubleclick.net. (54) (DF)
> 21:04:24.403434 eth2 > clmboh1-dns3.columbus.rr.com.domain > 
> 192.168.1.2.1039: 57077 ServFail 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 21:04:24.403434 eth2 < 192.168.1.2.1039 > 
> clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net. 
> (36) (DF)
> 21:04:24.403434 eth0 > dhcp065-024-121-117.columbus.rr.com.1039 > 
> clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net. 
> (36) (DF)
> 21:04:24.983434 eth0 < clmboh1-dns3.columbus.rr.com.domain > 
> dhcp065-024-121-117.columbus.rr.com.1039: 57077 1/0/0 CNAME 
> gd7.doubleclick.net. (72) (DF)
> 21:04:24.983434 eth2 > clmboh1-dns3.columbus.rr.com.domain > 
> 192.168.1.2.1039: 57077 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 21:04:24.983434 eth2 < 192.168.1.2.1039 > 
> clmboh1-dns3.columbus.rr.com.domain: 57078+ A? ad.doubleclick.net. (36) (DF)
> 21:04:24.983434 eth0 > dhcp065-024-121-117.columbus.rr.com.1039 > 
> clmboh1-dns3.columbus.rr.com.domain: 57078+ A? ad.doubleclick.net. (36) (DF)
> 21:04:25.013434 eth0 < clmboh1-dns3.columbus.rr.com.domain > 
> dhcp065-024-121-117.columbus.rr.com.1039: 57078 2/8/8 CNAME 
> gd7.doubleclick.net., A ad.us.doubleclick.net (398) (DF)
> 21:04:25.013434 eth2 > clmboh1-dns3.columbus.rr.com.domain > 
> 192.168.1.2.1039: 57078 2/8/8 CNAME gd7.doubleclick.net., A 
> ad.us.doubleclick.net (398) (DF)
> 21:04:25.013434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: S 
> 1225558505:1225558505(0) win 5840 <mss 1460,sackOK,timestamp 29465282 
> 0,nop,wscale 0> (DF)
> 21:04:25.013434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 > 
> ad.us.doubleclick.net.www: S 1225558505:1225558505(0) win 5840 <mss 
> 1460,sackOK,timestamp 29465282 0,nop,wscale 0> (DF) [tos 0x10]
> 21:04:25.053434 eth0 < ad.us.doubleclick.net.www > 
> dhcp065-024-121-117.columbus.rr.com.1421: S 1649240000:1649240000(0) ack 
> 1225558506 win 8760 <mss 1460>
> 21:04:25.053434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: S 
> 1649240000:1649240000(0) ack 1225558506 win 8760 <mss 1460>
> 21:04:25.063434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: . 
> 1:1(0) ack 1 win 5840 (DF)
> 21:04:25.063434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 > 
> ad.us.doubleclick.net.www: . 1:1(0) ack 1 win 5840 (DF) [tos 0x10]
> 21:04:25.063434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: P 
> 1:378(377) ack 1 win 5840 (DF)
> 21:04:25.063434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 > 
> ad.us.doubleclick.net.www: P 1:378(377) ack 1 win 5840 (DF) [tos 0x10]
> 21:04:25.113434 eth0 < ad.us.doubleclick.net.www > 
> dhcp065-024-121-117.columbus.rr.com.1421: P 1:441(440) ack 378 win 8383
> 21:04:25.113434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: P 
> 1:441(440) ack 378 win 8383
> 21:04:25.113434 eth0 < ad.us.doubleclick.net.www > 
> dhcp065-024-121-117.columbus.rr.com.1421: F 441:441(0) ack 378 win 8383
> 21:04:25.113434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: F 
> 441:441(0) ack 378 win 8383
> 21:04:25.113434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: . 
> 378:378(0) ack 441 win 6432 (DF)
> 21:04:25.113434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 > 
> ad.us.doubleclick.net.www: . 378:378(0) ack 441 win 6432 (DF) [tos 0x10]
> 21:04:25.113434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: F 
> 378:378(0) ack 442 win 6432 (DF)
> 21:04:25.113434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 > 
> ad.us.doubleclick.net.www: F 378:378(0) ack 442 win 6432 (DF) [tos 0x10]
> 21:04:25.163434 eth0 < ad.us.doubleclick.net.www > 
> dhcp065-024-121-117.columbus.rr.com.1421: . 442:442(0) ack 379 win 8383
> 21:04:25.163434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: . 
> 442:442(0) ack 379 win 8383
> 
>    Is this an obvious misconfiguration on my (RedHat's) part?  A bug in 
> BIND?  A bug in Mozilla?  The result of botched DNS records at 
> doubleclick.net?  Or all four?  I'm a bit over my head on this one, 
> trying to at least narrow the problem down to one system; can anyone see 
> where the problem lies?  Any help would be appreciated.
> 
> --
> Joseph Fannin
> jhf at rivenstone.net
> 
> 
> 
> 
> 



More information about the bind-users mailing list