Mozilla, ipv6 and BIND
tmaestas at dnsconsultants.com
tmaestas at dnsconsultants.com
Mon Mar 26 04:29:25 UTC 2001
Funny that we were just talking about that. See the few
previous messages on this list. My guess is that doubleclick's
nameservers are broken. A query for a record that exists as
a record type other than what you are querying for should return
the SOA for the zone, and a NOERROR status, not NXDOMAIN.
-Tim
On Sun, 25 Mar 2001, Joseph Fannin wrote:
>
> I'm having some trouble with Mozilla (Bugzilla bug #73298) that
> seems to be related to ipv6 support in BIND. Mozilla has some support
> for ipv6, so it attempts to look up ipv6-type AAAA address records
> before looking up "standard" A records. When my resolver is pointed at
> my ISP's nameservers, this is fine; but when I use the caching-only BIND
> nameserver on my local LAN, all lookups of "ad.doubleclick.net" fail.
> (Good riddance, right? Well, no; Mozilla pops up a blocking dialog box
> for every link to ad.doubleclick.net in a page -- very annoying).
> I'm using the 100% stock RedHat caching-nameserver config of BIND
> 8.2.3 to eliminate administrator error on my end in my bug hunt, so my
> local BIND knows about the loopback address and the root nameserver
> hints and looks up everything else itself. Mozilla runs on 192.168.1.2
> and the local nameserver runs on 192.168.2.1; the two subnets are joined
> at the masquerading router (which has the external DNS
> dhcp065-024-121-117.columbus.rr.com). Running tcpdump on the router
> during a (failing) attempt to lookup ad.doubleclick.net produces this:
>
> 20:57:36.523434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27098+
> AAAA? ad.doubleclick.net. (36) (DF)
> 20:57:36.523434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27098+
> AAAA? ad.doubleclick.net. (36) (DF)
> 20:57:36.533434 eth1 < 192.168.2.1.1028 > 208.211.225.10.domain: 57923
> AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:36.533434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 >
> 208.211.225.10.domain: 57923 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:36.593434 eth0 < 208.211.225.10.domain >
> dhcp065-024-121-117.columbus.rr.com.1028: 57923- 0/8/8 (365) (DF)
> 20:57:36.593434 eth1 > 208.211.225.10.domain > 192.168.2.1.1028: 57923-
> 0/8/8 (365) (DF)
> 20:57:36.593434 eth1 < 192.168.2.1.1028 >
> dcnyadgds2.doubleclick.net.domain: 5488 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:36.593434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 >
> dcnyadgds2.doubleclick.net.domain: 5488 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:36.653434 eth0 < dcnyadgds2.doubleclick.net.domain >
> dhcp065-024-121-117.columbus.rr.com.1028: 5488 NXDomain- 0/0/0 (37) (DF)
> 20:57:36.653434 eth1 > dcnyadgds2.doubleclick.net.domain >
> 192.168.2.1.1028: 5488 NXDomain- 0/0/0 (37) (DF)
> 20:57:36.663434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27098
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 20:57:36.663434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27098
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 20:57:36.663434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27099+
> AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:36.663434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27099+
> AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:36.663434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27099
> NXDomain 0/1/0 (112) (DF)
> 20:57:36.663434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27099
> NXDomain 0/1/0 (112) (DF)
> 20:57:36.663434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27100+ A?
> ad.doubleclick.net. (36) (DF)
> 20:57:36.663434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27100+ A?
> ad.doubleclick.net. (36) (DF)
> 20:57:36.663434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27100
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 20:57:36.663434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27100
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 20:57:36.663434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27101+ A?
> ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:36.663434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27101+ A?
> ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:36.673434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27101
> NXDomain 0/1/0 (112) (DF)
> 20:57:36.673434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27101
> NXDomain 0/1/0 (112) (DF)
> 20:57:41.773434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27102+
> AAAA? ad.doubleclick.net. (36) (DF)
> 20:57:41.773434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27102+
> AAAA? ad.doubleclick.net. (36) (DF)
> 20:57:41.783434 eth1 < 192.168.2.1.1028 > 208.211.225.10.domain: 59703
> AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:41.783434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 >
> 208.211.225.10.domain: 59703 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:41.823434 eth0 < 208.211.225.10.domain >
> dhcp065-024-121-117.columbus.rr.com.1028: 59703- 0/8/8 (365) (DF)
> 20:57:41.823434 eth1 > 208.211.225.10.domain > 192.168.2.1.1028: 59703-
> 0/8/8 (365) (DF)
> 20:57:41.833434 eth1 < 192.168.2.1.1028 > 208.32.211.70.domain: 26398
> AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:41.833434 eth0 > dhcp065-024-121-117.columbus.rr.com.1028 >
> 208.32.211.70.domain: 26398 AAAA? gd7.doubleclick.net. (37) (DF)
> 20:57:41.963434 eth0 < 208.32.211.70.domain >
> dhcp065-024-121-117.columbus.rr.com.1028: 26398 NXDomain- 0/0/0 (37) (DF)
> 20:57:41.963434 eth1 > 208.32.211.70.domain > 192.168.2.1.1028: 26398
> NXDomain- 0/0/0 (37) (DF)
> 20:57:41.963434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27102
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 20:57:41.963434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27102
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 20:57:41.963434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27103+
> AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:41.963434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27103+
> AAAA? ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:41.963434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27103
> NXDomain 0/1/0 (112) (DF)
> 20:57:41.963434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27103
> NXDomain 0/1/0 (112) (DF)
> 20:57:41.963434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27104+ A?
> ad.doubleclick.net. (36) (DF)
> 20:57:41.963434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27104+ A?
> ad.doubleclick.net. (36) (DF)
> 20:57:41.963434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27104
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 20:57:41.963434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27104
> NXDomain 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 20:57:41.973434 eth2 < 192.168.1.2.1039 > 192.168.2.1.domain: 27105+ A?
> ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:41.983434 eth1 > 192.168.1.2.1039 > 192.168.2.1.domain: 27105+ A?
> ad.doubleclick.net.rivenstone.net. (51) (DF)
> 20:57:41.983434 eth1 < 192.168.2.1.domain > 192.168.1.2.1039: 27105
> NXDomain 0/1/0 (112) (DF)
> 20:57:41.983434 eth2 > 192.168.2.1.domain > 192.168.1.2.1039: 27105
> NXDomain 0/1/0 (112) (DF)
>
>
> The 5th and 6th lines from the bottom seem strange to me. Why would
> BIND report "no such domain" and an CNAME record at the same time? For
> comparison, here is a tcpdump log of a successful lookup via my ISP's
> nameserver (clmboh1-dns3.columbus.rr.com):
>
> 21:04:23.773434 eth2 < 192.168.1.2.1039 >
> clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net.
> (36) (DF)
> 21:04:23.773434 eth0 > dhcp065-024-121-117.columbus.rr.com.1039 >
> clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net.
> (36) (DF)
> 21:04:24.403434 eth0 < clmboh1-dns3.columbus.rr.com.domain >
> dhcp065-024-121-117.columbus.rr.com.1039: 57077 ServFail 1/0/0 CNAME
> gd7.doubleclick.net. (54) (DF)
> 21:04:24.403434 eth2 > clmboh1-dns3.columbus.rr.com.domain >
> 192.168.1.2.1039: 57077 ServFail 1/0/0 CNAME gd7.doubleclick.net. (54) (DF)
> 21:04:24.403434 eth2 < 192.168.1.2.1039 >
> clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net.
> (36) (DF)
> 21:04:24.403434 eth0 > dhcp065-024-121-117.columbus.rr.com.1039 >
> clmboh1-dns3.columbus.rr.com.domain: 57077+ AAAA? ad.doubleclick.net.
> (36) (DF)
> 21:04:24.983434 eth0 < clmboh1-dns3.columbus.rr.com.domain >
> dhcp065-024-121-117.columbus.rr.com.1039: 57077 1/0/0 CNAME
> gd7.doubleclick.net. (72) (DF)
> 21:04:24.983434 eth2 > clmboh1-dns3.columbus.rr.com.domain >
> 192.168.1.2.1039: 57077 1/0/0 CNAME gd7.doubleclick.net. (72) (DF)
> 21:04:24.983434 eth2 < 192.168.1.2.1039 >
> clmboh1-dns3.columbus.rr.com.domain: 57078+ A? ad.doubleclick.net. (36) (DF)
> 21:04:24.983434 eth0 > dhcp065-024-121-117.columbus.rr.com.1039 >
> clmboh1-dns3.columbus.rr.com.domain: 57078+ A? ad.doubleclick.net. (36) (DF)
> 21:04:25.013434 eth0 < clmboh1-dns3.columbus.rr.com.domain >
> dhcp065-024-121-117.columbus.rr.com.1039: 57078 2/8/8 CNAME
> gd7.doubleclick.net., A ad.us.doubleclick.net (398) (DF)
> 21:04:25.013434 eth2 > clmboh1-dns3.columbus.rr.com.domain >
> 192.168.1.2.1039: 57078 2/8/8 CNAME gd7.doubleclick.net., A
> ad.us.doubleclick.net (398) (DF)
> 21:04:25.013434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: S
> 1225558505:1225558505(0) win 5840 <mss 1460,sackOK,timestamp 29465282
> 0,nop,wscale 0> (DF)
> 21:04:25.013434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
> ad.us.doubleclick.net.www: S 1225558505:1225558505(0) win 5840 <mss
> 1460,sackOK,timestamp 29465282 0,nop,wscale 0> (DF) [tos 0x10]
> 21:04:25.053434 eth0 < ad.us.doubleclick.net.www >
> dhcp065-024-121-117.columbus.rr.com.1421: S 1649240000:1649240000(0) ack
> 1225558506 win 8760 <mss 1460>
> 21:04:25.053434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: S
> 1649240000:1649240000(0) ack 1225558506 win 8760 <mss 1460>
> 21:04:25.063434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: .
> 1:1(0) ack 1 win 5840 (DF)
> 21:04:25.063434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
> ad.us.doubleclick.net.www: . 1:1(0) ack 1 win 5840 (DF) [tos 0x10]
> 21:04:25.063434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: P
> 1:378(377) ack 1 win 5840 (DF)
> 21:04:25.063434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
> ad.us.doubleclick.net.www: P 1:378(377) ack 1 win 5840 (DF) [tos 0x10]
> 21:04:25.113434 eth0 < ad.us.doubleclick.net.www >
> dhcp065-024-121-117.columbus.rr.com.1421: P 1:441(440) ack 378 win 8383
> 21:04:25.113434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: P
> 1:441(440) ack 378 win 8383
> 21:04:25.113434 eth0 < ad.us.doubleclick.net.www >
> dhcp065-024-121-117.columbus.rr.com.1421: F 441:441(0) ack 378 win 8383
> 21:04:25.113434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: F
> 441:441(0) ack 378 win 8383
> 21:04:25.113434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: .
> 378:378(0) ack 441 win 6432 (DF)
> 21:04:25.113434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
> ad.us.doubleclick.net.www: . 378:378(0) ack 441 win 6432 (DF) [tos 0x10]
> 21:04:25.113434 eth2 < 192.168.1.2.1421 > ad.us.doubleclick.net.www: F
> 378:378(0) ack 442 win 6432 (DF)
> 21:04:25.113434 eth0 > dhcp065-024-121-117.columbus.rr.com.1421 >
> ad.us.doubleclick.net.www: F 378:378(0) ack 442 win 6432 (DF) [tos 0x10]
> 21:04:25.163434 eth0 < ad.us.doubleclick.net.www >
> dhcp065-024-121-117.columbus.rr.com.1421: . 442:442(0) ack 379 win 8383
> 21:04:25.163434 eth2 > ad.us.doubleclick.net.www > 192.168.1.2.1421: .
> 442:442(0) ack 379 win 8383
>
> Is this an obvious misconfiguration on my (RedHat's) part? A bug in
> BIND? A bug in Mozilla? The result of botched DNS records at
> doubleclick.net? Or all four? I'm a bit over my head on this one,
> trying to at least narrow the problem down to one system; can anyone see
> where the problem lies? Any help would be appreciated.
>
> --
> Joseph Fannin
> jhf at rivenstone.net
>
>
>
>
>
More information about the bind-users
mailing list