Unexpected behaviour from the B root servers? Am I setup wrong?

Mark Andrews Mark_Andrews at isc.org
Mon Feb 26 04:48:42 UTC 2007


> I am only seeing this with the B systems at the moment.. and I am
> trying to figure out how I should 'fix' my firewall or backbone DNS
> server to deal with it.
> 
> Our campus DNS servers will 'proxy' a request to the backbone DNS
> servers and when it talks to the B servers, we get requests back from
> different IP address from what we sent to (thus our firewall drops it
> as a bad session).
> 
> 129.24.8.1.32768 > 192.228.79.201.domain
> 192.228.79.200.domain > 129.24.8.1.32768
> 192.228.79.202.domain > 129.24.8.1.32768
> 192.228.79.201.domain > 129.24.8.1.32768
> 
> This really picked up on Saturday when pretty much every send to the
> 192.228.79.201 server got 1 to 2 other returns from b1.ip4.int,
> b2.ip4.int etc.
> 
> The only other servers that the firewall seems to be dropping are some
> 'questionable' ones in Romania that showed up over the weekend.

	The first thing you need to do is figure out where the
	"duplication" is occuring.  

	As a datapoint, I don't see it from here when talking to
	"b2".

15:45:37.180796 220.239.253.18.60656 > 192.228.79.201.53:  36120 TXT CHAOS? hostname.bind. (31)
15:45:37.337522 192.228.79.201.53 > 220.239.253.18.60656:  36120*- 1/1/0 CHAOS TXT b2 (60) (DF)

; <<>> DiG 9.3.3 <<>> hostname.bind txt ch +norec @b.root-servers.net
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36120
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;hostname.bind.                 CH      TXT

;; ANSWER SECTION:
hostname.bind.          0       CH      TXT     "b2"

;; AUTHORITY SECTION:
hostname.bind.          0       CH      NS      hostname.bind.

;; Query time: 158 msec
;; SERVER: 192.228.79.201#53(192.228.79.201)
;; WHEN: Mon Feb 26 15:45:37 2007
;; MSG SIZE  rcvd: 60

 
> -- 
> Stephen J Smoogen. -- CSIRT/Linux System Administrator
> How far that little candle throws his beams! So shines a good deed
> in a naughty world. = Shakespeare. "The Merchant of Venice"
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list