Unexpected behaviour from the B root servers? Am I setup wrong?
Mark_Andrews at isc.org
Mon Feb 26 04:48:42 UTC 2007
> I am only seeing this with the B systems at the moment.. and I am
> trying to figure out how I should 'fix' my firewall or backbone DNS
> server to deal with it.
> Our campus DNS servers will 'proxy' a request to the backbone DNS
> servers and when it talks to the B servers, we get requests back from
> different IP address from what we sent to (thus our firewall drops it
> as a bad session).
> 220.127.116.11.32768 > 18.104.22.168.domain
> 22.214.171.124.domain > 126.96.36.199.32768
> 188.8.131.52.domain > 184.108.40.206.32768
> 220.127.116.11.domain > 18.104.22.168.32768
> This really picked up on Saturday when pretty much every send to the
> 22.214.171.124 server got 1 to 2 other returns from b1.ip4.int,
> b2.ip4.int etc.
> The only other servers that the firewall seems to be dropping are some
> 'questionable' ones in Romania that showed up over the weekend.
The first thing you need to do is figure out where the
"duplication" is occuring.
As a datapoint, I don't see it from here when talking to
15:45:37.180796 126.96.36.199.60656 > 188.8.131.52.53: 36120 TXT CHAOS? hostname.bind. (31)
15:45:37.337522 184.108.40.206.53 > 220.127.116.11.60656: 36120*- 1/1/0 CHAOS TXT b2 (60) (DF)
; <<>> DiG 9.3.3 <<>> hostname.bind txt ch +norec @b.root-servers.net
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36120
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;hostname.bind. CH TXT
;; ANSWER SECTION:
hostname.bind. 0 CH TXT "b2"
;; AUTHORITY SECTION:
hostname.bind. 0 CH NS hostname.bind.
;; Query time: 158 msec
;; SERVER: 18.104.22.168#53(22.214.171.124)
;; WHEN: Mon Feb 26 15:45:37 2007
;; MSG SIZE rcvd: 60
> Stephen J Smoogen. -- CSIRT/Linux System Administrator
> How far that little candle throws his beams! So shines a good deed
> in a naughty world. = Shakespeare. "The Merchant of Venice"
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users