Intermitting problems with resolutions in caching name server
Mark Andrews
Mark_Andrews at isc.org
Mon Dec 22 02:01:33 UTC 2008
Looks like someone is running a "transparent" DNS proxy and
is intercepting your queries. You see these sorts of results
in hotels which just re-direct all DNS queries to a local
recursive server.
First thing I would be looking at is your NAT box and making
sure it is not doing the interception.
For reference below is what the responses should look like.
Note the servers for redhat.com are allowing you to see
their cache contents so the final answer for that query
may vary.
Mark
; <<>> DiG 9.3.5-P2 <<>> +trace www.google.com
;; global options: printcmd
. 471722 IN NS l.root-servers.net.
. 471722 IN NS h.root-servers.net.
. 471722 IN NS j.root-servers.net.
. 471722 IN NS e.root-servers.net.
. 471722 IN NS d.root-servers.net.
. 471722 IN NS c.root-servers.net.
. 471722 IN NS i.root-servers.net.
. 471722 IN NS g.root-servers.net.
. 471722 IN NS b.root-servers.net.
. 471722 IN NS f.root-servers.net.
. 471722 IN NS k.root-servers.net.
. 471722 IN NS m.root-servers.net.
. 471722 IN NS a.root-servers.net.
;; Received 504 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 492 bytes from 2001:500:3::42#53(l.root-servers.net) in 175 ms
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
;; Received 168 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 367 ms
www.google.com. 604800 IN CNAME www.l.google.com.
l.google.com. 86400 IN NS a.l.google.com.
l.google.com. 86400 IN NS e.l.google.com.
l.google.com. 86400 IN NS b.l.google.com.
l.google.com. 86400 IN NS d.l.google.com.
l.google.com. 86400 IN NS g.l.google.com.
l.google.com. 86400 IN NS f.l.google.com.
l.google.com. 86400 IN NS c.l.google.com.
;; Received 276 bytes from 216.239.32.10#53(ns1.google.com) in 186 ms
; <<>> DiG 9.3.5-P2 <<>> +trace www.redhat.com
;; global options: printcmd
. 471702 IN NS g.root-servers.net.
. 471702 IN NS h.root-servers.net.
. 471702 IN NS l.root-servers.net.
. 471702 IN NS k.root-servers.net.
. 471702 IN NS b.root-servers.net.
. 471702 IN NS a.root-servers.net.
. 471702 IN NS f.root-servers.net.
. 471702 IN NS j.root-servers.net.
. 471702 IN NS e.root-servers.net.
. 471702 IN NS i.root-servers.net.
. 471702 IN NS m.root-servers.net.
. 471702 IN NS c.root-servers.net.
. 471702 IN NS d.root-servers.net.
;; Received 504 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS A.GTLD-SERVERS.NET.
;; Received 492 bytes from 192.112.36.4#53(g.root-servers.net) in 226 ms
redhat.com. 172800 IN NS ns1.redhat.com.
redhat.com. 172800 IN NS ns2.redhat.com.
redhat.com. 172800 IN NS ns3.redhat.com.
;; Received 134 bytes from 192.26.92.30#53(C.GTLD-SERVERS.NET) in 236 ms
www.redhat.com. 60 IN CNAME www.redhat.com.edgekey.net.
www.redhat.com.edgekey.net. 2138 IN CNAME www.redhat.com.edgekey.net.globalredir.akadns.net.
www.redhat.com.edgekey.net.globalredir.akadns.net. 3130 IN CNAME e86.b.akamaiedge.net.
e86.b.akamaiedge.net. 12 IN A 96.6.32.112
b.akamaiedge.net. 853 IN NS n4b.akamaiedge.net.
b.akamaiedge.net. 853 IN NS n5b.akamaiedge.net.
b.akamaiedge.net. 853 IN NS n6b.akamaiedge.net.
b.akamaiedge.net. 853 IN NS n7b.akamaiedge.net.
b.akamaiedge.net. 853 IN NS n8b.akamaiedge.net.
b.akamaiedge.net. 853 IN NS n0b.akamaiedge.net.
b.akamaiedge.net. 853 IN NS n1b.akamaiedge.net.
b.akamaiedge.net. 853 IN NS n2b.akamaiedge.net.
b.akamaiedge.net. 853 IN NS n3b.akamaiedge.net.
;; Received 341 bytes from 66.187.233.210#53(ns1.redhat.com) in 223 ms
In message <f1b68ea6-7257-4d19-a602-2bec0daadaa8 at n33g2000pri.googlegroups.com>,
Ganniterix writes:
> Hi all. Hope someone can enlighten me. I have a strange problem with
> my caching name server, and I have run out of ideas on where to debug
> next. Basically my BIND server decides on it's own which names to
> resolve and which not. For example ...
>
> [root at server named]# dig +trace www.google.com
>
> ; <<>> DiG 9.5.1b3-RedHat-9.5.1-0.9.b3.fc10 <<>> +trace www.google.com
> ;; global options: printcmd
> . 518400 IN NS L.ROOT-SERVERS.NET.
> . 518400 IN NS C.ROOT-SERVERS.NET.
> . 518400 IN NS H.ROOT-SERVERS.NET.
> . 518400 IN NS I.ROOT-SERVERS.NET.
> . 518400 IN NS G.ROOT-SERVERS.NET.
> . 518400 IN NS B.ROOT-SERVERS.NET.
> . 518400 IN NS E.ROOT-SERVERS.NET.
> . 518400 IN NS J.ROOT-SERVERS.NET.
> . 518400 IN NS M.ROOT-SERVERS.NET.
> . 518400 IN NS K.ROOT-SERVERS.NET.
> . 518400 IN NS A.ROOT-SERVERS.NET.
> . 518400 IN NS D.ROOT-SERVERS.NET.
> . 518400 IN NS F.ROOT-SERVERS.NET.
> ;; Received 288 bytes from 172.16.0.1#53(172.16.0.1) in 1 ms
>
> www.google.com. 397954 IN CNAME www.l.google.com.
> www.l.google.com. 3 IN A 209.85.135.104
> www.l.google.com. 3 IN A 209.85.135.147
> www.l.google.com. 3 IN A 209.85.135.99
> www.l.google.com. 3 IN A 209.85.135.103
> l.google.com. 52352 IN NS b.l.google.com.
> l.google.com. 52352 IN NS c.l.google.com.
> l.google.com. 52352 IN NS d.l.google.com.
> l.google.com. 52352 IN NS e.l.google.com.
> l.google.com. 52352 IN NS f.l.google.com.
> l.google.com. 52352 IN NS g.l.google.com.
> l.google.com. 52352 IN NS a.l.google.com.
> ;; Received 340 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 102
> ms
>
> .... this works!! But this ...
>
> [root at server named]# dig +trace www.redhat.com
>
> ; <<>> DiG 9.5.1b3-RedHat-9.5.1-0.9.b3.fc10 <<>> +trace www.redhat.com
> ;; global options: printcmd
> . 518400 IN NS H.ROOT-SERVERS.NET.
> . 518400 IN NS D.ROOT-SERVERS.NET.
> . 518400 IN NS E.ROOT-SERVERS.NET.
> . 518400 IN NS B.ROOT-SERVERS.NET.
> . 518400 IN NS L.ROOT-SERVERS.NET.
> . 518400 IN NS K.ROOT-SERVERS.NET.
> . 518400 IN NS G.ROOT-SERVERS.NET.
> . 518400 IN NS C.ROOT-SERVERS.NET.
> . 518400 IN NS J.ROOT-SERVERS.NET.
> . 518400 IN NS F.ROOT-SERVERS.NET.
> . 518400 IN NS A.ROOT-SERVERS.NET.
> . 518400 IN NS M.ROOT-SERVERS.NET.
> . 518400 IN NS I.ROOT-SERVERS.NET.
> ;; Received 228 bytes from 172.16.0.1#53(172.16.0.1) in 1 ms
>
> redhat.com. 126692 IN NS ns1.redhat.com.
> redhat.com. 126692 IN NS ns2.redhat.com.
> redhat.com. 126692 IN NS ns3.redhat.com.
> ;; Received 134 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 105
> ms
>
> redhat.com. 126681 IN NS ns2.redhat.com.
> redhat.com. 126681 IN NS ns3.redhat.com.
> redhat.com. 126681 IN NS ns1.redhat.com.
> ;; BAD (HORIZONTAL) REFERRAL
> ;; Received 134 bytes from 66.187.224.210#53(ns2.redhat.com) in 16662
> ms
>
> does not.
>
> My base OS is Fedora Core 10, version of bind is 9.5.1. The
> configuration file in use is :
>
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> recursion yes;
> allow-query {
> localhost;
> 172.16/16;
> };
> listen-on port 53 {
> 127.0.0.1;
> 172.16.0.1;
> };
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> };
>
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
>
> category lame-servers {
> null;
> };
> };
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "named.loopback";
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
> include "/etc/rndc.key";
>
> My server is running behind the NAT firewall.
>
> Any suggestions where to continue?
> _______________________________________________
bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list