DNS not resolving for a particular domain only
U Zee
uzee001 at yahoo.com
Fri Aug 11 22:19:30 UTC 2017
Thanks for the suggestion Grant.
Here's what I get for the recursive server's capture: ( I queried from the recursive server itself from another ssh session so it is the client as well)
# tcpdump -v -v -nt -i eth0 udp port 53|grep lenovotcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? www.lenovo.com. (32) 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? www.lenovo.com. (32) 86.36.AA.BB.36143 > 193.108.91.79.domain: [bad udp cksum c63c!] 12966 [1au] A? www.lenovo.com. ar: . OPT UDPsize=4096 OK (43) 193.108.91.79.domain > 86.36.AA.BB.36143: [udp sum ok] 12966*- q: A? www.lenovo.com. 1/0/1 www.lenovo.com. CNAME cs47.can.lnvcdn.net. ar: . OPT UDPsize=4096 OK (76) 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? www.lenovo.com. (32) 86.36.AA.BB.10224 > 86.36.DD.EE.domain: [bad udp cksum 18c7!] 12721 [1au] A? www.lenovo.com.ourdomain.com. ar: . OPT UDPsize=4096 OK (57) 86.36.DD.EE.domain > 86.36.AA.BB.10224: [udp sum ok] 12721 NXDomain*- q: A? www.lenovo.com.ourdomain.com. 0/1/1 ns: ourdomain.com. SOA master.ourdomain.com. host-master.ourparentdomain.com. 138524105 900 450 3600000 60 ar: . OPT UDPsize=4096 OK (138) 86.36.AA.CC.domain > 86.36.AA.BB.45776: [udp sum ok] 34468 ServFail q: A? www.lenovo.com. 0/0/0 (32)
86.36.AA.BB = localhost (our recursive server) where I ran the query and capture
86.36.AA.CC = our secondary recursive server (no idea why that was contacted)
86.36.DD.EE = our one of two anycast addresses which point to the recursive servers
So it looks like we do get to the CNAME (4th line) but still it fails...?I also tried a capture from a regular linux client but the output was similar except that it didn't include the CNAME line.
Frankly I have no idea if this is giving any useful info. I did see that for other queries also I saw bad udp cksum messages so not sure if thats an actual problem.
Do you see anything specific that might help us diagnose further?
Thanks
From: Grant Taylor via bind-users <bind-users at lists.isc.org>
To: bind-users at lists.isc.org
Sent: Friday, August 11, 2017 7:06 PM
Subject: Re: DNS not resolving for a particular domain only
On 08/11/2017 06:49 AM, U Zee via bind-users wrote:
> Any ideas please???
I'm seeing different A records returned depending on where I query from.
As such I can only speculate that something related to DNS for a CDN is
not working as desired.
I'd suggest a packet capture of the client's DNS traffic and possibly
(if not likely) the client's recursive DNS server's traffic (related to
the query.)
--
Grant. . . .
unix || die
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170811/ea6ec2f0/attachment-0001.html>
More information about the bind-users
mailing list