<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type"/>
</head><body style="">
<div>
<p>There are three(3) cases as mentioned below.</p>
<p>Case I<br/>Request from DMZ host(SNat to 172.28.0.2) to Internal of split DNS(172.28.0.11).<br/>We are able to NSLOOKUP for "registry.npmjs.org".<br/>We are able to wget/browse "https://registry.npmjs.org"</p>
<p>So, No issues in this.</p>
<p><br/>Case II<br/>Request from DMZ host(SNat to 196.1.113.242) to Public of split DNS(196.1.113.248).<br/>We are able to NSLOOKUP for "registry.npmjs.org".<br/>We are NOT able to wget/browse "https://registry.npmjs.org"</p>
<p>So, this we want to fix.</p>
<p>Observation: In the TCP dump on the interface with IP address "196.1.113.248", we see that the DMZ host is trying to re-transmitting SYN packets to DNS server multiple times.<br/>We cannot do telnet(TCP) from DMZ host to 196.1.113.248 and thats the expected behaviour.</p>
<p>The question is why it is switching from UDP to TCP while we try to wget/browse and not the same is happening in Case I.</p>
<p><br/>Case III<br/>Executed for Troubleshooting.</p>
<p>Request from DMZ host(SNat to 196.1.113.242) to Google DNS(8.8.8.8).<br/>We are able to do NSLOOKUP for "registry.npmjs.org".<br/>We are able to wget/browse "https://registry.npmjs.org"</p>
<p>So, No issues in this.</p>
<p><br/>Hope the above gives more insight into the issue.</p>
<p> </p>
<p>Regards,</p>
<p>Purva Rawan</p>
</div>
<div>
<br/>On March 18, 2020 at 7:05 PM Warren Kumari <warren@kumari.net> wrote:
</div>
<div style="position: relative;">
<blockquote style="margin-left: 0px; padding-left: 10px; border-left: solid 1px blue;" type="cite">
<div dir="ltr">
<div dir="ltr">
<div style="font-family: verdana,sans-serif;" class="gmail_default">
</div>
</div>
<br/>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">
On Wed, Mar 18, 2020 at 9:03 AM Purva Rawan <
<a href="mailto:purvar@cdac.in">purvar@cdac.in</a>> wrote:
</div>
<blockquote style="margin: 0px 0px 0px 0.8ex; border-left: 1px solid #cccccc; padding-left: 1ex;">
<span style="text-decoration: underline;"></span>
<div>
<p>Hello ,</p>
<p><span style="font-size: 9pt;">We have configured splitDNS .Bind version is 9.9.2.We are able to lookup and browse to particular URL( e.g.</span><a target="_blank" href="https://registry.npmjs.org/">https://registry.npmjs.org</a><span style="font-size: 9pt;">) from internal network but the same URL when we tried from external network ,it failed to browse ,but able to do nslookup.We checked tcpdump logs and observed that DNS protocol switched from udp to tcp.</span></p>
<p><span style="font-size: 9pt;">Tcpdump logs for reference</span></p>
<p><span style="font-size: 9pt;">17:39:28.380918 ARP, Request who-has 196.1.113.242 tell 196.1.113.248, length 28</span></p>
<p>17:39:28.381205 ARP, Reply 196.1.113.242 is-at 00:09:0f:09:00:1a, length 46</p>
<p>17:39:30.395995 IP 196.1.113.242.54930 > 196.1.113.248.domain: Flags [S], seq 2177054283, win 14600, options [mss 1460,sackOK,TS val 2512104 ecr 0,nop,wscale 7], length 0</p>
<p>17:39:38.420575 IP 196.1.113.242.54930 > 196.1.113.248.domain: Flags [S], seq 2177054283, win 14600, options [mss 1460,sackOK,TS val 2520128 ecr 0,nop,wscale 7], length 0</p>
<p>17:39:54.451991 IP 196.1.113.242.54930 > 196.1.113.248.domain: Flags [S], seq 2177054283, win 14600, options [mss 1460,sackOK,TS val 2536160 ecr 0,nop,wscale 7], length 0</p>
<p>17:40:26.483591 IP 196.1.113.242.54930 > 196.1.113.248.domain: Flags [S], seq 2177054283, win 14600, options [mss 1460,sackOK,TS val 2568192 ecr 0,nop,wscale 7], length 0<span style="font-size: 9pt;"> </span></p>
<p>Kindly help to resolve the same.</p>
</div>
</blockquote>
<div>
<div style="font-family: verdana,sans-serif;" class="gmail_default">
You appear to have network / firewall, not DNS issues -- 196.1.113.242 is sending SYN (open a connection) packets to
<a href="http://ns1.cdac.in">ns1.cdac.in</a>, but is not getting any reply packets from it (assuming you included all of the tcpdump output) - this either means that
<a href="http://ns1.cdac.in">ns1.cdac.in</a> was down, or, more likely, that 196.1.113.242 cannot send packets to it on port 53.
</div>
<div style="font-family: verdana,sans-serif;" class="gmail_default">
As a quick and dirty test, can you telnet from 196.1.113.242 to port 53 on 196.1.113.248?
</div>
<div style="font-family: verdana,sans-serif;" class="gmail_default">
</div>
<div style="font-family: verdana,sans-serif;" class="gmail_default">
W
</div>
</div>
<div>
</div>
<div>
</div>
<blockquote style="margin: 0px 0px 0px 0.8ex; border-left: 1px solid #cccccc; padding-left: 1ex;">
<div>
<div>
Regards,
</div>
<div>
</div>
<div id="gmail-m_8388359717922935410ox-signature">
Purva Rawan
<br/>
<br/>
</div>
<br/>
<img id="170edd4aea861a901ab1" alt="150th Anniversary Mahatma Gandhi" src="cid:170edd4aea861a901ab1@Open-Xchange" border="0"/>
<br/>
<br/>------------------------------------------------------------------------------------------------------------
<br/>[ C-DAC is on Social-Media too. Kindly follow us at:
<br/>Facebook:
<a target="_blank" href="https://www.facebook.com/CDACINDIA">https://www.facebook.com/CDACINDIA</a> & Twitter: @cdacindia ]
<br/>
<br/>This e-mail is for the sole use of the intended recipient(s) and may
<br/>contain confidential and privileged information. If you are not the
<br/>intended recipient, please contact the sender by reply e-mail and destroy
<br/>all copies and the original message. Any unauthorized review, use,
<br/>disclosure, dissemination, forwarding, printing or copying of this email
<br/>is strictly prohibited and appropriate legal action will be taken.
<br/>------------------------------------------------------------------------------------------------------------
</div> _______________________________________________
<br/> Please visit
<a target="_blank" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
<br/>
<br/> bind-users mailing list
<br/>
<a target="_blank" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<br/>
<a target="_blank" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
</blockquote>
</div>
<br clear="all"/>
<div>
</div> --
<br/>
<div dir="ltr" class="gmail_signature">
I don't think the execution is relevant when it was obviously a bad idea in the first place.
<br/>This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.
<br/> ---maf
</div>
</div>
</blockquote>
<br/>
</div>
<br />
<img alt="150th Anniversary Mahatma Gandhi" src="cid:signature.jpg">
<br />
<br />------------------------------------------------------------------------------------------------------------
<br />[ C-DAC is on Social-Media too. Kindly follow us at:
<br />Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
<br />
<br />This e-mail is for the sole use of the intended recipient(s) and may
<br />contain confidential and privileged information. If you are not the
<br />intended recipient, please contact the sender by reply e-mail and destroy
<br />all copies and the original message. Any unauthorized review, use,
<br />disclosure, dissemination, forwarding, printing or copying of this email
<br />is strictly prohibited and appropriate legal action will be taken.
<br />------------------------------------------------------------------------------------------------------------
</body></html>