Re: major DNS hiccup
- From: Mike Scott <usenet.10@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 17 Jul 2006 10:48:36 GMT
Per Hedeland wrote:
In article <E5Rsg.96337$uP.82275@xxxxxxxxxxxxxxxxxxxx> Mike Scott
<usenet.10@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:
If it's ntl (I'm Cambridge too, btw - Harlow) I can't imagine what they're doing. I see reply packets with correct checksums and no noticeable missing packets - so they'd have to be intercepting DNS packets, garbaging and retransmitting them: somehow I doubt ntl could manage that quite so successfully :-)
You still haven't posted any traces from failed lookups - if you do,
maybe someone could figure out just what is wrong with them...
--Per Hedeland
per@xxxxxxxxxxxx
OK, I've come back to this at last. Hoping it might have gone away as suddenly as it arrived; but no such luck :-(
I ran 'dig' to look up the address of one of the always-failing names. 'dig' output plus ethereal diagnosis follow. named running as caching nameserver on localhost.
If this really is due to ntl (my ISP) messing up, I'd appreciate some advice on how to prove that really is the case.
(more at end)
data# dig @localhost www.yell.co.uk
; <<>> DiG 9.3.2 <<>> @localhost www.yell.co.uk
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59976
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.yell.co.uk. IN A
;; Query time: 1339 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 17 11:32:48 2006
;; MSG SIZE rcvd: 32
=======
ethereal stuff......
No. Time Source Destination Protocol Info
3 11:32:48.292602 86.22.67.158 194.74.151.194 DNS Standard query A www.yell.co.uk
Frame 3 (85 bytes on wire, 85 bytes captured)
Ethernet II, Src: SurecomT_73:22:c3 (00:02:44:73:22:c3), Dst: Cisco_28:1c:01 (00:12:da:28:1c:01)
Internet Protocol, Src: 86.22.67.158 (86.22.67.158), Dst: 194.74.151.194 (194.74.151.194)
User Datagram Protocol, Src Port: 60882 (60882), Dst Port: domain (53)
Source port: 60882 (60882)
Destination port: domain (53)
Length: 51
Checksum: 0x6acc [correct]
Domain Name System (query)
Transaction ID: 0x67a3
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.yell.co.uk: type A, class IN
Name: www.yell.co.uk
Type: A (Host address)
Class: IN (0x0001)
Additional records
No. Time Source Destination Protocol Info
4 11:32:48.300886 194.74.151.194 86.22.67.158 DNS Standard query response, Format error
Frame 4 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_28:1c:01 (00:12:da:28:1c:01), Dst: SurecomT_73:22:c3 (00:02:44:73:22:c3)
Internet Protocol, Src: 194.74.151.194 (194.74.151.194), Dst: 86.22.67.158 (86.22.67.158)
User Datagram Protocol, Src Port: domain (53), Dst Port: 60882 (60882)
Source port: domain (53)
Destination port: 60882 (60882)
Length: 20
Checksum: 0x35d8 [correct]
Domain Name System (response)
Transaction ID: 0x67a3
Flags: 0x8081 (Standard query response, Format error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0001 = Reply code: Format error (1)
Questions: 0
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
No. Time Source Destination Protocol Info
5 11:32:48.347740 86.22.67.158 194.74.151.194 DNS Standard query A www.yell.co.uk
Frame 5 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: SurecomT_73:22:c3 (00:02:44:73:22:c3), Dst: Cisco_28:1c:01 (00:12:da:28:1c:01)
Internet Protocol, Src: 86.22.67.158 (86.22.67.158), Dst: 194.74.151.194 (194.74.151.194)
User Datagram Protocol, Src Port: 60882 (60882), Dst Port: domain (53)
Source port: 60882 (60882)
Destination port: domain (53)
Length: 40
Checksum: 0xe247 [correct]
Domain Name System (query)
Transaction ID: 0x19cf
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
www.yell.co.uk: type A, class IN
Name: www.yell.co.uk
Type: A (Host address)
Class: IN (0x0001)
No. Time Source Destination Protocol Info
6 11:32:48.355006 194.74.151.194 86.22.67.158 DNS Standard query response
Frame 6 (131 bytes on wire, 131 bytes captured)
Ethernet II, Src: Cisco_28:1c:01 (00:12:da:28:1c:01), Dst: SurecomT_73:22:c3 (00:02:44:73:22:c3)
Internet Protocol, Src: 194.74.151.194 (194.74.151.194), Dst: 86.22.67.158 (86.22.67.158)
User Datagram Protocol, Src Port: domain (53), Dst Port: 60882 (60882)
Source port: domain (53)
Destination port: 60882 (60882)
Length: 97
Checksum: 0x2991 [correct]
Domain Name System (response)
Transaction ID: 0x19cf
Flags: 0x8080 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 2
Additional RRs: 0
Queries
www.yell.co.uk: type A, class IN
Name: www.yell.co.uk
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
No. Time Source Destination Protocol Info
7 11:32:48.640550 86.22.67.158 194.74.151.200 DNS Standard query A www.yell.co.uk
Frame 7 (85 bytes on wire, 85 bytes captured)
Ethernet II, Src: SurecomT_73:22:c3 (00:02:44:73:22:c3), Dst: Cisco_28:1c:01 (00:12:da:28:1c:01)
Internet Protocol, Src: 86.22.67.158 (86.22.67.158), Dst: 194.74.151.200 (194.74.151.200)
User Datagram Protocol, Src Port: 55234 (55234), Dst Port: domain (53)
Source port: 55234 (55234)
Destination port: domain (53)
Length: 51
Checksum: 0x025f [correct]
Domain Name System (query)
Transaction ID: 0xe61a
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.yell.co.uk: type A, class IN
Name: www.yell.co.uk
Type: A (Host address)
Class: IN (0x0001)
Additional records
No. Time Source Destination Protocol Info
8 11:32:48.649341 194.74.151.200 86.22.67.158 DNS Standard query response, Format error
Frame 8 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_28:1c:01 (00:12:da:28:1c:01), Dst: SurecomT_73:22:c3 (00:02:44:73:22:c3)
Internet Protocol, Src: 194.74.151.200 (194.74.151.200), Dst: 86.22.67.158 (86.22.67.158)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55234 (55234)
Source port: domain (53)
Destination port: 55234 (55234)
Length: 20
Checksum: 0xcd6a [correct]
Domain Name System (response)
Transaction ID: 0xe61a
Flags: 0x8081 (Standard query response, Format error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0001 = Reply code: Format error (1)
Questions: 0
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
No. Time Source Destination Protocol Info
9 11:32:48.649846 86.22.67.158 194.74.151.200 DNS Standard query A www.yell.co.uk
Frame 9 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: SurecomT_73:22:c3 (00:02:44:73:22:c3), Dst: Cisco_28:1c:01 (00:12:da:28:1c:01)
Internet Protocol, Src: 86.22.67.158 (86.22.67.158), Dst: 194.74.151.200 (194.74.151.200)
User Datagram Protocol, Src Port: 55234 (55234), Dst Port: domain (53)
Source port: 55234 (55234)
Destination port: domain (53)
Length: 40
Checksum: 0x1877 [correct]
Domain Name System (query)
Transaction ID: 0xf9a9
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
www.yell.co.uk: type A, class IN
Name: www.yell.co.uk
Type: A (Host address)
Class: IN (0x0001)
No. Time Source Destination Protocol Info
10 11:32:48.657166 194.74.151.200 86.22.67.158 DNS Standard query response
Frame 10 (131 bytes on wire, 131 bytes captured)
Ethernet II, Src: Cisco_28:1c:01 (00:12:da:28:1c:01), Dst: SurecomT_73:22:c3 (00:02:44:73:22:c3)
Internet Protocol, Src: 194.74.151.200 (194.74.151.200), Dst: 86.22.67.158 (86.22.67.158)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55234 (55234)
Source port: domain (53)
Destination port: 55234 (55234)
Length: 97
Checksum: 0x5fc0 [correct]
Domain Name System (response)
Transaction ID: 0xf9a9
Flags: 0x8080 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 2
Additional RRs: 0
Queries
www.yell.co.uk: type A, class IN
Name: www.yell.co.uk
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
====
Incidentally, I also tried accessing the two nameservers shown in those packets directly. That seems to work for dig:
data# dig @194.74.151.194 www.yell.co.uk
; <<>> DiG 9.3.2 <<>> @194.74.151.194 www.yell.co.uk
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7427
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.yell.co.uk. IN A
;; ANSWER SECTION:
www.yell.co.uk. 85376 IN A 194.72.108.2
;; Query time: 18 msec
;; SERVER: 194.74.151.194#53(194.74.151.194)
;; WHEN: Mon Jul 17 11:47:47 2006
;; MSG SIZE rcvd: 48
Also
data# dig @194.74.151.200 www.yell.co.uk
; <<>> DiG 9.3.2 <<>> @194.74.151.200 www.yell.co.uk
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17678
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.yell.co.uk. IN A
;; ANSWER SECTION:
www.yell.co.uk. 85190 IN A 194.72.108.2
;; Query time: 9 msec
;; SERVER: 194.74.151.200#53(194.74.151.200)
;; WHEN: Mon Jul 17 11:50:52 2006
;; MSG SIZE rcvd: 48
I don't know what that proves though.
--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)
.
- Follow-Ups:
- Re: major DNS hiccup
- From: Per Hedeland
- Re: major DNS hiccup
- References:
- major DNS hiccup
- From: Mike Scott
- Re: major DNS hiccup
- From: Andrew Haley
- Re: major DNS hiccup
- From: Andrew Haley
- Re: major DNS hiccup
- From: Mike Scott
- Re: major DNS hiccup
- From: Per Hedeland
- major DNS hiccup
- Prev by Date: Re: portupgrade -b doesn't work any more after upgrade
- Next by Date: GMIRROR or ATACONTROL ?
- Previous by thread: Re: major DNS hiccup
- Next by thread: Re: major DNS hiccup
- Index(es):
Relevant Pages
|
