DNS resolution question
Casey Scott
casey at scottmail.org
Wed Dec 24 21:09:30 UTC 2014
Ah.. well in that case, IPv6 is already disabled in named.
----- On Dec 24, 2014, at 11:34 AM, g lister g.lister at nodeunit.ch wrote:
> On Wed Dec 24 20:07:40 2014 GMT+0100, Casey Scott wrote:
>> I can't disable IPv4 because my environment uses it. Thanks though.
>
> Sorry I meant IPv6, AAAA are v6 querries I think.
>
>>
>> Casey
>>
>> ----- On Dec 24, 2014, at 10:10 AM, g lister g.lister at nodeunit.ch wrote:
>>
>> > On Wed Dec 24 18:57:42 2014 GMT+0100, Casey Scott wrote:
>> >> That's what's odd. The tcpdump shows a seemingly valid response comeback,
>> >> however dig/host always fail with a timeout. It seems to me that named isn't
>> >> passing along the response for some reason.
>> >>
>> >> Thanks.
>> >
>> >
>> > Have you tried disabling IPv4 and checking whether it works?
>> > I had a similiar issue with bind and without IPv4 it was OK.
>> >
>> > HTH,
>> > George
>> >
>> >>
>> >> ----- On Dec 24, 2014, at 8:31 AM, Bruce Ferrell bferrell at baywinds.org wrote:
>> >>
>> >> > On 12/24/2014 06:40 AM, Casey Scott wrote:
>> >> >> This issue surfaced when I noticed this entry in my servers daily security mail:
>> >> >>
>> >> >> Checking for packages with security vulnerabilities:
>> >> >> pkg: http://vuxml.freebsd.org/freebsd/vuln.xml.bz2: No address record
>> >> >> pkg: cannot fetch vulnxml file
>> >> >>
>> >> >>
>> >> >> I discovered that the server is not able to resolve vuxml.freebsd.org, or even
>> >> >> www.freebsd.org. I'm sure the problem isn't specific to the freebsd.org zone,
>> >> >> but that's where I focused my effort. I found that recursive queries failed,
>> >> >> however if I directly queried a name server authoritative for freebsd.org (i.e.
>> >> >> ns1.isc-sns.net.), the query successfully returned the CNAME.
>> >> >>
>> >> >> OS Details:
>> >> >> FreeBSD mustang 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r271930: Sun Sep 21 19:01:57
>> >> >> PDT 2014 root at mustang:/usr/src/sys/amd64/compile/Server amd64
>> >> >>
>> >> >>
>> >> >> DNS lookup attempt
>> >> >> *******************************************************************************
>> >> >> $ dig vuxml.freebsd.org +trace
>> >> >> ; <<>> DiG 9.9.6-P1 <<>> vuxml.freebsd.org +trace
>> >> >> ;; global options: +cmd
>> >> >> . 517326 IN NS e.root-servers.net.
>> >> >> . 517326 IN NS m.root-servers.net.
>> >> >> . 517326 IN NS c.root-servers.net.
>> >> >> . 517326 IN NS d.root-servers.net.
>> >> >> . 517326 IN NS b.root-servers.net.
>> >> >> . 517326 IN NS f.root-servers.net.
>> >> >> . 517326 IN NS g.root-servers.net.
>> >> >> . 517326 IN NS i.root-servers.net.
>> >> >> . 517326 IN NS k.root-servers.net.
>> >> >> . 517326 IN NS l.root-servers.net.
>> >> >> . 517326 IN NS a.root-servers.net.
>> >> >> . 517326 IN NS j.root-servers.net.
>> >> >> . 517326 IN NS h.root-servers.net.
>> >> >> . 517326 IN RRSIG NS 8 0 518400 20141231050000
>> >> >> 20141224040000 22603 . OT3Uv0Krt43V999nh6ky8sK7Uob+Qb+M82BOS0uPTFxq1NL6m2XX7ri3
>> >> >> n/na4QyB/+iGTAlonAMVGyXEO1llrJt6iw7yucBriqy/xuGCwSY5Sllc
>> >> >> Y3G7RdzerNgmAhfD2wiCwJPnVuGaD3O5318r2TLrsXdoQwGk7FNWiE1X GBE=
>> >> >> ;; Received 913 bytes from 192.168.1.1#53(192.168.1.1) in 0 ms
>> >> >>
>> >> >> org. 172800 IN NS b2.org.afilias-nst.org.
>> >> >> org. 172800 IN NS a2.org.afilias-nst.info.
>> >> >> org. 172800 IN NS d0.org.afilias-nst.org.
>> >> >> org. 172800 IN NS b0.org.afilias-nst.org.
>> >> >> org. 172800 IN NS a0.org.afilias-nst.info.
>> >> >> org. 172800 IN NS c0.org.afilias-nst.info.
>> >> >> org. 86400 IN DS 21366 7 2
>> >> >> 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0 D90F01BA
>> >> >> org. 86400 IN DS 21366 7 1
>> >> >> E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
>> >> >> org. 86400 IN RRSIG DS 8 1 86400 20141231050000
>> >> >> 20141224040000 22603 . IjE3Yi3yF8a12dOlLt13Grqs7c2tOXwgyyghAkeqy36N14VrAGxsQMxU
>> >> >> RlOE5rYwzeg1cLi55wRxGShNBz0/KU229xWrRNluzLUkbo+eW98E6Fcw
>> >> >> nT/DHrIy9J/3zjf6NRC+zUUcQTOJGWAkPF40TqaJGwI0Ag6/p6yxcBJ5 MDM=
>> >> >> ;; Received 691 bytes from 192.112.36.4#53(g.root-servers.net) in 73 ms
>> >> >>
>> >> >> freebsd.org. 86400 IN NS ns2.isc-sns.com.
>> >> >> freebsd.org. 86400 IN NS ns1.isc-sns.net.
>> >> >> freebsd.org. 86400 IN NS ns3.isc-sns.info.
>> >> >> freebsd.org. 86400 IN DS 32659 8 2
>> >> >> AF3B32E46DF2FC32C0110C7D6B808EE73E0411501AFAF9022D3DCD0A FA5B3ACD
>> >> >> freebsd.org. 86400 IN RRSIG DS 7 2 86400 20150109163356
>> >> >> 20141219153356 11112 org.
>> >> >> puF07NdtGtOY0uI3d789itchA2dEXz0URwCsckm7vjWoNIhdsMuG6jFc
>> >> >> StzdAkvFDiDO/2C3x21spRrb7Y3ioDQpNJL2zJUn2S0L/8ueDbF9wJAT
>> >> >> pEfAdMyUwlCQkVM45Ptf98z7iLTWWe2xQBhZZ1OGaPRW+VwKE0rCaz2d 1rg=
>> >> >> ;; Received 345 bytes from 199.19.53.1#53(c0.org.afilias-nst.info) in 134 ms
>> >> >>
>> >> >> ;; connection timed out; no servers could be reached
>> >> >> *******************************************************************************
>> >> >>
>> >> >>
>> >> >> tcpdump of the query above
>> >> >> *******************************************************************************
>> >> >> listening on fxp0, link-type EN10MB (Ethernet), capture size 65535 bytes
>> >> >> 05:59:36.016640 IP x.x.x.x.54272 > 38.103.2.1.53: 18640 [1au] A?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:36.127776 IP 38.103.2.1.53 > x.x.x.x.54272: 18640*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, A 8.8.178.110, RRSIG (1464)
>> >> >> 05:59:38.021067 IP x.x.x.x.52431 > 38.103.2.1.53: 13086 [1au] AAAA?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:38.051272 IP x.x.x.x.51125 > 63.243.194.1.53: 16824 [1au] A?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:38.081819 IP 63.243.194.1.53 > x.x.x.x.51125: 16824*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, A 8.8.178.110, RRSIG (1464)
>> >> >> 05:59:38.132821 IP 38.103.2.1.53 > x.x.x.x.52431: 13086*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, AAAA, RRSIG (1464)
>> >> >> 05:59:40.056275 IP x.x.x.x.62003 > 63.243.194.1.53: 41954 [1au] AAAA?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:40.086597 IP 63.243.194.1.53 > x.x.x.x.62003: 41954*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, AAAA, RRSIG (1464)
>> >> >> 05:59:40.267272 IP x.x.x.x.61416 > 72.52.71.1.53: 32843 [1au] A?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:40.297103 IP 72.52.71.1.53 > x.x.x.x.61416: 32843*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, A 8.8.178.110, RRSIG (1464)
>> >> >> 05:59:42.272273 IP x.x.x.x.54674 > 72.52.71.1.53: 2755 [1au] AAAA?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:42.302289 IP 72.52.71.1.53 > x.x.x.x.54674: 2755*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, AAAA, RRSIG (1464)
>> >> >> 05:59:42.487277 IP x.x.x.x.54239 > 38.103.2.1.53: 38272 [1au] A?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:42.598927 IP 38.103.2.1.53 > x.x.x.x.54239: 38272*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, A 8.8.178.110, RRSIG (1464)
>> >> >> 05:59:44.492281 IP x.x.x.x.59505 > 38.103.2.1.53: 22873 [1au] AAAA?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:44.604217 IP 38.103.2.1.53 > x.x.x.x.59505: 22873*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, AAAA, RRSIG (1464)
>> >> >> 05:59:44.722266 IP x.x.x.x.61141 > 63.243.194.1.53: 50828 [1au] A?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:44.753517 IP 63.243.194.1.53 > x.x.x.x.61141: 50828*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, A 8.8.178.110, RRSIG (1464)
>> >> >> 05:59:46.727324 IP x.x.x.x.49803 > 63.243.194.1.53: 51222 [1au] AAAA?
>> >> >> vuxml.freebsd.org. (46)
>> >> >> 05:59:46.757577 IP 63.243.194.1.53 > x.x.x.x.49803: 51222*- 4/4/11 CNAME
>> >> >> wfe0.ysv.freebsd.org., RRSIG, AAAA, RRSIG (1464)
>> >> >> 05:59:57.395692 IP x.x.x.x.60149 > 165.254.1.208.53: 31873 [1au] A?
>> >> >> e6238.a.akamaiedge.net. (51)
>> >> >> 05:59:57.404644 IP 165.254.1.208.53 > x.x.x.x.60149: 31873*- 1/0/0 A 96.7.67.53
>> >> >> (56)
>> >> >> *******************************************************************************
>> >> >>
>> >> >> BIND build options
>> >> >> *******************************************************************************
>> >> >> # named -V
>> >> >> BIND 9.9.6-P1 (Extended Support Version) <id:3612d8fb> built by make with
>> >> >> '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable'
>> >> >> '--with-randomdev=/dev/random' '--with-libxml2=/usr/local'
>> >> >> '--disable-filter-aaaa' '--disable-fixed-rrset' '--without-gost'
>> >> >> '--without-idn' '--disable-ipv6' '--disable-largefile' '--disable-newstats'
>> >> >> '--without-python' '--disable-rpz-nsdname' '--disable-rpz-nsip' '--disable-rrl'
>> >> >> '--with-openssl=/usr/local' '--without-gssapi' '--enable-threads'
>> >> >> '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man'
>> >> >> '--infodir=/usr/share/info/' '--build=amd64-portbld-freebsd9.3'
>> >> >> 'build_alias=amd64-portbld-freebsd9.3' 'CC=cc' 'CFLAGS=-O2 -pipe -march=native
>> >> >> -fstack-protector -fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath,/usr/local/lib
>> >> >> -fstack-protector' 'LIBS=' 'CPPFLAGS=' 'CPP=cpp'
>> >> >> compiled by GCC 4.2.1 20070831 patched [FreeBSD]
>> >> >> using OpenSSL version: OpenSSL 1.0.1j 15 Oct 2014
>> >> >> using libxml2 version: 2.9.2
>> >> >> *******************************************************************************
>> >> >>
>> >> >> Any idea what's going on here?
>> >> >>
>> >> >> Thanks,
>> >> >> Casey
>> >> >>
>> >> >> _______________________________________________
>> >> >> freebsd-questions at freebsd.org mailing list
>> >> >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> >> >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>> >> >>
>> >> > Casey,
>> >> >
>> >> > think you're getting a correct response.
>> >> > dig @192.0.2.131 vuxml.freebsd.org
>> >> >
>> >> > ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> @192.0.2.131 vuxml.freebsd.org
>> >> > ; (1 server found)
>> >> > ;; global options: +cmd
>> >> > ;; Got answer:
>> >> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54956
>> >> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 6
>> >> >
>> >> > ;; OPT PSEUDOSECTION:
>> >> > ; EDNS: version: 0, flags:; udp: 4096
>> >> > ;; QUESTION SECTION:
>> >> > ;vuxml.freebsd.org. IN A
>> >> >
>> >> > ;; ANSWER SECTION:
>> >> > vuxml.freebsd.org. 497 IN CNAME wfe0.ysv.freebsd.org.
>> >> > wfe0.ysv.freebsd.org. 497 IN A 8.8.178.110
>> >> >
>> >> > ;; AUTHORITY SECTION:
>> >> > freebsd.org. 497 IN NS ns3.isc-sns.info.
>> >> > freebsd.org. 497 IN NS ns2.isc-sns.com.
>> >> > freebsd.org. 497 IN NS ns1.isc-sns.net.
>> >> >
>> >> > ;; ADDITIONAL SECTION:
>> >> > ns1.isc-sns.net. 2488 IN A 72.52.71.1
>> >> > ns1.isc-sns.net. 166365 IN AAAA 2001:470:1a::1
>> >> > ns2.isc-sns.com. 2488 IN A 38.103.2.1
>> >> > ns3.isc-sns.info. 2488 IN A 63.243.194.1
>> >> > ns3.isc-sns.info. 79965 IN AAAA 2001:5a0:10::1
>> >> >
>> >> > ;; Query time: 1 msec
>> >> > ;; SERVER: 192.0.2.131#53(192.0.2.131)
>> >> > ;; WHEN: Wed Dec 24 08:28:06 PST 2014
>> >> > ;; MSG SIZE rcvd: 277
>> >> >
>> >> > Notice in the answer section of my simplified query via my local nameserver,
>> >> > wfe0.ysv.freebsd.org is in the A record. I saw the same response in your
>> >> > query, it was just harder to see.
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > freebsd-questions at freebsd.org mailing list
>> >> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> >> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>> >> _______________________________________________
>> >> freebsd-questions at freebsd.org mailing list
>> >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>> >>
>> >
>> > --
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>
>
> --
More information about the freebsd-questions
mailing list