Re: Resolver problems

To: Ingolf Steinbach <ingolf.steinbach%googlemail.com@localhost>
Subject: Re: Resolver problems
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Thu, 03 Dec 2009 21:46:01 +0700

    Date:        Thu, 3 Dec 2009 11:40:29 +0100
    From:        Ingolf Steinbach <ingolf.steinbach%googlemail.com@localhost>
    Message-ID:  
<c3d290fd0912030240w882c878v130916b52056a261%mail.gmail.com@localhost>

  | I traced it again, this time with -X:
  | 
  | 11:29:42.285859 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none],
  | proto UDP (17), length 63) 192.168.2.5.65391 > 192.168.2.1.53: [udp
  | sum ok] 51968+ AAAA? ftp.fr.netbsd.org. (35)
  |         0x0000:  4500 003f 0000 0000 4011 f557 c0a8 0205  E..?....@..W....
  |         0x0010:  c0a8 0201 ff6f 0035 002b d954 cb00 0100  .....o.5.+.T....
  |         0x0020:  0001 0000 0000 0000 0366 7470 0266 7206  .........ftp.fr.
  |         0x0030:  6e65 7462 7364 036f 7267 0000 1c00 01    netbsd.org.....

That's a perfectly reasonable DNS query

  | 11:29:42.714168 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
  | UDP (17), length 145) 192.168.2.1.3072 > 192.168.2.5.65391: [udp sum
  | ok] UDP, length 117
  |         0x0000:  4500 0091 0000 4000 4011 b505 c0a8 0201  E.....@.@.......
  |         0x0010:  c0a8 0205 0c00 ff6f 007d 129b cb00 8180  .......o.}......
  |         0x0020:  0001 0003 0000 0000 0366 7470 0266 7206  .........ftp.fr.
  |         0x0030:  6e65 7462 7364 036f 7267 0000 1c00 01c0  netbsd.org......
  |         0x0040:  0c00 0500 0100 000e 1000 0704 6674 7032  ............ftp2
  |         0x0050:  c010 c02f 0005 0001 0000 0e10 0017 0861  .../...........a
  |         0x0060:  6e74 696f 6368 6508 616e 7469 6f63 6865  ntioche.antioche
  |         0x0070:  0265 75c0 1ac0 4200 1c00 0100 000e 1000  .eu...B.........
  |         0x0080:  1020 0106 6033 0228 2a02 0475 fffe 9f9e  ....`3.(*..u....
  |         0x0090:  11                                       .

And that's obviously intended to be a DNS reply - but it is broken, the
incorrect source port dooms it right from the start (DNS servers, as with
just about everything else except TFTP, is required to reply from the same
(transport) address the query was sent to.)

I haven't decoded all of the reply, but it is clearly trying to tell you
that there are 3 answers (rcode == 0, so no error), and that ftp.fr.netbsd.org 
is an alias (has a CNAME record) - the canonical name is ftp2.fr.netbsd.org.
and then that is itself an alias (incidentally, to whoever set that up,
that's technically a DNS configuration error - the RHS of a CNAME RR is
supposed to be a canonical name, it should not be another alias, as it
is here), and the canoonical name this time is antioche.antioche.eu.org.
and then the AAAA record for that name is 2001:660:3302:282a:204:75ff:fe9f:9e11

That's also what I see when I do a lookup.

The only real problem here looks to be that the router is broken, and is
sending its reply from the wrong port.

Get the router fixed, there's no other good solution.

kre

Follow-Ups:
- Re: Resolver problems
  - From: Ingolf Steinbach

References:
- Re: Resolver problems
  - From: Ingolf Steinbach
- Resolver problems
  - From: Ingolf Steinbach
- Re: Resolver problems
  - From: Greg A. Woods

Prev by Date: Re: ***UNCHECKED*** Re: games/adventure
Next by Date: Re: Resolver problems
Previous by Thread: Re: Resolver problems
Next by Thread: Re: Resolver problems
Indexes:

Home | Main Index | Thread Index | Old Index