North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Reverse DNS problem
- From: Trent Arsenault
- Date: Mon Oct 06 19:12:20 2003
I've been in touch with ARIN on the same issue noticed at a different site.
According to ARIN, some older BIND resolvers aren't handling the referrals
that they get back from the gtld-servers for some of ARIN's name servers.
The problem started Thursday when ARIN changed the list of NS's for the
ARIN in-addr.arpa zones.
ARIN is still investigating and I'm waiting to hear back.
Trent Arsenault
[email protected]
At 05:46 AM 10/6/2003, Schmiedt, Jamie wrote:
We have been experiencing problems with reverse DNS requests since
Thursday 10/2/2003. Just wondering if anyone else is seeing this issue?
This is affecting freeBSD & Linux hosts with Bind version 8.2.3 & 8.3.3.
Reverse Lookups fail as follows:
host0001$ nslookup
Default Server: host0001.domain123.net
Address: 0.0.0.0
> ccn.com
Server: host0001.domain123.net
Address: 0.0.0.0
Name: ccn.com
Address: 63.172.52.127
> 63.172.52.127
Server: host0001.domain123.net
Address: 0.0.0.0
*** Request to host0001.domain123.net timed-out
>
tcpdump shows this:
16:32:21.864111 123.123.123.123.1024 > 192.12.94.30.53: 6333 A?
chia.ARIN.NET. (31)
16:32:21.864298 123.123.123.123.1024 > 192.12.94.30.53: 48444 A?
dill.ARIN.NET. (31)
16:32:21.864597 123.123.123.123.1024 > 192.12.94.30.53: 43887 A?
henna.ARIN.NET. (32)
16:32:21.864754 123.123.123.123.1024 > 192.12.94.30.53: 13510 A?
indigo.ARIN.NET. (33)
16:32:21.864910 123.123.123.123.1024 > 192.12.94.30.53: 6129 A?
epazote.ARIN.NET. (34)
16:32:21.865067 123.123.123.123.1024 > 192.12.94.30.53: 61408 A?
figwort.ARIN.NET. (34)
16:32:21.865222 123.123.123.123.1024 > 192.12.94.30.53: 38595 A?
ginseng.ARIN.NET. (34)
16:32:21.865383 123.123.123.123.1024 > 192.36.148.17.53: 60682 PTR?
127.52.172.63.in-addr.arpa. (46)
16:32:21.932444 192.12.94.30.53 > 123.123.123.123.1024: 48444- 0/7/7
(271) (DF)
16:32:21.941921 192.12.94.30.53 > 123.123.123.123.1024: 6333- 0/7/7 (271)
(DF)
16:32:21.951550 192.12.94.30.53 > 123.123.123.123.1024: 43887- 0/7/7
(272) (DF)
16:32:21.961288 192.12.94.30.53 > 123.123.123.123.1024: 13510- 0/7/7
(273) (DF)
16:32:21.970903 192.12.94.30.53 > 123.123.123.123.1024: 6129- 0/7/7 (274)
(DF)
16:32:21.980540 192.12.94.30.53 > 123.123.123.123.1024: 61408- 0/7/7
(274) (DF)
16:32:21.990282 192.12.94.30.53 > 123.123.123.123.1024: 38595- 0/7/7
(274) (DF)
16:32:22.016671 192.36.148.17.53 > 123.123.123.123.1024: 60682- 0/7/0
(199) (DF)
16:32:22.017854 123.123.123.123.1024 > 192.54.112.30.53: 46181 A?
chia.ARIN.NET. (31)
16:32:22.017883 123.123.123.123.1024 > 192.54.112.30.53: 28356 A?
dill.ARIN.NET. (31)
16:32:22.017907 123.123.123.123.1024 > 192.54.112.30.53: 29015 A?
henna.ARIN.NET. (32)
16:32:22.017932 123.123.123.123.1024 > 192.54.112.30.53: 39822 A?
indigo.ARIN.NET. (33)
16:32:22.017958 123.123.123.123.1024 > 192.54.112.30.53: 25113 A?
epazote.ARIN.NET. (34)
16:32:22.017984 123.123.123.123.1024 > 192.54.112.30.53: 7656 A?
figwort.ARIN.NET. (34)
16:32:22.018008 123.123.123.123.1024 > 192.54.112.30.53: 53035 A?
ginseng.ARIN.NET. (34)
16:32:22.142472 192.54.112.30.53 > 123.123.123.123.1024: 28356- 0/7/7
(271) (DF)
16:32:22.151936 192.54.112.30.53 > 123.123.123.123.1024: 46181- 0/7/7
(271) (DF)
16:32:22.161553 192.54.112.30.53 > 123.123.123.123.1024: 39822- 0/7/7
(273) (DF)
16:32:22.171199 192.54.112.30.53 > 123.123.123.123.1024: 29015- 0/7/7
(272) (DF)
16:32:22.180924 192.54.112.30.53 > 123.123.123.123.1024: 25113- 0/7/7
(274) (DF)
16:32:22.190561 192.54.112.30.53 > 123.123.123.123.1024: 53035- 0/7/7
(274) (DF)
16:32:22.200290 192.54.112.30.53 > 123.123.123.123.1024: 7656- 0/7/7
(274) (DF)
16:32:26.868123 123.123.123.123.1024 > 192.41.162.30.53: 32457 A?
chia.ARIN.NET. (31)
16:32:26.868300 123.123.123.123.1024 > 192.41.162.30.53: 65240 A?
dill.ARIN.NET. (31)
16:32:26.868452 123.123.123.123.1024 > 192.41.162.30.53: 15332 A?
henna.ARIN.NET. (32)
16:32:26.868602 123.123.123.123.1024 > 192.41.162.30.53: 41975 A?
indigo.ARIN.NET. (33)
16:32:26.868753 123.123.123.123.1024 > 192.41.162.30.53: 21934 A?
epazote.ARIN.NET. (34)
16:32:26.868905 123.123.123.123.1024 > 192.41.162.30.53: 56761 A?
figwort.ARIN.NET. (34)
16:32:26.869057 123.123.123.123.1024 > 192.41.162.30.53: 52488 A?
ginseng.ARIN.NET. (34)
16:32:26.869208 123.123.123.123.1024 > 198.41.0.4.53: 64459 PTR?
127.52.172.63.in-addr.arpa. (46)
16:32:26.923374 192.41.162.30.53 > 123.123.123.123.1024: 32457- 0/7/7
(271) (DF)
16:32:26.930326 198.41.0.4.53 > 123.123.123.123.1024: 64459- 0/7/0 (199)
16:32:26.931103 123.123.123.123.1024 > 192.52.178.30.53: 45170 A?
chia.ARIN.NET. (31)
16:32:26.939982 192.41.162.30.53 > 123.123.123.123.1024: 15332- 0/7/7
(272) (DF)
16:32:26.949578 192.41.162.30.53 > 123.123.123.123.1024: 65240- 0/7/7
(271) (DF)
16:32:26.959220 192.41.162.30.53 > 123.123.123.123.1024: 41975- 0/7/7
(273) (DF)
16:32:26.968842 192.41.162.30.53 > 123.123.123.123.1024: 21934- 0/7/7
(274) (DF)
16:32:26.978581 192.41.162.30.53 > 123.123.123.123.1024: 56761- 0/7/7
(274) (DF)
16:32:26.988220 192.41.162.30.53 > 123.123.123.123.1024: 52488- 0/7/7
(274) (DF)
16:32:27.058851 192.52.178.30.53 > 123.123.123.123.1024: 45170- 0/7/7
(271) (DF)
We can temporarily resolve the problem by issuing the following dig command:
dig @<any ARIN in-addr.arpa server; ginseng, fogwort, etc.> -x <any sequence>
example: host0001# dig @ginseng.arin.net -x abc
Then the reverse lookups being to work and the tcpdump is as follows:
(notice the difference in lines 8,9,10,11)
16:33:01.664320 123.123.123.123.1024 > 192.35.51.32.53: 33751 A?
chia.ARIN.NET. (31)
16:33:01.664460 123.123.123.123.1024 > 192.35.51.32.53: 11278 A?
dill.ARIN.NET. (31)
16:33:01.664573 123.123.123.123.1024 > 192.35.51.32.53: 55449 A?
henna.ARIN.NET. (32)
16:33:01.664684 123.123.123.123.1024 > 192.35.51.32.53: 49768 A?
indigo.ARIN.NET. (33)
16:33:01.664797 123.123.123.123.1024 > 192.35.51.32.53: 18859 A?
epazote.ARIN.NET. (34)
16:33:01.664909 123.123.123.123.1024 > 192.35.51.32.53: 40146 A?
figwort.ARIN.NET. (34)
16:33:01.665002 123.123.123.123.1024 > 192.33.14.32.53: 62349 PTR?
127.52.172.63.in-addr.arpa. (46)
16:33:01.725238 192.35.51.32.53 > 123.123.123.123.1024: 33751*- 1/8/8 A
192.5.6.32 (320) (DF)
16:33:01.736288 192.35.51.32.53 > 123.123.123.123.1024: 11278*- 1/8/8 A
192.35.51.32 (320) (DF)
16:33:01.747452 192.35.51.32.53 > 123.123.123.123.1024: 55449*- 1/8/8 A
192.26.92.32 (321) (DF)
16:33:01.758663 192.35.51.32.53 > 123.123.123.123.1024: 49768*- 1/8/8 A
192.31.80.32 (322) (DF)
16:33:01.765379 192.33.14.32.53 > 123.123.123.123.1024: 62349- 0/3/0
(134) (DF)
16:33:01.765834 123.123.123.123.1024 > 199.191.128.105.53: 19916 PTR?
127.52.172.63.in-addr.arpa. (46)
16:33:01.776697 192.35.51.32.53 > 123.123.123.123.1024: 18859*- 1/8/8 A
192.41.162.32 (323) (DF)
16:33:01.787806 192.35.51.32.53 > 123.123.123.123.1024: 40146*- 1/8/8 A
192.42.93.32 (323) (DF)
16:33:01.794121 199.191.128.105.53 > 123.123.123.123.1024: 19916*- 1/2/2
(171) (DF)
Restarting named does not help.
These host are located on several different ISP networks.
Forward lookups function properly.
Stumped...
Any help or suggestions would be greatly appreciated. Thanks.
-jamie
|