Thanks Mark,
So mysteriously the problem is now gone and I have no idea how, I know that I
didn't change anything.
While investigating, I tried looking but didn't get anything in packet capture
on the recursive server, I think mainly because I had to grep for something
otherwise there was just too much traffic. So its possible, my grep for lenovo
didn't show related packets.... But I will never know now
From: Mark Andrews <ma...@isc.org>
To: U Zee <uzee...@yahoo.com>
Cc: Grant Taylor <gtay...@tnetconsulting.net>; "bind-users@lists.isc.org"
<bind-us...@isc.org>
Sent: Monday, August 14, 2017 3:00 AM
Subject: Re: DNS not resolving for a particular domain only
In message <1396839156.197734.1502489970...@mail.yahoo.com>, U Zee via
bind-users writ
es:
> Thanks for the suggestion Grant.
> Here's what I get for the recursive server's capture: ( I queried from
> the recursive server itself from another ssh session so it is the client
> as well)
>
> # tcpdump -v -v -nt -i eth0 udp port 53|grep lenovotcpdump: listening on
> eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A?
>www.lenovo.com. (32)
> 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A?
>www.lenovo.com. (32)
> 86.36.AA.BB.36143 > 193.108.91.79.domain: [bad udp cksum c63c!] 12966
>[1au] A?
> www.lenovo.com. ar: . OPT UDPsize=4096 OK (43)
> 193.108.91.79.domain > 86.36.AA.BB.36143: [udp sum ok] 12966*- q: A?
>www.lenovo.com. 1/0/1 www.lenovo.com. CNAME cs47.can.lnvcdn.net. ar: . OPT
>UDPsize=4096 OK (76)
> 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A?
>www.lenovo.com. (32)
> 86.36.AA.BB.10224 > 86.36.DD.EE.domain: [badudp cksum 18c7!] 12721 [1au]
>A? www.lenovo.com.ourdomain.com. ar: . OPT UDPsize=4096 OK (57)
> 86.36.DD.EE.domain > 86.36.AA.BB.10224: [udp sum ok] 12721 NXDomain*- q:
>A? www.lenovo.com.ourdomain.com. 0/1/1 ns: ourdomain.com. SOA
>master.ourdomain.com. host-master.ourparentdomain.com. 138524105 900 450
>3600000 60 ar: . OPT UDPsize=4096 OK (138)
> 86.36.AA.CC.domain > 86.36.AA.BB.45776: [udp sum ok] 34468 ServFail q: A?
>www.lenovo.com. 0/0/0 (32)
>
> 86.36.AA.BB = localhost (our recursive server) where I ran the query and
> capture
> 86.36.AA.CC = our secondary recursive server (no idea why that was
> contacted)
> 86.36.DD.EE = our one of two anycast addresses which point to the
> recursive servers
>
>
> So it looks like we do get to the CNAME (4th line) but still it
> fails...?I also tried a capture from a regular linux client but the
> output was similar except that it didn't include the CNAME line.
Well the next stage is to trace what happens when the recursive
server looks for cs47.can.lnvcdn.net, the target of the CNAME.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
