Re: [leaf-user] Win2K DNS Problem

Sat, 04 Jan 2003 11:14:56 -0800 

On Sat, 04 Jan 2003 11:58:26 EST Kory Krofft wrote:

> Brad: Output from tcpdump as well as an Ethereal dump
> are at:
> http:home.woh.rr.com/kkrofft/etherealout
> http:home.woh.rr.com/kkrofft/tcpdump.txt

The tcpdump output is only for the Bering external interface,
but the ethereal (pcap capture) file contains DNS traffic
between the Win2k host and Bering.


> Both were run at the same time and were active as I tried to access 
> www.yahoo.com,
> www.etrade.com, and www.dogpile.com. I had flushed the dnscache and did
> experience the lag during this experiment. Yahoo eventually resolved 
> after 3 attempts
> the other two never did.

Interesting.  There is only one query in the pcap dump for
www.yahoo.com and it was successful.  The response looks
to have taken about one millisecond.  (It must have already
been in the dnscache cache.)

  brad@lab:~$ tcpdump -n -r etherealout port 53 | grep yahoo
  11:17:57.106379 192.168.1.1.1055 > 192.168.1.254.53:  \
    14+ A?  www.yahoo.com. (31)
  11:17:57.107171 192.168.1.254.53 > 192.168.1.1.1055:  \
    14 13/0/0 CNAME www.yahoo.akadns.net., A 64.58.76.230, \
    A 64.58.76.178, A 64.58.76.222, A 64.58.76.224, A 64.58.76.176, \
    A 64.58.76.223, A 64.58.76.228, A 64.58.76.179, A 64.58.76.229, \
    A 64.58.76.225, A 64.58.76.177, A 64.58.76.227 (257) (DF)

There is no record of queries to etrade.com or dogpile.com:

  brad@lab:~$ tcpdump -n -r etherealout port 53 \
    | grep -c -i -e dogpile -e etrade
  0

> I reran  nslookup and now get
> C:\>nslookup www.yahoo.net
> DNS request timed out.
>     timeout was 2 seconds.
> *** Can't find server name for address 192.168.1.254: Timed out
> *** Default servers are not available
> Server:  UnKnown
> Address:  192.168.1.254
> 
> Non-authoritative answer:
> Name:    yahoo.com
> Addresses:  64.58.79.230, 66.218.71.198
> Aliases:  www.yahoo.net
> 
> I think the reason I was not seeing the non authoritative part was the way
> I issued the command previously.
> 
> I have disabled the Win2K/Pro DNS client and since then I have seen no 
> lags so that
> may be the solution.

Sounds like the Win2K/Pro DNS cache was preventing queries from
ever making it to Bering.

--Brad



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to