On Wed, Nov 18, 2009 at 11:21:41PM +0100, Robert wrote: > On Wed, 18 Nov 2009 15:06:28 -0500 > stan <st...@panix.com> wrote: > > > Can anyone xplain this behavior to me? > > > > Given the following resolv.conf file: > > > > r...@pm3fw:root# cat /etc/resolv.conf > > lookup file bind > > search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com > > nameserver 127.0.0.1 > > nameserver 10.209.128.20 > > nameserver 10.209.128.26 > > nameserver 10.209.142.158 > > > > And: > > > > r...@pm3fw:root# nslookup > > > cvsup > > Server: 127.0.0.1 > > Address: 127.0.0.1#53 > > > > Non-authoritative answer: > > Name: cvsup.mcn.chs > > Address: 10.209.142.151 > > > 10.209.142.151 > > Server: 127.0.0.1 > > Address: 127.0.0.1#53 > > > > 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. > > > exit > > > > Why does this happen ? And how? > > > > r...@pm3fw:root# nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 > > cvsup > > > > Starting Nmap 4.76 ( http://nmap.org ) at 2009-11-18 15:05 EST > > Initiating Ping Scan at 15:05 > > Scanning 10.209.142.151 [8 ports] > > Completed Ping Scan at 15:05, 0.20s elapsed (1 total hosts) > > Initiating Parallel DNS resolution of 1 host. at 15:05 > > Completed Parallel DNS resolution of 1 host. at 15:05, 0.00s elapsed > > Initiating SYN Stealth Scan at 15:05 > > Scanning cvsup.meadwestvaco.com (10.209.142.151) [1000 ports] > > > > Is nmap not using the resolver libraries? > > > > > > Your dns at 127.0.0.1 does not resolve 151.142.209.10.in-addr.arpa? > 127.0.0.1:53 allows recursiv querys so it looks elsewhere and serves > the "real" hostname?
OK here are the servers that the local nameserver recurses to: forwarders { 10.209.142.158; 10.209.144.150; 10.209.142.154; }; And if I use nslookup and set it to each of them in turn, i still get the mcn.chs name: s...@pm3fw:stan$ nslookup > cvsup Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 > 10.209.142.151 Server: 127.0.0.1 Address: 127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. > server 10.209.142.158 Default server: 10.209.142.158 Address: 10.209.142.158#53 > cvsup Server: 10.209.142.158 Address: 10.209.142.158#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 > server 10.209.144.150 Default server: 10.209.144.150 Address: 10.209.144.150#53 > cvsup Server: 10.209.144.150 Address: 10.209.144.150#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 > server 10.209.142.154 Default server: 10.209.142.154 Address: 10.209.142.154#53 > cvsup Server: 10.209.142.154 Address: 10.209.142.154#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 Of course, I do see the "Non-authoritative answer:" clause in each of these. Would that mean that a program could request an authoritative answer? If so, how? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?