Re: Odd name lookup behavior
On Wed, Nov 18, 2009 at 11:03:27PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. Your analysis is correct, in that thier are multiple names (don't ask :-(). I have control of some of the nameservers. They are bind 9 on OpenBSD, can you clarify what you mean by offical name are you talking about a A entry, as oposed to a CNAME entry? Sorry I wasn't clear. I was referring to the *.in-addr.arpa 'PTR' DNS entry which provides the translation from IPv4 address to host name. K, I am starting to understand this now, thequestion is how to fix it. I do have a PTR record in my 10.in-addr.arpa db. If I wan this NOT to be the authortative entry for this IP - name tarnsaltion, so that an authortative eoll 'pass on by this Bind instnace and go on to one further down, how can I acomplis htis? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Odd name lookup behavior
On Thu, 19 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 11:03:27PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. Your analysis is correct, in that thier are multiple names (don't ask :-(). I have control of some of the nameservers. They are bind 9 on OpenBSD, can you clarify what you mean by offical name are you talking about a A entry, as oposed to a CNAME entry? Sorry I wasn't clear. I was referring to the *.in-addr.arpa 'PTR' DNS entry which provides the translation from IPv4 address to host name. K, I am starting to understand this now, thequestion is how to fix it. I do have a PTR record in my 10.in-addr.arpa db. If I wan this NOT to be the authortative entry for this IP - name tarnsaltion, so that an authortative eoll 'pass on by this Bind instnace and go on to one further down, how can I acomplis htis? If I'm understanding you correctly, you can't. The only control which I recall offhand that you have over whether a nameserver responds with data from its cache is to set the 'authoritative' flag in your request, which will cause a nameserver with only cached data to pass the request on -- but you don't want to do this routinely since it defeats the distributed nature of DNS and so results in overloading the authoritative servers. All that the 'authoritative' flag tells you is whether the response came from a server with the entry in its cache (not authoritative) or from one which has that information manually configured on it (authoritative) -- so I'm not at all sure what you mean by 'fix it'. What exactly is the behavior that you want? Dave -- Dave Anderson d...@daveanderson.com
Re: Odd name lookup behavior
On Thu, Nov 19, 2009 at 11:24:44AM -0500, Dave Anderson wrote: On Thu, 19 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 11:03:27PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. Your analysis is correct, in that thier are multiple names (don't ask :-(). I have control of some of the nameservers. They are bind 9 on OpenBSD, can you clarify what you mean by offical name are you talking about a A entry, as oposed to a CNAME entry? Sorry I wasn't clear. I was referring to the *.in-addr.arpa 'PTR' DNS entry which provides the translation from IPv4 address to host name. K, I am starting to understand this now, thequestion is how to fix it. I do have a PTR record in my 10.in-addr.arpa db. If I wan this NOT to be the authortative entry for this IP - name tarnsaltion, so that an authortative eoll 'pass on by this Bind instnace and go on to one further down, how can I acomplis htis? If I'm understanding you correctly, you can't. The only control which I recall offhand that you have over whether a nameserver responds with data from its cache is to set the 'authoritative' flag in your request, which will cause a nameserver with only cached data to pass the request on -- but you don't want to do this routinely since it defeats the distributed nature of DNS and so results in overloading the authoritative servers. All that the 'authoritative' flag tells you is whether the response came from a server with the entry in its cache (not authoritative) or from one which has that information manually configured on it (authoritative) -- so I'm not at all sure what you mean by 'fix it'. What exactly is the behavior that you want? I would like to have all programs get the same results as nslookup, that is get *.mcn.chs for the reverese lookup from this machine. I have other machines configureddiferently in resolv.conf that I want to get the *.meadwestvaco.com resolution. This has been a long a painful taril, and I thoguht I had what I wanted based upon using nslookup as a test. When I saw diffeent software (nmap in this case) getting diferent resolutin, it was verry disapointiing. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Odd name lookup behavior
On Thu, 19 Nov 2009, stan wrote: On Thu, Nov 19, 2009 at 11:24:44AM -0500, Dave Anderson wrote: On Thu, 19 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 11:03:27PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. Your analysis is correct, in that thier are multiple names (don't ask :-(). I have control of some of the nameservers. They are bind 9 on OpenBSD, can you clarify what you mean by offical name are you talking about a A entry, as oposed to a CNAME entry? Sorry I wasn't clear. I was referring to the *.in-addr.arpa 'PTR' DNS entry which provides the translation from IPv4 address to host name. K, I am starting to understand this now, thequestion is how to fix it. I do have a PTR record in my 10.in-addr.arpa db. If I wan this NOT to be the authortative entry for this IP - name tarnsaltion, so that an authortative eoll 'pass on by this Bind instnace and go on to one further down, how can I acomplis htis? If I'm understanding you correctly, you can't. The only control which I recall offhand that you have over whether a nameserver responds with data from its cache is to set the 'authoritative' flag in your request, which will cause a nameserver with only cached data to pass the request on -- but you don't want to do this routinely since it defeats the distributed nature of DNS and so results in overloading the authoritative servers. All that the 'authoritative' flag tells you is whether the response came from a server with the entry in its cache (not authoritative) or from one which has that information manually configured on it (authoritative) -- so I'm not at all sure what you mean by 'fix it'. What exactly is the behavior that you want? I would like to have all programs get the same results as nslookup, that is get *.mcn.chs for the reverese lookup from this machine. I have other machines configureddiferently in resolv.conf that I want to get the *.meadwestvaco.com resolution. This has been a long a painful taril, and I thoguht I had what I wanted based upon using nslookup as a test. When I saw diffeent software (nmap in this case) getting diferent resolutin, it was verry disapointiing. Um, nslookup doesn't get e.g. cvsup.mcn.chs as the reverse lookup -- it just finds that name first when looking up 'cvsup' because of the order in which you specified domains in the 'search' directive in your resolv.conf. When you asked nslookup for a reverse lookup of 10.209.142.151 it returned cvsup.meadwestvaco.com just like everything else did. The 'reverse lookup' for a.b.c.d by definition returns the value of the PTR record(s) with label d.c.b.a.in-addr.arpa. Barring DNS spazzes, this will be the same no matter which machine issues the request. Well, normally. There is one special case I'm aware of -- if you configure your nameservers with 'split-horizon' DNS, they can return different information depending on the IP address range from which the request originates. Dave -- Dave Anderson d...@daveanderson.com
Re: Odd name lookup behavior
On Thu, Nov 19, 2009 at 03:08:25PM -0500, Dave Anderson wrote: On Thu, 19 Nov 2009, stan wrote: On Thu, Nov 19, 2009 at 11:24:44AM -0500, Dave Anderson wrote: On Thu, 19 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 11:03:27PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. Your analysis is correct, in that thier are multiple names (don't ask :-(). I have control of some of the nameservers. They are bind 9 on OpenBSD, can you clarify what you mean by offical name are you talking about a A entry, as oposed to a CNAME entry? Sorry I wasn't clear. I was referring to the *.in-addr.arpa 'PTR' DNS entry which provides the translation from IPv4 address to host name. K, I am starting to understand this now, thequestion is how to fix it. I do have a PTR record in my 10.in-addr.arpa db. If I wan this NOT to be the authortative entry for this IP - name tarnsaltion, so that an authortative eoll 'pass on by this Bind instnace and go on to one further down, how can I acomplis htis? If I'm understanding you correctly, you can't. The only control which I recall offhand that you have over whether a nameserver responds with data from its cache is to set the 'authoritative' flag in your request, which will cause a nameserver with only cached data to pass the request on -- but you don't want to do this routinely since it defeats the distributed nature of DNS and so results in overloading the authoritative servers. All that the 'authoritative' flag tells you is whether the response came from a server with the entry in its cache (not authoritative) or from one which has that information manually configured on it (authoritative) -- so I'm not at all sure what you mean by 'fix it'. What exactly is the behavior that you want? I would like to have all programs get the same results as nslookup, that is get *.mcn.chs for the reverese lookup from this machine. I have other machines configureddiferently in resolv.conf that I want to get the *.meadwestvaco.com resolution. This has been a long a painful taril, and I thoguht I had what I wanted based upon using nslookup as a test. When I saw diffeent software (nmap in this case) getting diferent resolutin, it was verry disapointiing. Um, nslookup doesn't get e.g. cvsup.mcn.chs as the reverse lookup -- it just finds that name first when looking up 'cvsup' because of the order in which you specified domains in the 'search' directive in your resolv.conf. When you asked nslookup for a reverse lookup of 10.209.142.151 it returned cvsup.meadwestvaco.com just like everything else did. The 'reverse lookup' for a.b.c.d by definition returns the value of the PTR record(s) with label d.c.b.a.in-addr.arpa. Barring DNS spazzes, this will be the same no matter which machine issues the request. Well, normally. There is one special case I'm aware of -- if you configure your nameservers with 'split-horizon' DNS, they can return different information depending on the IP address range from which the request originates. Thanks for the patient explanation. I am an idiot. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Odd name lookup behavior
Q: what's more annoying than top posting? A: full quoting bottom posters. On Nov 19, 2009, at 12:57 PM, stan st...@panix.com wrote: On Thu, Nov 19, 2009 at 03:08:25PM -0500, Dave Anderson wrote: On Thu, 19 Nov 2009, stan wrote: On Thu, Nov 19, 2009 at 11:24:44AM -0500, Dave Anderson wrote: On Thu, 19 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 11:03:27PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. Your analysis is correct, in that thier are multiple names (don't ask :-(). I have control of some of the nameservers. They are bind 9 on OpenBSD, can you clarify what you mean by offical name are you talking about a A entry, as oposed to a CNAME entry? Sorry I wasn't clear. I was referring to the *.in-addr.arpa 'PTR' DNS entry which provides the translation from IPv4 address to host name. K, I am starting to understand this now, thequestion is how to fix it. I do have a PTR record in my 10.in-addr.arpa db. If I wan this NOT to be the authortative entry for this IP - name tarnsaltion, so that an authortative eoll 'pass on by this Bind instnace and go on to one further down, how can I acomplis htis? If I'm understanding you correctly, you can't. The only control which I recall offhand that you have over whether a nameserver responds with data from its cache is to set the 'authoritative' flag in your request, which will cause a nameserver with only cached data to pass the request on -- but you don't want to do this routinely since it defeats the distributed nature of DNS and so results in overloading the authoritative servers. All that the 'authoritative' flag tells you is whether the response came from a server with the entry in its cache (not authoritative) or from one which has that information manually configured on it (authoritative) -- so I'm not at all sure what you mean by 'fix it'. What exactly is the behavior that you want? I would like to have all programs get the same results as nslookup, that is get *.mcn.chs for the reverese lookup from this machine. I have other machines configureddiferently in resolv.conf that I want to get the *.meadwestvaco.com resolution. This has been a long a painful taril, and I thoguht I had what I wanted based upon using nslookup as a test. When I saw diffeent software (nmap in this case) getting diferent resolutin, it was verry disapointiing. Um, nslookup doesn't get e.g. cvsup.mcn.chs as the reverse lookup -- it just finds that name first when looking up 'cvsup' because of the order in which you specified domains in the 'search' directive in your resolv.conf. When you asked nslookup for a reverse lookup of 10.209.142.151 it returned cvsup.meadwestvaco.com just like everything else did. The 'reverse lookup' for a.b.c.d by definition returns the value of the PTR record(s) with label d.c.b.a.in-addr.arpa. Barring DNS spazzes, this will be the same no matter which machine issues the request. Well, normally. There is one special case I'm aware of -- if you configure your nameservers with 'split-horizon' DNS, they can return different information depending on the IP address range from which the request originates. Thanks for the patient explanation. I am an idiot. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Odd name lookup behavior
On Thu, 19 Nov 2009, stan wrote: On Thu, Nov 19, 2009 at 03:08:25PM -0500, Dave Anderson wrote: On Thu, 19 Nov 2009, stan wrote: On Thu, Nov 19, 2009 at 11:24:44AM -0500, Dave Anderson wrote: On Thu, 19 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 11:03:27PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. Your analysis is correct, in that thier are multiple names (don't ask :-(). I have control of some of the nameservers. They are bind 9 on OpenBSD, can you clarify what you mean by offical name are you talking about a A entry, as oposed to a CNAME entry? Sorry I wasn't clear. I was referring to the *.in-addr.arpa 'PTR' DNS entry which provides the translation from IPv4 address to host name. K, I am starting to understand this now, thequestion is how to fix it. I do have a PTR record in my 10.in-addr.arpa db. If I wan this NOT to be the authortative entry for this IP - name tarnsaltion, so that an authortative eoll 'pass on by this Bind instnace and go on to one further down, how can I acomplis htis? If I'm understanding you correctly, you can't. The only control which I recall offhand that you have over whether a nameserver responds with data from its cache is to set the 'authoritative' flag in your request, which will cause a nameserver with only cached data to pass the request on -- but you don't want to do this routinely since it defeats the distributed nature of DNS and so results in overloading the authoritative servers. All that the 'authoritative' flag tells you is whether the response came from a server with the entry in its cache (not authoritative) or from one which has that information manually configured on it (authoritative) -- so I'm not at all sure what you mean by 'fix it'. What exactly is the behavior that you want? I would like to have all programs get the same results as nslookup, that is get *.mcn.chs for the reverese lookup from this machine. I have other machines configureddiferently in resolv.conf that I want to get the *.meadwestvaco.com resolution. This has been a long a painful taril, and I thoguht I had what I wanted based upon using nslookup as a test. When I saw diffeent software (nmap in this case) getting diferent resolutin, it was verry disapointiing. Um, nslookup doesn't get e.g. cvsup.mcn.chs as the reverse lookup -- it just finds that name first when looking up 'cvsup' because of the order in which you specified domains in the 'search' directive in your resolv.conf. When you asked nslookup for a reverse lookup of 10.209.142.151 it returned cvsup.meadwestvaco.com just like everything else did. The 'reverse lookup' for a.b.c.d by definition returns the value of the PTR record(s) with label d.c.b.a.in-addr.arpa. Barring DNS spazzes, this will be the same no matter which machine issues the request. Well, normally. There is one special case I'm aware of -- if you configure your nameservers with 'split-horizon' DNS, they can return different information depending on the IP address range from which the request originates. Thanks for the patient explanation. I am an idiot. Ignorance != idiocy. Dave -- Dave Anderson d...@daveanderson.com
Re: Odd name lookup behavior
On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. r...@pm3fw:root# nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 cvsup Starting Nmap 4.76 ( http://nmap.org ) at 2009-11-18 15:05 EST Initiating Ping Scan at 15:05 Scanning 10.209.142.151 [8 ports] Completed Ping Scan at 15:05, 0.20s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 15:05 Completed Parallel DNS resolution of 1 host. at 15:05, 0.00s elapsed Initiating SYN Stealth Scan at 15:05 Scanning cvsup.meadwestvaco.com (10.209.142.151) [1000 ports] Is nmap not using the resolver libraries? I've never looked at the innards of nmap, but I expect that it's reporting the 'official' name from the reverse lookup regardless of how you initially specified the system to scan. Given that it can scan multiple hosts this makes sense, since it may not have been given names for all of them. Dave -- Dave Anderson d...@daveanderson.com
Re: Odd name lookup behavior
On Wed, 18 Nov 2009 15:06:28 -0500 stan st...@panix.com wrote: Can anyone xplain this behavior to me? Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? r...@pm3fw:root# nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 cvsup Starting Nmap 4.76 ( http://nmap.org ) at 2009-11-18 15:05 EST Initiating Ping Scan at 15:05 Scanning 10.209.142.151 [8 ports] Completed Ping Scan at 15:05, 0.20s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 15:05 Completed Parallel DNS resolution of 1 host. at 15:05, 0.00s elapsed Initiating SYN Stealth Scan at 15:05 Scanning cvsup.meadwestvaco.com (10.209.142.151) [1000 ports] Is nmap not using the resolver libraries? Your dns at 127.0.0.1 does not resolve 151.142.209.10.in-addr.arpa? 127.0.0.1:53 allows recursiv querys so it looks elsewhere and serves the real hostname? - Robert
Re: Odd name lookup behavior
On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. Your analysis is correct, in that thier are multiple names (don't ask :-(). I have control of some of the nameservers. They are bind 9 on OpenBSD, can you clarify what you mean by offical name are you talking about a A entry, as oposed to a CNAME entry? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Odd name lookup behavior
On Wed, Nov 18, 2009 at 11:21:41PM +0100, Robert wrote: On Wed, 18 Nov 2009 15:06:28 -0500 stan st...@panix.com wrote: Can anyone xplain this behavior to me? Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? r...@pm3fw:root# nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 cvsup Starting Nmap 4.76 ( http://nmap.org ) at 2009-11-18 15:05 EST Initiating Ping Scan at 15:05 Scanning 10.209.142.151 [8 ports] Completed Ping Scan at 15:05, 0.20s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 15:05 Completed Parallel DNS resolution of 1 host. at 15:05, 0.00s elapsed Initiating SYN Stealth Scan at 15:05 Scanning cvsup.meadwestvaco.com (10.209.142.151) [1000 ports] Is nmap not using the resolver libraries? Your dns at 127.0.0.1 does not resolve 151.142.209.10.in-addr.arpa? 127.0.0.1:53 allows recursiv querys so it looks elsewhere and serves the real hostname? Yes the Bind 9 instance on this OpenBSD machine does allow recursion, but the machines that it points to _should not_ have a reverse record for this address that points to the meadwestvaco name. Sounds like I need to check that out thoug. Thanks. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Odd name lookup behavior
On Wed, Nov 18, 2009 at 11:21:41PM +0100, Robert wrote: On Wed, 18 Nov 2009 15:06:28 -0500 stan st...@panix.com wrote: Can anyone xplain this behavior to me? Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? r...@pm3fw:root# nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 cvsup Starting Nmap 4.76 ( http://nmap.org ) at 2009-11-18 15:05 EST Initiating Ping Scan at 15:05 Scanning 10.209.142.151 [8 ports] Completed Ping Scan at 15:05, 0.20s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 15:05 Completed Parallel DNS resolution of 1 host. at 15:05, 0.00s elapsed Initiating SYN Stealth Scan at 15:05 Scanning cvsup.meadwestvaco.com (10.209.142.151) [1000 ports] Is nmap not using the resolver libraries? Your dns at 127.0.0.1 does not resolve 151.142.209.10.in-addr.arpa? 127.0.0.1:53 allows recursiv querys so it looks elsewhere and serves the real hostname? OK here are the servers that the local nameserver recurses to: forwarders { 10.209.142.158; 10.209.144.150; 10.209.142.154; }; And if I use nslookup and set it to each of them in turn, i still get the mcn.chs name: s...@pm3fw:stan$ nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. server 10.209.142.158 Default server: 10.209.142.158 Address: 10.209.142.158#53 cvsup Server: 10.209.142.158 Address:10.209.142.158#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 server 10.209.144.150 Default server: 10.209.144.150 Address: 10.209.144.150#53 cvsup Server: 10.209.144.150 Address:10.209.144.150#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 server 10.209.142.154 Default server: 10.209.142.154 Address: 10.209.142.154#53 cvsup Server: 10.209.142.154 Address:10.209.142.154#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 Of course, I do see the Non-authoritative answer: clause in each of these. Would that mean that a program could request an authoritative answer? If so, how? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Odd name lookup behavior
On Wed, 18 Nov 2009, stan wrote: On Wed, Nov 18, 2009 at 05:00:02PM -0500, Dave Anderson wrote: On Wed, 18 Nov 2009, stan wrote: Can anyone xplain this behavior to me? Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. Given the following resolv.conf file: r...@pm3fw:root# cat /etc/resolv.conf lookup file bind search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com nameserver 127.0.0.1 nameserver 10.209.128.20 nameserver 10.209.128.26 nameserver 10.209.142.158 And: r...@pm3fw:root# nslookup cvsup Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: cvsup.mcn.chs Address: 10.209.142.151 10.209.142.151 Server: 127.0.0.1 Address:127.0.0.1#53 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. exit Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. Your analysis is correct, in that thier are multiple names (don't ask :-(). I have control of some of the nameservers. They are bind 9 on OpenBSD, can you clarify what you mean by offical name are you talking about a A entry, as oposed to a CNAME entry? Sorry I wasn't clear. I was referring to the *.in-addr.arpa 'PTR' DNS entry which provides the translation from IPv4 address to host name. Dave -- Dave Anderson d...@daveanderson.com
Re: Odd name lookup behavior
You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. snip You made that up. Yes it can. If it's configured to do so. I'm guessing that the confusion is based on the assumption that forward and reverse zones are linked -- they aren't. You can edit A records all ay long and it won't change the ptr records in the reverse zone. Figure out where the reverse zone is being served from (possibly with dig +trace -x 10.209.142.151) and edit that.
Re: Odd name lookup behavior
On Wed, 18 Nov 2009, Bryan Irvine wrote: You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. snip You made that up. Yes it can. If it's configured to do so. Sorry, you're quite right -- there can be multiple PTR records. Evidently my brain wasn't fully engaged. Dave -- Dave Anderson d...@daveanderson.com