[H-GEN] bizarre DNS problem

Bruce Campbell bc at humbug.org.au
Thu Apr 6 00:57:05 EDT 2000 

[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics.  Please observe the list's charter.          ]

On Thu, 6 Apr 2000, Daniel Quinlan wrote:

daniel>   one of our clients is having a really bizarre DNS problem.
daniel>   intermittently mail to a particular domain (ochreis.com.au) bounces with
daniel>   an error of 'host lookup did not complete'

Firstly, please read RFC 2182.  The gist of this is detailed below after a
long section of diagnostics.

daniel>   doesn't. the problem goes away after a few minutes and everything seems
daniel>   fine. webdata have said 'everything is ok on our end, it must be your server'
daniel>   however when the problem is happening i've tried

Lets understand where the domain is located.  

$ dig @munnari.oz.au ns ochreis.com.au 
	;; ANSWER SECTION:
	ochreis.com.au.         1D IN NS        oda.webdata.com.AU.
	ochreis.com.au.         1D IN NS        babu.webdata.com.AU.

Fine, we have two nameservers.  Whats the IP address of oda and babu ?  We
haven't received that information in the query.  So, we then lookup the
nameservers for webdata.com.au:

$ dig @munnari.oz.au ns webdata.com.au
	;; ANSWER SECTION:
	webdata.com.au.         1D IN NS        northcorp.internetnorth.com.au.
	webdata.com.au.         1D IN NS        ns1.telstra.net.

	;; ADDITIONAL SECTION:
	northcorp.internetnorth.com.au.  1D IN A  203.14.120.1
	ns1.telstra.net.        1d23h45m1s IN A  139.130.4.5

Woohoo, we have actual IP addresses that we can query to find out the IP
addresses of oda and babu.webdata.com.au.

$ dig @203.14.120.1 oda.webdata.com.au
	;; ANSWER SECTION:
	oda.webdata.com.au.     0S IN A         203.46.35.4

	;; AUTHORITY SECTION:
	webdata.com.au.         0S IN NS        northcorp.internetnorth.com.au.
	webdata.com.au.         0S IN NS        ns1.telstra.net.

	;; ADDITIONAL SECTION:
	northcorp.internetnorth.com.au.  1D IN A  203.14.120.1
	ns1.telstra.net.        2h47m11s IN A   139.130.4.5

Now, we have the IP address for oda.webdata.com.au.  Lets get babu as
well:

$ dig @203.14.120.1 babu.webdata.com.au
	;; ANSWER SECTION:
	babu.webdata.com.au.    0S IN A         203.46.120.9

	;; AUTHORITY SECTION:
	webdata.com.au.         0S IN NS        northcorp.internetnorth.com.au.
	webdata.com.au.         0S IN NS        ns1.telstra.net.

What was our original query again? (Its been so long ago) Ah, the client
has made the request again:

$ dig @203.46.120.9 mx ochreis.com.au
	;; ANSWER SECTION:
	ochreis.com.au.         1D IN MX        10 oda.webdata.com.au.

	;; AUTHORITY SECTION:
	ochreis.com.au.         1D IN NS        babu.webdata.com.au.
	ochreis.com.au.         1D IN NS        oda.webdata.com.au.

	;; Total query time: 5266 msec

Long query time.  For completeness, lets go ask oda for the same:

$ dig @203.46.35.4 mx ochreis.com.au

	;; ANSWER SECTION:
	ochreis.com.au.         1D IN MX        10 oda.webdata.com.au.

	;; AUTHORITY SECTION:
	ochreis.com.au.         1D IN NS        oda.webdata.com.au.
	ochreis.com.au.         1D IN NS        babu.webdata.com.au.

	;; Total query time: 94 msec

A traceroute to both oda and babu reveal:

 3  Fddi0-0.cha1.Brisbane.telstra.net (139.130.247.228)  32.919 ms  27.738
ms  19.893 ms
 4  intno.lnk.telstra.net (139.130.65.132)  108.325 ms  57.386 ms  82.651
ms
 5  babu.webdata.com.au (203.46.120.9)  61.163 ms  69.585 ms  61.323 ms

--- babu.webdata.com.au ping statistics ---
32 packets transmitted, 30 packets received, 6% packet loss
round-trip min/avg/max/stddev = 51.099/106.736/213.513/43.549 ms

daniel>   any ideas on what could cause this?

a) The com.au servers are not supplying 'glue' records of oda and babu's
   IP addresses (hence the need for the extra queries).

b) The link to webdata exhibits 'burst' traffic, which can mean that DNS
   queries take some time, or may be dropped.

c) RFC2182 - both nameservers are at the wrong end of *one* link.  If that
   link is dropping packets (such as its dead), then queries to machines
   behind that link simply will not work.

You may wish to read: 
	http://archive.humbug.org.au/humbug-general/2000-01/msg00118.html
	http://archive.humbug.org.au/humbug-chat/2000-01/msg00018.html

DNS isn't hard to understand ;)

-- 
  Bruce.                                                         | VP/BOFH
  Infinite Monkeys.  Infinite Keyboards.  I see no Shakespeare.  |  HUMBUG
  Usenet may or may not be an implementation of RFC2795.         |     PAN



--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.

More information about the General mailing list