[UCIMC-Tech] DNS problem at IMC (clue toward fix)

Stuart Levy slevy at ncsa.uiuc.edu
Thu Feb 28 17:32:43 CST 2008 

On Thu, Feb 28, 2008 at 04:58:10PM -0600, Jay Schubert wrote:
> Techsters,
> 
> Can anyone make an educated guess as to why books2prisoners.org doesn't
> resolve properly from the IMC?

I've seen this kind of thing too -- it likewise doesn't work to
resolve http://www.anti-war.net/ from inside the IMC either.


Using "host -d www.books2prisoners.org" on the inside vs. outside shows the difference:

>From the "inside IMC" nameserver, which seems to be at IP addr 192.168.11.1:

    ;; ANSWER SECTION:
    www.books2prisoners.org. 300    IN      A       72.22.69.10

    ;; ADDITIONAL SECTION:
    ns.chambana.net.        300     IN      A       74.134.241.116
    ns2.chambana.net.       300     IN      A       74.134.241.116

    Received 136 bytes from 192.168.11.1#53 in 1 ms
    Trying "www.books2prisoners.org"
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52043
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;www.books2prisoners.org.       IN      AAAA

    ;; AUTHORITY SECTION:
    books2prisoners.org.    300     IN      SOA     ns.chambana.net. hostmaster.chambana.net. 2006082411 300 300 400 300

(note the date on the SOA record -- some time in 2006)


Meanwhile, from outside the IMC, we're seeing a different copy of the books2prisoners.org zone:

    [...]

    ;; ANSWER SECTION:
    www.books2prisoners.org. 1800   IN      A       64.198.208.11

    ;; AUTHORITY SECTION:
    books2prisoners.org.    3600    IN      NS      dns1.name-services.com.
    books2prisoners.org.    3600    IN      NS      dns2.name-services.com.
    [...]

    ;; ADDITIONAL SECTION:
    dns1.name-services.com. 38569   IN      A       69.25.142.42
    dns2.name-services.com. 38569   IN      A       216.52.184.248
    [...]

    ;; AUTHORITY SECTION:
    books2prisoners.org.    1800    IN      SOA     dns1.name-services.com. info.name-services.com. 2002050701 10001 1801 604801 181


Likewise for anti-war.net.

I bet that whatever IMC machine is at 192.168.11.1, it has a copy
of the zone files for books2prisoners.org and anti-war.net (others too?)
and is claiming authority for them even though the data is stale.

Guessing that it's running BIND, the config file is probably
/etc/namedb/named.conf or something in that directory.  Could someone
get rid of stale zones and give the server a kick?

Thanks

   Stuart

More information about the IMC-Tech mailing list