[UCIMC-Tech] DNS problem at IMC (clue toward fix)
Stuart Levy
slevy at ncsa.uiuc.edu
Tue Mar 4 08:55:52 CST 2008
On Tue, Mar 04, 2008 at 08:21:45AM -0600, Stuart Levy wrote:
> On Tue, Mar 04, 2008 at 08:05:08AM -0600, Jay Schubert wrote:
> > Tech,
> >
> > Has anyone been able to follow up on Stuart's suggestion?
>
> Josh King did last week (2/28). And it's still working -- at least,
> I can see www.books2prisoners.org from zeco.
... actually, in case this were liable to come up again as other
zones are served by dual-homed hosts, another way to fix it occurs to me too.
What if we just let everyone use the global DNS -- no duplicated zones --
but just added static host routes on the router so that any packet sent to
<outside-world-interface-of-server-host> would be routed to
<inside-world-interface-of-same>? It would just need one static route per
server host (assuming that the router can accept static routes),
rather than having a whole duplicated DNS zone per service on that host.
It'd put a small extra CPU load on the router and a heavier load on the LAN,
but shouldn't burden the outside-world network at all.
> > Thanks,
> > Jay
> >
> > On Thu, Feb 28, 2008 at 5:32 PM, Stuart Levy <slevy at ncsa.uiuc.edu> wrote:
> >
> > > On Thu, Feb 28, 2008 at 04:58:10PM -0600, Jay Schubert wrote:
> > > > Techsters,
> > > >
> > > > Can anyone make an educated guess as to why books2prisoners.org doesn't
> > > > resolve properly from the IMC?
> > >
> > > I've seen this kind of thing too -- it likewise doesn't work to
> > > resolve http://www.anti-war.net/ from inside the IMC either.
> > >
> > >
> > > Using "host -d www.books2prisoners.org" on the inside vs. outside shows
> > > the difference:
> > >
> > > From the "inside IMC" nameserver, which seems to be at IP addr
> > > 192.168.11.1:
> > >
> > > ;; ANSWER SECTION:
> > > www.books2prisoners.org. 300 IN A 72.22.69.10
> > >
> > > ;; ADDITIONAL SECTION:
> > > ns.chambana.net. 300 IN A 74.134.241.116
> > > ns2.chambana.net. 300 IN A 74.134.241.116
> > >
> > > Received 136 bytes from 192.168.11.1#53 in 1 ms
> > > Trying "www.books2prisoners.org"
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52043
> > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > >
> > > ;; QUESTION SECTION:
> > > ;www.books2prisoners.org. IN AAAA
> > >
> > > ;; AUTHORITY SECTION:
> > > books2prisoners.org. 300 IN SOA ns.chambana.net.
> > > hostmaster.chambana.net. 2006082411 300 300 400 300
> > >
> > > (note the date on the SOA record -- some time in 2006)
> > >
> > >
> > > Meanwhile, from outside the IMC, we're seeing a different copy of the
> > > books2prisoners.org zone:
> > >
> > > [...]
> > >
> > > ;; ANSWER SECTION:
> > > www.books2prisoners.org. 1800 IN A 64.198.208.11
> > >
> > > ;; AUTHORITY SECTION:
> > > books2prisoners.org. 3600 IN NS dns1.name-services.com.
> > > books2prisoners.org. 3600 IN NS dns2.name-services.com.
> > > [...]
> > >
> > > ;; ADDITIONAL SECTION:
> > > dns1.name-services.com. 38569 IN A 69.25.142.42
> > > dns2.name-services.com. 38569 IN A 216.52.184.248
> > > [...]
> > >
> > > ;; AUTHORITY SECTION:
> > > books2prisoners.org. 1800 IN SOA dns1.name-services.com.
> > > info.name-services.com. 2002050701 10001 1801 604801 181
> > >
> > >
> > > Likewise for anti-war.net.
> > >
> > > I bet that whatever IMC machine is at 192.168.11.1, it has a copy
> > > of the zone files for books2prisoners.org and anti-war.net (others too?)
> > > and is claiming authority for them even though the data is stale.
> > >
> > > Guessing that it's running BIND, the config file is probably
> > > /etc/namedb/named.conf or something in that directory. Could someone
> > > get rid of stale zones and give the server a kick?
> > >
> > > Thanks
> > >
> > > Stuart
> > >
More information about the IMC-Tech
mailing list