nanog mailing list archives
dnsauth3.sys.gtei.net DNS record is poisoned???
From: Joe Shen <joe_hznm () yahoo com sg>
Date: Thu, 16 Feb 2006 00:06:54 +0800 (CST)
Hi, Today, some of our customers could not resolve state.gov by our cache server. I found state.gov is served by dnsauth1.sys.gtei.net, dnsauth2.sys.gtei.net, dnsauth3.sys.gtei.net. Using some others' DNS servers I found their IP addresses should be 4.2.49.2, 4.2.49.3, 4.2.49.4. But, our cache server(BIND9.3.1) got some othere IPs( I've tried restart bind9.3.1). So, it always failed to resolve state.gov. After restarting BIND9.3.1 again, I did "rndc flush" for several times, then it comes back. Why? is there something poisoned ? Joe =========== BIND9 got wrong server IP ====
set debug dnsauth1.sys.gtei.net
Server: dnsv2.zjhzptt.net.cn Address: 202.101.172.133 ;; res_nmkquery(QUERY, dnsauth1.sys.gtei.net, IN, A) ------------ Got answer: HEADER: opcode = QUERY, id = 58203, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 3, additional = 2 QUESTIONS: dnsauth1.sys.gtei.net, type = A, class = IN ANSWERS: -> dnsauth1.sys.gtei.net internet address = 128.121.126.139 ttl = 86084 (86084) AUTHORITY RECORDS: -> gtei.net nameserver = dnsauth2.sys.gtei.net ttl = 172565 (172565) -> gtei.net nameserver = dnsauth3.sys.gtei.net ttl = 172565 (172565) -> gtei.net nameserver = dnsauth1.sys.gtei.net ttl = 172565 (172565) ADDITIONAL RECORDS: -> dnsauth2.sys.gtei.net internet address = 169.132.13.103 ttl = 86084 (86084) -> dnsauth3.sys.gtei.net internet address = 192.67.198.6 ttl = 86084 (86084) ------------ Non-authoritative answer: Name: dnsauth1.sys.gtei.net Address: 128.121.126.139
============================== Restart bind and do "rndc flush" 6 times, I got: ======================
set debug state.gov
Server: hzdnsv2.zjhzptt.net.cn Address: 202.101.172.133 ;; res_nmkquery(QUERY, state.gov, IN, A) ------------ Got answer: HEADER: opcode = QUERY, id = 20953, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 3, additional = 3 QUESTIONS: state.gov, type = A, class = IN ANSWERS: -> state.gov internet address = 164.109.48.80 ttl = 1778 (1778) AUTHORITY RECORDS: -> state.gov nameserver = dnsauth3.sys.gtei.net ttl = 1778 (1778) -> state.gov nameserver = dnsauth1.sys.gtei.net ttl = 1778 (1778) -> state.gov nameserver = dnsauth2.sys.gtei.net ttl = 1778 (1778) ADDITIONAL RECORDS: -> dnsauth1.sys.gtei.net internet address = 4.2.49.2 ttl = 172767 (172767) -> dnsauth2.sys.gtei.net internet address = 4.2.49.3 ttl = 172767 (172767) -> dnsauth3.sys.gtei.net internet address = 4.2.49.4 ttl = 172767 (172767) ------------ Non-authoritative answer: Name: state.gov Address: 164.109.48.80
================================== __________________________________ Meet your soulmate! Yahoo! Asia presents Meetic - where millions of singles gather http://asia.yahoo.com/meetic
Current thread:
- dnsauth3.sys.gtei.net DNS record is poisoned??? Joe Shen (Feb 15)