Reverse DNS problem

• Previous message (by thread): Reverse DNS problem
• Next message (by thread): Reverse DNS problem - ARIN changes last week
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've been in touch with ARIN on the same issue noticed at a different site.

According to ARIN, some older BIND resolvers aren't handling the referrals 
that they get back from the gtld-servers for some of ARIN's name servers. 
The problem started Thursday when ARIN changed the list of NS's for the 
ARIN in-addr.arpa zones.

ARIN is still investigating and I'm waiting to hear back.

Trent Arsenault
trent at trent.us

At 05:46 AM 10/6/2003, Schmiedt, Jamie wrote:

>We have been experiencing problems with reverse DNS requests since 
>Thursday 10/2/2003. Just wondering if anyone else is seeing this issue? 
>This is affecting freeBSD & Linux hosts with Bind version 8.2.3 & 8.3.3.
>
>Reverse Lookups fail as follows:
>host0001$ nslookup
>Default Server:  host0001.domain123.net
>Address:  0.0.0.0
> > ccn.com
>Server:  host0001.domain123.net
>Address:  0.0.0.0
>Name:    ccn.com
>Address:  63.172.52.127
> > 63.172.52.127
>Server:  host0001.domain123.net
>Address:  0.0.0.0
>*** Request to host0001.domain123.net timed-out
> >
>
>tcpdump shows this:
>16:32:21.864111 123.123.123.123.1024 > 192.12.94.30.53:  6333 A? 
>chia.ARIN.NET. (31)
>16:32:21.864298 123.123.123.123.1024 > 192.12.94.30.53:  48444 A? 
>dill.ARIN.NET. (31)
>16:32:21.864597 123.123.123.123.1024 > 192.12.94.30.53:  43887 A? 
>henna.ARIN.NET. (32)
>16:32:21.864754 123.123.123.123.1024 > 192.12.94.30.53:  13510 A? 
>indigo.ARIN.NET. (33)
>16:32:21.864910 123.123.123.123.1024 > 192.12.94.30.53:  6129 A? 
>epazote.ARIN.NET. (34)
>16:32:21.865067 123.123.123.123.1024 > 192.12.94.30.53:  61408 A? 
>figwort.ARIN.NET. (34)
>16:32:21.865222 123.123.123.123.1024 > 192.12.94.30.53:  38595 A? 
>ginseng.ARIN.NET. (34)
>16:32:21.865383 123.123.123.123.1024 > 192.36.148.17.53:  60682 PTR? 
>127.52.172.63.in-addr.arpa. (46)
>16:32:21.932444 192.12.94.30.53 > 123.123.123.123.1024:  48444- 0/7/7 
>(271) (DF)
>16:32:21.941921 192.12.94.30.53 > 123.123.123.123.1024:  6333- 0/7/7 (271) 
>(DF)
>16:32:21.951550 192.12.94.30.53 > 123.123.123.123.1024:  43887- 0/7/7 
>(272) (DF)
>16:32:21.961288 192.12.94.30.53 > 123.123.123.123.1024:  13510- 0/7/7 
>(273) (DF)
>16:32:21.970903 192.12.94.30.53 > 123.123.123.123.1024:  6129- 0/7/7 (274) 
>(DF)
>16:32:21.980540 192.12.94.30.53 > 123.123.123.123.1024:  61408- 0/7/7 
>(274) (DF)
>16:32:21.990282 192.12.94.30.53 > 123.123.123.123.1024:  38595- 0/7/7 
>(274) (DF)
>16:32:22.016671 192.36.148.17.53 > 123.123.123.123.1024:  60682- 0/7/0 
>(199) (DF)
>16:32:22.017854 123.123.123.123.1024 > 192.54.112.30.53:  46181 A? 
>chia.ARIN.NET. (31)
>16:32:22.017883 123.123.123.123.1024 > 192.54.112.30.53:  28356 A? 
>dill.ARIN.NET. (31)
>16:32:22.017907 123.123.123.123.1024 > 192.54.112.30.53:  29015 A? 
>henna.ARIN.NET. (32)
>16:32:22.017932 123.123.123.123.1024 > 192.54.112.30.53:  39822 A? 
>indigo.ARIN.NET. (33)
>16:32:22.017958 123.123.123.123.1024 > 192.54.112.30.53:  25113 A? 
>epazote.ARIN.NET. (34)
>16:32:22.017984 123.123.123.123.1024 > 192.54.112.30.53:  7656 A? 
>figwort.ARIN.NET. (34)
>16:32:22.018008 123.123.123.123.1024 > 192.54.112.30.53:  53035 A? 
>ginseng.ARIN.NET. (34)
>16:32:22.142472 192.54.112.30.53 > 123.123.123.123.1024:  28356- 0/7/7 
>(271) (DF)
>16:32:22.151936 192.54.112.30.53 > 123.123.123.123.1024:  46181- 0/7/7 
>(271) (DF)
>16:32:22.161553 192.54.112.30.53 > 123.123.123.123.1024:  39822- 0/7/7 
>(273) (DF)
>16:32:22.171199 192.54.112.30.53 > 123.123.123.123.1024:  29015- 0/7/7 
>(272) (DF)
>16:32:22.180924 192.54.112.30.53 > 123.123.123.123.1024:  25113- 0/7/7 
>(274) (DF)
>16:32:22.190561 192.54.112.30.53 > 123.123.123.123.1024:  53035- 0/7/7 
>(274) (DF)
>16:32:22.200290 192.54.112.30.53 > 123.123.123.123.1024:  7656- 0/7/7 
>(274) (DF)
>16:32:26.868123 123.123.123.123.1024 > 192.41.162.30.53:  32457 A? 
>chia.ARIN.NET. (31)
>16:32:26.868300 123.123.123.123.1024 > 192.41.162.30.53:  65240 A? 
>dill.ARIN.NET. (31)
>16:32:26.868452 123.123.123.123.1024 > 192.41.162.30.53:  15332 A? 
>henna.ARIN.NET. (32)
>16:32:26.868602 123.123.123.123.1024 > 192.41.162.30.53:  41975 A? 
>indigo.ARIN.NET. (33)
>16:32:26.868753 123.123.123.123.1024 > 192.41.162.30.53:  21934 A? 
>epazote.ARIN.NET. (34)
>16:32:26.868905 123.123.123.123.1024 > 192.41.162.30.53:  56761 A? 
>figwort.ARIN.NET. (34)
>16:32:26.869057 123.123.123.123.1024 > 192.41.162.30.53:  52488 A? 
>ginseng.ARIN.NET. (34)
>16:32:26.869208 123.123.123.123.1024 > 198.41.0.4.53:  64459 PTR? 
>127.52.172.63.in-addr.arpa. (46)
>16:32:26.923374 192.41.162.30.53 > 123.123.123.123.1024:  32457- 0/7/7 
>(271) (DF)
>16:32:26.930326 198.41.0.4.53 > 123.123.123.123.1024:  64459- 0/7/0 (199)
>16:32:26.931103 123.123.123.123.1024 > 192.52.178.30.53:  45170 A? 
>chia.ARIN.NET. (31)
>16:32:26.939982 192.41.162.30.53 > 123.123.123.123.1024:  15332- 0/7/7 
>(272) (DF)
>16:32:26.949578 192.41.162.30.53 > 123.123.123.123.1024:  65240- 0/7/7 
>(271) (DF)
>16:32:26.959220 192.41.162.30.53 > 123.123.123.123.1024:  41975- 0/7/7 
>(273) (DF)
>16:32:26.968842 192.41.162.30.53 > 123.123.123.123.1024:  21934- 0/7/7 
>(274) (DF)
>16:32:26.978581 192.41.162.30.53 > 123.123.123.123.1024:  56761- 0/7/7 
>(274) (DF)
>16:32:26.988220 192.41.162.30.53 > 123.123.123.123.1024:  52488- 0/7/7 
>(274) (DF)
>16:32:27.058851 192.52.178.30.53 > 123.123.123.123.1024:  45170- 0/7/7 
>(271) (DF)
>
>We can temporarily resolve the problem by issuing the following dig command:
>
>dig @<any ARIN in-addr.arpa server; ginseng, fogwort, etc.> -x <any sequence>
>example: host0001# dig @ginseng.arin.net -x abc
>
>Then the reverse lookups being to work and the tcpdump is as follows: 
>(notice the difference in lines 8,9,10,11)
>16:33:01.664320 123.123.123.123.1024 > 192.35.51.32.53:  33751 A? 
>chia.ARIN.NET. (31)
>16:33:01.664460 123.123.123.123.1024 > 192.35.51.32.53:  11278 A? 
>dill.ARIN.NET. (31)
>16:33:01.664573 123.123.123.123.1024 > 192.35.51.32.53:  55449 A? 
>henna.ARIN.NET. (32)
>16:33:01.664684 123.123.123.123.1024 > 192.35.51.32.53:  49768 A? 
>indigo.ARIN.NET. (33)
>16:33:01.664797 123.123.123.123.1024 > 192.35.51.32.53:  18859 A? 
>epazote.ARIN.NET. (34)
>16:33:01.664909 123.123.123.123.1024 > 192.35.51.32.53:  40146 A? 
>figwort.ARIN.NET. (34)
>16:33:01.665002 123.123.123.123.1024 > 192.33.14.32.53:  62349 PTR? 
>127.52.172.63.in-addr.arpa. (46)
>16:33:01.725238 192.35.51.32.53 > 123.123.123.123.1024:  33751*- 1/8/8 A 
>192.5.6.32 (320) (DF)
>16:33:01.736288 192.35.51.32.53 > 123.123.123.123.1024:  11278*- 1/8/8 A 
>192.35.51.32 (320) (DF)
>16:33:01.747452 192.35.51.32.53 > 123.123.123.123.1024:  55449*- 1/8/8 A 
>192.26.92.32 (321) (DF)
>16:33:01.758663 192.35.51.32.53 > 123.123.123.123.1024:  49768*- 1/8/8 A 
>192.31.80.32 (322) (DF)
>16:33:01.765379 192.33.14.32.53 > 123.123.123.123.1024:  62349- 0/3/0 
>(134) (DF)
>16:33:01.765834 123.123.123.123.1024 > 199.191.128.105.53:  19916 PTR? 
>127.52.172.63.in-addr.arpa. (46)
>16:33:01.776697 192.35.51.32.53 > 123.123.123.123.1024:  18859*- 1/8/8 A 
>192.41.162.32 (323) (DF)
>16:33:01.787806 192.35.51.32.53 > 123.123.123.123.1024:  40146*- 1/8/8 A 
>192.42.93.32 (323) (DF)
>16:33:01.794121 199.191.128.105.53 > 123.123.123.123.1024:  19916*- 1/2/2 
>(171) (DF)
>
>
>Restarting named does not help.
>These host are located on several different ISP networks.
>Forward lookups function properly.
>
>Stumped...
>
>Any help or suggestions would be greatly appreciated. Thanks.
>
>-jamie
>

• Previous message (by thread): Reverse DNS problem
• Next message (by thread): Reverse DNS problem - ARIN changes last week
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]