dnsauth3.sys.gtei.net DNS record is poisoned???
Joe Shen
joe_hznm at yahoo.com.sg
Wed Feb 15 16:06:54 UTC 2006
Hi,
Today, some of our customers could not resolve
state.gov by our cache server.
I found state.gov is served by dnsauth1.sys.gtei.net,
dnsauth2.sys.gtei.net, dnsauth3.sys.gtei.net. Using
some others' DNS servers I found their IP addresses
should be 4.2.49.2, 4.2.49.3, 4.2.49.4. But, our cache
server(BIND9.3.1) got some othere IPs( I've tried
restart bind9.3.1). So, it always failed to resolve
state.gov. After restarting BIND9.3.1 again, I did
"rndc flush" for several times, then it comes back.
Why? is there something poisoned ?
Joe
=========== BIND9 got wrong server IP ====
> set debug
> dnsauth1.sys.gtei.net
Server: dnsv2.zjhzptt.net.cn
Address: 202.101.172.133
;; res_nmkquery(QUERY, dnsauth1.sys.gtei.net, IN, A)
------------
Got answer:
HEADER:
opcode = QUERY, id = 58203, rcode = NOERROR
header flags: response, want recursion,
recursion avail.
questions = 1, answers = 1, authority
records = 3, additional = 2
QUESTIONS:
dnsauth1.sys.gtei.net, type = A, class = IN
ANSWERS:
-> dnsauth1.sys.gtei.net
internet address = 128.121.126.139
ttl = 86084 (86084)
AUTHORITY RECORDS:
-> gtei.net
nameserver = dnsauth2.sys.gtei.net
ttl = 172565 (172565)
-> gtei.net
nameserver = dnsauth3.sys.gtei.net
ttl = 172565 (172565)
-> gtei.net
nameserver = dnsauth1.sys.gtei.net
ttl = 172565 (172565)
ADDITIONAL RECORDS:
-> dnsauth2.sys.gtei.net
internet address = 169.132.13.103
ttl = 86084 (86084)
-> dnsauth3.sys.gtei.net
internet address = 192.67.198.6
ttl = 86084 (86084)
------------
Non-authoritative answer:
Name: dnsauth1.sys.gtei.net
Address: 128.121.126.139
>
==============================
Restart bind and do "rndc flush" 6 times, I got:
======================
> set debug
> state.gov
Server: hzdnsv2.zjhzptt.net.cn
Address: 202.101.172.133
;; res_nmkquery(QUERY, state.gov, IN, A)
------------
Got answer:
HEADER:
opcode = QUERY, id = 20953, rcode = NOERROR
header flags: response, want recursion,
recursion avail.
questions = 1, answers = 1, authority
records = 3, additional = 3
QUESTIONS:
state.gov, type = A, class = IN
ANSWERS:
-> state.gov
internet address = 164.109.48.80
ttl = 1778 (1778)
AUTHORITY RECORDS:
-> state.gov
nameserver = dnsauth3.sys.gtei.net
ttl = 1778 (1778)
-> state.gov
nameserver = dnsauth1.sys.gtei.net
ttl = 1778 (1778)
-> state.gov
nameserver = dnsauth2.sys.gtei.net
ttl = 1778 (1778)
ADDITIONAL RECORDS:
-> dnsauth1.sys.gtei.net
internet address = 4.2.49.2
ttl = 172767 (172767)
-> dnsauth2.sys.gtei.net
internet address = 4.2.49.3
ttl = 172767 (172767)
-> dnsauth3.sys.gtei.net
internet address = 4.2.49.4
ttl = 172767 (172767)
------------
Non-authoritative answer:
Name: state.gov
Address: 164.109.48.80
>
==================================
__________________________________
Meet your soulmate!
Yahoo! Asia presents Meetic - where millions of singles gather
http://asia.yahoo.com/meetic
More information about the NANOG
mailing list