Bind & FORMERR resolving domain

[NeMeM9aA]

Mam problem u ktereho nedokazu vygooglit reseni. To samo o sobe je celkem zajimave.

Popis:

Na lokalni siti jsem si zaridil dns pomoci prg. bind na gentoo.
Postupoval jsem v zasade dle tohoto HowTo.

konfiguracni soubor:

Kód:

cat /etc/bind/named.conf
options {
        directory "/var/bind";

        // uncomment the following lines to turn on DNS forwarding,
        // and change the forwarding ip address(es) :
        //forward first;
        forwarders {
        77.48.254.254;
        77.48.100.254;
        212.24.128.8;
        };
        statistics-file "/var/bind/named.stats"; // stats are your friend
        dump-file "/var/bind/named.dump";
        zone-statistics yes;
        //};

        listen-on-v6 { none; };
        listen-on { 127.0.0.1;
                    192.168.1.50;
        };

        // to allow only specific hosts to use the DNS server:
        //allow-query {
        //      127.0.0.1;
        //};

        // if you have problems and are behind a firewall:
        //query-source address * port 53;
        pid-file "/var/run/named/named.pid";
};





logging {

channel default_file { file "/var/log/bind/default.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel general_file { file "/var/log/bind/general.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel database_file { file "/var/log/bind/database.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel security_file { file "/var/log/bind/security.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel config_file { file "/var/log/bind/config.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel resolver_file { file "/var/log/bind/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-in_file { file "/var/log/bind/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-out_file { file "/var/log/bind/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel notify_file { file "/var/log/bind/notify.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel client_file { file "/var/log/bind/client.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel unmatched_file { file "/var/log/bind/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel queries_file { file "/var/log/bind/queries.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel network_file { file "/var/log/bind/network.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel update_file { file "/var/log/bind/update.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dispatch_file { file "/var/log/bind/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dnssec_file { file "/var/log/bind/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel lame-servers_file { file "/var/log/bind/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; };

category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };

                                                                    };


// Briefly, a zone which has been declared delegation-only will be effectively
// limited to containing NS RRs for subdomains, but no actual data beyond its
// own apex (for example, its SOA RR and apex NS RRset). This can be used to
// filter out "wildcard" or "synthesized" data from NAT boxes or from
// authoritative name servers whose undelegated (in-zone) data is of no
// interest.
// See http://www.isc.org/products/BIND/delegation-only.html for more info

//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        allow-update { none; };
        notify no;
};

zone "127.in-addr.arpa" IN {
        type master;
        file "pri/127.zone";
        allow-update { none; };
        notify no;
};
zone "gj" {
        type master;
        file "gj.named";
        };
zone "1.168.192.in-addr.arpa" {
        type master;
        file "gj.rev";
        };

Ted k problemu: resolving na lokale beha tak jak predpokladano. Stejne tak i valna vetsina internetu. Ovsem nektere adresy mi neni schopen prelozit. Napr. www.phoenix.cz obcas taktez www.google.com nebo microsoft.com - ale to jen obcas. Tech adres je vicero. V logu to vypada takto:

Kód:

 cat /var/log/bind/lame-servers.log |tail -60
14-Feb-2008 13:37:04.449 FORMERR resolving 'www.microsoft.com/A/IN': 77.48.100.254#53
14-Feb-2008 13:37:04.758 FORMERR resolving 'www.microsoft.com/A/IN': 77.48.254.254#53
14-Feb-2008 13:37:04.932 FORMERR resolving 'www.microsoft.com/A/IN': 212.24.128.8#53
14-Feb-2008 13:37:05.128 FORMERR resolving 'www.microsoft.com/A/IN': 198.32.64.12#53
14-Feb-2008 13:37:05.206 FORMERR resolving 'www.microsoft.com/A/IN': 192.36.148.17#53
14-Feb-2008 13:37:05.217 FORMERR resolving 'www.microsoft.com/A/IN': 193.0.14.129#53
14-Feb-2008 13:37:05.225 FORMERR resolving 'www.microsoft.com/A/IN': 192.112.36.4#53
14-Feb-2008 13:37:05.237 FORMERR resolving 'www.microsoft.com/A/IN': 128.63.2.53#53
14-Feb-2008 13:37:05.248 FORMERR resolving 'www.microsoft.com/A/IN': 198.41.0.4#53
14-Feb-2008 13:37:05.266 FORMERR resolving 'www.microsoft.com/A/IN': 128.8.10.90#53
14-Feb-2008 13:37:05.285 FORMERR resolving 'www.microsoft.com/A/IN': 192.5.5.241#53
14-Feb-2008 13:37:05.298 FORMERR resolving 'www.microsoft.com/A/IN': 192.228.79.201#53
14-Feb-2008 13:37:05.308 FORMERR resolving 'www.microsoft.com/A/IN': 202.12.27.33#53
14-Feb-2008 13:37:05.318 FORMERR resolving 'www.microsoft.com/A/IN': 192.58.128.30#53
14-Feb-2008 13:37:05.328 FORMERR resolving 'www.microsoft.com/A/IN': 192.33.4.12#53
14-Feb-2008 13:37:05.347 FORMERR resolving 'www.microsoft.com/A/IN': 192.203.230.10#53
14-Feb-2008 13:37:53.345 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 77.48.100.254#53
14-Feb-2008 13:37:53.578 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 212.24.128.8#53
14-Feb-2008 13:37:55.812 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 193.0.14.129#53
14-Feb-2008 13:37:55.947 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 192.112.36.4#53
14-Feb-2008 13:37:57.955 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 192.36.148.17#53
14-Feb-2008 13:37:57.962 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 198.41.0.4#53
14-Feb-2008 13:37:57.970 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 198.32.64.12#53
14-Feb-2008 13:37:57.978 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 192.5.5.241#53
14-Feb-2008 13:37:57.991 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 128.8.10.90#53
14-Feb-2008 13:37:58.001 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 202.12.27.33#53
14-Feb-2008 13:37:58.014 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 192.228.79.201#53
14-Feb-2008 13:37:58.026 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 192.58.128.30#53
14-Feb-2008 13:37:58.034 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 192.33.4.12#53
14-Feb-2008 13:37:58.044 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 192.203.230.10#53
14-Feb-2008 13:37:58.050 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 77.48.254.254#53
14-Feb-2008 13:37:58.056 FORMERR resolving 'windowsupdate.microsoft.com/A/IN': 128.63.2.53#53
14-Feb-2008 13:38:50.238 FORMERR resolving 'edge.quantserve.com/A/IN': 77.48.254.254#53
14-Feb-2008 13:38:50.393 FORMERR resolving 'edge.quantserve.com/A/IN': 212.24.128.8#53
14-Feb-2008 13:38:50.436 FORMERR resolving 'edge.quantserve.com/A/IN': 77.48.100.254#53
14-Feb-2008 13:38:53.664 FORMERR resolving 'edge.quantserve.com/A/IN': 192.36.148.17#53
14-Feb-2008 13:38:54.213 FORMERR resolving 'edge.quantserve.com/A/IN': 198.41.0.4#53
14-Feb-2008 13:38:54.471 FORMERR resolving 'edge.quantserve.com/A/IN': 192.5.5.241#53
14-Feb-2008 13:38:54.509 FORMERR resolving 'edge.quantserve.com/A/IN': 128.8.10.90#53
14-Feb-2008 13:38:54.553 FORMERR resolving 'edge.quantserve.com/A/IN': 202.12.27.33#53
14-Feb-2008 13:38:54.596 FORMERR resolving 'edge.quantserve.com/A/IN': 192.228.79.201#53
14-Feb-2008 13:38:54.652 FORMERR resolving 'edge.quantserve.com/A/IN': 192.58.128.30#53
14-Feb-2008 13:38:54.693 FORMERR resolving 'edge.quantserve.com/A/IN': 192.112.36.4#53
14-Feb-2008 13:38:54.728 FORMERR resolving 'edge.quantserve.com/A/IN': 192.33.4.12#53
14-Feb-2008 13:38:55.041 FORMERR resolving 'edge.quantserve.com/A/IN': 192.203.230.10#53
14-Feb-2008 13:38:55.368 FORMERR resolving 'edge.quantserve.com/A/IN': 193.0.14.129#53
14-Feb-2008 13:38:57.441 FORMERR resolving 'edge.quantserve.com/A/IN': 198.32.64.12#53

V dusledku tudiz se dane stranky nenactou v prohlizeci apod. Pokud se ale polozi dotaz nadrazenemu dns - napr. 77.48.254.254 - tak neni problem a IP adresa je zjistena ihned.

[Rainbow]

Zrus forwarders, nech to resolvuje priamo ten BIND.

[NeMeM9aA]

Ok. Tohle vypada, ze to pomohlo.

Ovsem nechapu proc. Odkud vubec pozna kam preposilat dotazy, na ktere nezna odpoved? Z /etc/resolv.conf? Tam mam uvedene stejne IP jako ve forwarders a jako prvni je IP adresa diskutovaneho stroje. V cem je potom rozdil, zejmena pokud je zakomentovany radek "forward first;"?

edit: tak to nefunguje. Funguji sice vyse zminene adresy, ale zase nefunguje www.shorewall.net (reloadnul jsem taby co mam ve firefoxu - cca 50 adres a jen jedna nefunguje)

[Rainbow]

BIND ma IP adresy root DNS serverov (subor named.ca v tvojom konfiguraku). Od nich sa dozvie podla potreby IP adresy serverov pre tld a tak dalej.
Ked mas funkcny BIND na localhoste, tak do /etc/resolv.conf nastav nameserver 127.0.0.1.
Musi fungovat vsetko, aj ten shorewall.

[NeMeM9aA]

Vida - moje znalosti jsou pomerne dost omezene. Kazdopadne shorewall.net momentalne nefunguje. A uz zase nefunguje microsoft.com (pred hodinou jeste fungoval). Zbytek funguje. Opravdu netusim, kde jsem co zvoral.

Kód:

.....
14-Feb-2008 18:42:26.521 FORMERR resolving 'www.shorewall.net/A/IN': 128.63.2.53#53
14-Feb-2008 18:42:26.547 FORMERR resolving 'www.shorewall.net/A/IN': 192.33.4.12#53
14-Feb-2008 18:42:26.571 FORMERR resolving 'www.shorewall.net/A/IN': 192.228.79.201#53
14-Feb-2008 18:42:28.623 FORMERR resolving 'www.shorewall.net/A/IN': 192.36.148.17#53
14-Feb-2008 18:42:28.665 FORMERR resolving 'www.shorewall.net/A/IN': 202.12.27.33#53
14-Feb-2008 18:42:28.760 FORMERR resolving 'www.shorewall.net/A/IN': 192.58.128.30#53
14-Feb-2008 18:42:28.860 FORMERR resolving 'www.shorewall.net/A/IN': 193.0.14.129#53
14-Feb-2008 18:42:30.904 FORMERR resolving 'www.shorewall.net/A/IN': 192.5.5.241#53
14-Feb-2008 18:42:30.934 FORMERR resolving 'www.shorewall.net/A/IN': 192.112.36.4#53
14-Feb-2008 18:42:30.966 FORMERR resolving 'www.shorewall.net/A/IN': 128.8.10.90#53
14-Feb-2008 18:42:31.005 FORMERR resolving 'www.shorewall.net/A/IN': 198.32.64.12#53
14-Feb-2008 18:42:31.042 FORMERR resolving 'www.shorewall.net/A/IN': 198.41.0.4#53
14-Feb-2008 18:43:36.856 FORMERR resolving 'www.microsoft.com/A/IN': 77.48.100.254#53
14-Feb-2008 18:43:38.878 FORMERR resolving 'www.microsoft.com/A/IN': 77.48.254.254#53
14-Feb-2008 18:43:38.902 FORMERR resolving 'www.microsoft.com/A/IN': 192.228.79.201#53
14-Feb-2008 18:43:38.916 FORMERR resolving 'www.microsoft.com/A/IN': 192.33.4.12#53
14-Feb-2008 18:43:38.931 FORMERR resolving 'www.microsoft.com/A/IN': 192.112.36.4#53
14-Feb-2008 18:43:38.945 FORMERR resolving 'www.microsoft.com/A/IN': 192.5.5.241#53
14-Feb-2008 18:43:38.953 FORMERR resolving 'www.microsoft.com/A/IN': 192.203.230.10#53
14-Feb-2008 18:43:38.970 FORMERR resolving 'www.microsoft.com/A/IN': 202.12.27.33#53
14-Feb-2008 18:43:38.983 FORMERR resolving 'www.microsoft.com/A/IN': 192.36.148.17#53
14-Feb-2008 18:43:38.991 FORMERR resolving 'www.microsoft.com/A/IN': 128.63.2.53#53
14-Feb-2008 18:43:39.012 FORMERR resolving 'www.microsoft.com/A/IN': 128.8.10.90#53
....

edit:

jeste abych doplnil : konkretne se jedna o verzi bindu 9.3.4-r2 na 2.6.22-gentoo-r5.

Verze bude ovsem asi nepodstatna, protoze uz me to dela delsi dobu, akorat jsem to neresil. Tusim, ze jsem mel stejny problem uz na slackwaru 10. Zkousel jsem zakomentovat zone "gj" vcetne jeji reverzni casti a stejny problem. Nechapu, kde jsem mohl vyprodukovat takhle podivne a nevyzpytatelne chovani.

edit2: upgrade na bind-9.4.1_p1 nepomohl. Chova se to stejne.

[Rainbow]

Mne ten 9.4.1_p1 funguje. Ale nemam v konfiguraku ten bordel okolo logovania - skus to vsetko zakomentovat.

[NeMeM9aA]

Kód:

$ cat /etc/bind/named.conf 
options {
        directory "/var/bind";

       dump-file "/var/bind/named.dump";

        listen-on-v6 { none; };
        listen-on { 127.0.0.1;
                    192.168.1.50;
        };

        pid-file "/var/run/named/named.pid";
};


zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
          allow-update { none; };
        notify no;
};

zone "127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
        notify no;
};

named.local, localhost.zone a named.ca jsem pro jistotu pouzil nove - ze current slackware.

Nefunguje microsoft, shorewall.net uz zase zacal fungovat - nemam pocit, ze by to nejak souviselo s momentalne pouzitou konfiguraci. Spis je to zcela nahodne.

edit: ted zcela nahodne prestalo fungovat napr. yahoo:

Kód:

# cat /var/log/messages |tail -50
Feb 15 11:47:55 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.112.36.4#53
Feb 15 11:47:56 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.36.148.17#53
Feb 15 11:47:56 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.203.230.10#53
Feb 15 11:47:57 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 128.63.2.53#53
Feb 15 11:47:58 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.228.79.201#53
Feb 15 11:47:58 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 202.12.27.33#53
Feb 15 11:47:58 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 198.32.64.12#53
Feb 15 11:47:59 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 193.0.14.129#53
Feb 15 11:49:37 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 128.8.10.90#53
Feb 15 11:49:37 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.228.79.201#53
Feb 15 11:49:38 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.5.5.241#53
Feb 15 11:49:38 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 198.41.0.4#53
Feb 15 11:49:39 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.36.148.17#53
Feb 15 11:49:40 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 198.32.64.12#53
Feb 15 11:49:40 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 202.12.27.33#53
Feb 15 11:49:41 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 193.0.14.129#53
Feb 15 11:49:41 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.203.230.10#53
Feb 15 11:49:41 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.33.4.12#53
Feb 15 11:49:42 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.112.36.4#53
Feb 15 11:49:44 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 128.63.2.53#53
Feb 15 11:49:44 padesat named[31484]: FORMERR resolving 'www.microsoft.com/A/IN': 192.58.128.30#53
Feb 15 11:49:53 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 202.12.27.33#53
Feb 15 11:49:53 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 198.32.64.12#53
Feb 15 11:49:54 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 128.8.10.90#53
Feb 15 11:49:54 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 192.33.4.12#53
Feb 15 11:49:55 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 193.0.14.129#53
Feb 15 11:49:57 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 192.228.79.201#53
Feb 15 11:49:58 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 192.36.148.17#53
Feb 15 11:49:58 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 128.63.2.53#53
Feb 15 11:49:59 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 192.112.36.4#53
Feb 15 11:50:02 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 192.5.5.241#53
Feb 15 11:50:03 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 198.41.0.4#53
Feb 15 11:50:04 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 192.58.128.30#53
Feb 15 11:50:05 padesat named[31484]: FORMERR resolving 'www.yahoo.com/A/IN': 192.203.230.10#53
Feb 15 11:50:20 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 128.8.10.90#53
Feb 15 11:50:20 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 128.63.2.53#53
Feb 15 11:50:21 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 202.12.27.33#53
Feb 15 11:50:22 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 192.33.4.12#53
Feb 15 11:50:22 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 192.36.148.17#53
Feb 15 11:50:22 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 192.112.36.4#53
Feb 15 11:50:23 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 198.32.64.12#53
Feb 15 11:50:23 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 192.5.5.241#53
Feb 15 11:50:23 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 192.228.79.201#53
Feb 15 11:50:23 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 198.41.0.4#53
Feb 15 11:50:24 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 192.58.128.30#53
Feb 15 11:50:24 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 192.203.230.10#53
Feb 15 11:50:24 padesat named[31484]: FORMERR resolving 'www.phoenix.cz/A/IN': 193.0.14.129#53

[Rainbow]

Vyskusal si to aj cez nslookup alebo dig?

[NeMeM9aA]

edit: uz zacinam nachazet urcite souvislosti. Bouzel neni moc casu. Zitra dam vedet.

edit2: tenhle post byl informacne pusty, takze jsem ho vicemene zrusil. Stale ale plati, ze zitra odpoledne postnu vysledky meho boje s bindem.

[Fox!MURDER]

ja bych zkusil tcpdumpnout, co do toho leze a projit to wiresharkem, jestli neprijdes na nejakou podivnost v tech paketech ...

[georgejares]

Mam ten samy problem.
Jestli jste se jeste nezblaznil, (ja to cekam kazdou chvili), tak zde mam nekolik postrehu, co jsem nasel na internetu. Pokud jste sam prisel na zpusob opravy, dejte prosim vedet.
Takze:

Problem muze souviset s nekolika vecmi:

1) je nastaven firewall, ktery nepropousti UDP pakety na portu 53 delsi nez 512 bytu
2)jakysy EDNS0 protokol, coz je asi nejaka nova verze jazyka, kterou mezi sebou mluvi DNS servery je spatne interpretovan na starych serverech. Bind 9.x.x by to mel poznat a zacit se ptat starym protokolem. dokonce to pise i v logu, ale podle mne se proste nezepta.

Vse co jsem nasel na INETu se toci okolo techto dvou veci.
Sam jsem vyzkousel toto:
vypnout firewall - bez vysledku
pouzil jsem packet sniffer, abych videl, co prichazi za odpovedi a odpoved prisla, ovsem u serveru, ktere muj DNS nerozlustil byli opravdu delky odpovedi vetsi nez 512 bytu. Tedy, odpovedi prisly vzdy, ale v logu jsem mel stejne oblibenou hlasku "FORMERR"

Nevim, co kde nastavit. Jedna se o cersve nainstalovanou FEDORU 8, ihned jsem stahnul vsechny aktualizace a dela to toto.

Asi se zastrelim, jestli na to do rana neprijdu.

George

[NeMeM9aA]

Ah, diky za postrehy. Ja jsem to teda zatim nevyresil a to hlavne asi proto, ze jsem to neresil (nainstaloval jsem tedy wireshark, ale pri cteni man stranky jsem zacal byt nejaky unaveny .... ).

Ted jsem vymenil komplet router s firewallem, tak uvidim co to udela.

edit: tak firewall to nebyl - FORMERR stale - tentokrat wikipedia.org. Prapodivne. Snad se k tomu o vikendu dostanu.

[Fox!MURDER]

nahodte sem prosim jeden z vas (nebo oba) ten dump s dotazem i odpovedi - nejlip veskerou komunikaci na 53/TCP a 53/UDP za par minut kolem toho FORMERR... diky

[georgejares]

Zde je log (messages)

---------------------------------------------------------------------

Mar 7 09:06:08 server named[7163]:last message repeated 47 times
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.36.148.17#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 128.8.10.90#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.203.230.10#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 199.7.83.42#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 198.41.0.4#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.33.4.12#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.5.5.241#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.112.36.4#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.228.79.201#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.58.128.30#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 193.0.14.129#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 128.63.2.53#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 202.12.27.33#53
Mar 7 09:06:08 server named[7163]: too many timeouts resolving 'www.bckolin.cz/A' (in '.'?): disabling EDNS
Mar 7 09:06:23 server named[7163]:last message repeated 47 times
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.203.230.10#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 128.63.2.53#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.228.79.201#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 199.7.83.42#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.58.128.30#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 128.8.10.90#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 193.0.14.129#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.5.5.241#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 198.41.0.4#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.33.4.12#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.112.36.4#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 202.12.27.33#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.36.148.17#53
Mar 7 09:06:23 server named[7163]: too many timeouts resolving 'www.bckolin.cz/A' (in '.'?): disabling EDNS
Mar 7 09:06:23 server named[7163]:last message repeated 47 times
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.5.5.241#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.33.4.12#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.203.230.10#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.58.128.30#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 128.8.10.90#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 193.0.14.129#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 128.63.2.53#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 198.41.0.4#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.228.79.201#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 199.7.83.42#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.112.36.4#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 202.12.27.33#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving 'www.bckolin.cz/A/IN': 192.36.148.17#53
Mar 7 09:06:23 server named[7163]: too many timeouts resolving 'www.bckolin.cz/A' (in '.'?): disabling EDNS

---------------------------------------------------------------------

Dnes jsem udelal dalsi pokus. Pripojil jsem hub na eth, ktery je pripojen do internetu. Chytal jsem to ethereal-em, odpovedi jsou v poradku. Ty odpovedi opravdu chodi.

Fyzicky na dratu to vypada takto:

---------------------------------------------------------------------

3 7.177858 88.146.251.201 00:d0:b7:0b:6f:90 193.0.14.129 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
4 7.182251 193.0.14.129 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
5 7.182720 88.146.251.201 00:d0:b7:0b:6f:90 199.7.83.42 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
6 7.188227 199.7.83.42 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
7 7.189560 88.146.251.201 00:d0:b7:0b:6f:90 192.228.79.201 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
8 7.194321 192.228.79.201 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
9 7.194749 88.146.251.201 00:d0:b7:0b:6f:90 192.112.36.4 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
10 7.199582 192.112.36.4 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
11 7.201001 88.146.251.201 00:d0:b7:0b:6f:90 198.41.0.4 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
12 7.206795 198.41.0.4 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
---------------------------------------------------------------------
Zepta se vsech znamych serveru, ktere mu normalne odpovi.
Pak se zacne ptat na root servery
---------------------------------------------------------------------

29 7.256011 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA B.ROOT-SERVERS.NET
30 7.256185 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA C.ROOT-SERVERS.NET
31 7.256315 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA D.ROOT-SERVERS.NET
32 7.256407 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA E.ROOT-SERVERS.NET
33 7.256508 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA G.ROOT-SERVERS.NET
34 7.256600 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA I.ROOT-SERVERS.NET
35 7.256692 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA L.ROOT-SERVERS.NET

---------------------------------------------------------------------
a zase normalni dotazy a odpovedi
---------------------------------------------------------------------

36 7.262006 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
37 7.264448 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
38 7.265820 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
39 7.267154 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
40 7.268134 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
41 7.268818 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
42 7.269872 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
43 7.270309 88.146.251.201 00:d0:b7:0b:6f:90 193.0.14.129 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
44 7.270636 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
45 7.271371 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
46 7.276408 193.0.14.129 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
47 7.277848 88.146.251.201 00:d0:b7:0b:6f:90 192.228.79.201 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
48 7.281927 192.228.79.201 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
49 7.283347 88.146.251.201 00:d0:b7:0b:6f:90 128.63.2.53 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
50 7.288956 128.63.2.53 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
51 7.289383 88.146.251.201 00:d0:b7:0b:6f:90 192.203.230.10 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
52 7.295873 192.203.230.10 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
53 7.297315 88.146.251.201 00:d0:b7:0b:6f:90 198.41.0.4 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
---------------------------------------------------------------------

Jeste podrobny vypis dotazu a odpovedi (paket 3 a 4)
Dotaz:

---------------------------------------------------------------------
No. Time Source SourceMAC Destination DestMAC Protocol Info
3 7.177858 88.146.251.201 00:d0:b7:0b:6f:90 193.0.14.129 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz

Frame 3 (85 bytes on wire, 85 bytes captured)
Arrival Time: Mar 7, 2008 09:12:59.132034000
Time delta from previous packet: 7.176552000 seconds
Time since reference or first frame: 7.177858000 seconds
Frame Number: 3
Packet Length: 85 bytes
Capture Length: 85 bytes
Protocols in frame: eth:ip:udp:dns
Ethernet II, Src: 88.146.251.201 (00:d0:b7:0b:6f:90), Dst: 88.146.251.206 (00:0c:42:09:9d:0e)
Destination: 88.146.251.206 (00:0c:42:09:9d:0e)
Source: 88.146.251.201 (00:d0:b7:0b:6f:90)
Type: IP (0x0800)
Internet Protocol, Src: 88.146.251.201 (88.146.251.201), Dst: 193.0.14.129 (193.0.14.129)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 71
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x16c9 [correct]
Source: 88.146.251.201 (88.146.251.201)
Destination: 193.0.14.129 (193.0.14.129)
User Datagram Protocol, Src Port: domain (53), Dst Port: domain (53)
Source port: domain (53)
Destination port: domain (53)
Length: 51
Checksum: 0x82cc [correct]
Domain Name System (query)
Transaction ID: 0xf3e3
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.bckolin.cz: type A, class IN
Name: www.bckolin.cz
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
---------------------------------------------------------------------

Odpoved

---------------------------------------------------------------------
No. Time Source SourceMAC Destination DestMAC Protocol Info
4 7.182251 193.0.14.129 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150

Frame 4 (320 bytes on wire, 320 bytes captured)
Arrival Time: Mar 7, 2008 09:12:59.136427000
Time delta from previous packet: 0.004393000 seconds
Time since reference or first frame: 7.182251000 seconds
Frame Number: 4
Packet Length: 320 bytes
Capture Length: 320 bytes
Protocols in frame: eth:ip:udp:dns
Ethernet II, Src: 88.146.251.206 (00:0c:42:09:9d:0e), Dst: 88.146.251.201 (00:d0:b7:0b:6f:90)
Destination: 88.146.251.201 (00:d0:b7:0b:6f:90)
Source: 88.146.251.206 (00:0c:42:09:9d:0e)
Type: IP (0x0800)
Internet Protocol, Src: 193.0.14.129 (193.0.14.129), Dst: 88.146.251.201 (88.146.251.201)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 306
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 61
Protocol: UDP (0x11)
Header checksum: 0x18de [correct]
Source: 193.0.14.129 (193.0.14.129)
Destination: 88.146.251.201 (88.146.251.201)
User Datagram Protocol, Src Port: domain (53), Dst Port: domain (53)
Source port: domain (53)
Destination port: domain (53)
Length: 286
Checksum: 0xdfd4 [correct]
Domain Name System (response)
Transaction ID: 0xf3e3
Flags: 0x8180 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 2
Authority RRs: 6
Additional RRs: 6
Queries
www.bckolin.cz: type A, class IN
Name: www.bckolin.cz
Type: A (Host address)
Class: IN (0x0001)
Answers
www.bckolin.cz: type CNAME, class IN, cname c150un.forpsi.com
Name: www.bckolin.cz
Type: CNAME (Canonical name for an alias)
Class: IN (0x0001)
Time to live: 6 days, 8 hours, 11 minutes, 11 seconds
Data length: 19
Primary name: c150un.forpsi.com
c150un.forpsi.com: type A, class IN, addr 81.2.194.150
Name: c150un.forpsi.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 20 minutes, 16 seconds
Data length: 4
Addr: 81.2.194.150
Authoritative nameservers
cz: type NS, class IN, ns b.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 11
Name server: b.ns.nic.cz
cz: type NS, class IN, ns f.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: f.ns.nic.cz
cz: type NS, class IN, ns a.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: a.ns.nic.cz
cz: type NS, class IN, ns d.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: d.ns.nic.cz
cz: type NS, class IN, ns c.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: c.ns.nic.cz
cz: type NS, class IN, ns e.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: e.ns.nic.cz
Additional records
b.ns.nic.cz: type A, class IN, addr 217.31.205.188
Name: b.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 9 minutes, 32 seconds
Data length: 4
Addr: 217.31.205.188
f.ns.nic.cz: type A, class IN, addr 193.171.255.48
Name: f.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day, 10 hours, 19 minutes, 17 seconds
Data length: 4
Addr: 193.171.255.48
a.ns.nic.cz: type A, class IN, addr 217.31.205.180
Name: a.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day, 13 hours, 40 minutes, 21 seconds
Data length: 4
Addr: 217.31.205.180
d.ns.nic.cz: type A, class IN, addr 193.29.206.1
Name: d.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 21 hours, 10 minutes, 25 seconds
Data length: 4
Addr: 193.29.206.1
c.ns.nic.cz: type A, class IN, addr 195.66.241.202
Name: c.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 6 hours, 30 minutes, 11 seconds
Data length: 4
Addr: 195.66.241.202
e.ns.nic.cz: type A, class IN, addr 194.146.105.38
Name: e.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day, 7 hours, 23 minutes, 41 seconds
Data length: 4
Addr: 194.146.105.38
---------------------------------------------------------------------

Zduraznuji, ze toto je odchytnute "na drate". Ovsem pomoci ettercap primo v onom serveru to vypada stejne. Jen to neumi takhle pekne rozpitvat.

---------------------------------------------------------------------

Firewall vypinam prikazem /etc/rc.d/init.d/iptables stop

Po provedeni prikazu iptables -L to vypada takto:

---------------------------------------------------------------------
[root@server log]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destinati
---------------------------------------------------------------------

Pro jistotu jeste route

---------------------------------------------------------------------
[root@server log]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
88.146.251.200 * 255.255.255.248 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
link-local * 255.255.0.0 U 0 0 0 eth1
default 88.146.251.206 0.0.0.0 UG 0 0 0 eth0
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
SELinux mam disabled.

Takze problem je podle mne nekde uvnitr bind nebo v jadru, protoze se bud ztraceji pakety pres nejaky filtr nebo je bug v bindu. Podobny problem jsem na internetu nasel docela dostkrat, ale reseni zadne. I na oficialnich strankach binda to dost banalizovali, ze uz to resili a ze je to nesmysl, ze bind automaticky prechaze z EDNS0 na normalni a pod.

Zduraznuji, ze to co je odchytnute, je na drate, ale i na karte v promiscuitnim modu. Nemuze to pozirat neco jiniha na portu 53? jak zjistim, ktere programy visi na portu 53?

Doufam, ze jsem Vas nezahltil prilis temy logy, ale at mi verite, ze nepisu nesmysly.

Zdar
George

[NeMeM9aA]

Jak uz jsem tady asi psal - s tcpdump nemam zkusenosti a ani s analyzou tcp/ip trafficu, tak nemam tuseni, jestli se mi podarilo zachytit spravne informace spravnym zpusobem.

Pouzil jsem nasledujici prikazy:

Kód:

# named -g -c /etc/bind/named.conf.minimal

# tcpdump udp port 53 > udp.dump

# tcpdump udp port 53 > udp.dump

# ping update.microsoft.com

Log z bindu, konfiguracni soubor bindu a dumpy prikladam zazipovane:

log

[georgejares]

Ve vasem pripade bych zacal v named.conf

query-source port 53;
query-source-v6 port 53;

at se to pta jen na portu 53. I kdyz to jste predpokladam zkousel.
Z TCP a UDP lou to vypada, ze si server povidaji, ale tezko rici jak.

George

[Fox!MURDER]

Jak uz jsem tady asi psal - s tcpdump nemam zkusenosti a ani s analyzou tcp/ip trafficu, tak nemam tuseni, jestli se mi podarilo zachytit spravne informace spravnym zpusobem.

Pouzil jsem nasledujici prikazy:

Kód:

# named -g -c /etc/bind/named.conf.minimal

# tcpdump udp port 53 > udp.dump

# tcpdump udp port 53 > udp.dump

# ping update.microsoft.com

Log z bindu, konfiguracni soubor bindu a dumpy prikladam zazipovane:

log

dik.
potreboval bych spis

Kód:

tcpdump -s 65000 -w formerr.dump port 53

[NeMeM9aA]

Ve vasem pripade bych zacal v named.conf

query-source port 53;
query-source-v6 port 53;

at se to pta jen na portu 53. I kdyz to jste predpokladam zkousel.
Z TCP a UDP lou to vypada, ze si server povidaji, ale tezko rici jak.

George

Vyzkousel jsem, ale v tomhle evidentne problem neni :/

dik.
potreboval bych spis

Kód:

tcpdump -s 65000 -w formerr.dump port 53

Tu je to lepe dle navodu (taky me to mohlo dojit na poprve.....).

[Fox!MURDER]

jak na to tak koukam, nemate nahodou stejnyho ISP, stejnej firewall v ceste, nebo nejakou jinou podobnou vychytavku?
totiz divna vec je, ze vam obema na ty dotazy odpovidaj primo root servery ... to normalne nedelaj - hadam, ze nekdo chyta veskerej provoz na 53/UDP a smeruje ho na nejakej vlastni stroj ...

[NeMeM9aA]

Ja jsem pripojeny pres http://www.tlapnet.cz/ - nevim presne pres koho jsou pripojeni oni. Tracepath jako prvni zajimavou adresu hodi fe0-1-s154.c1.pop1.pot.sloane.cz .

[Fox!MURDER]

erm. vyzkousej prosim tohle v nslookupu ...

Kód:

server 192.5.5.241

update.microsoft.com

set q=txt
set class=chaos

version.bind

[NeMeM9aA]

Kód:

Default server: 192.5.5.241
Address: 192.5.5.241#53
> update.microsoft.com
Server:         192.5.5.241
Address:        192.5.5.241#53

Non-authoritative answer:
update.microsoft.com    canonical name = update.microsoft.com.nsatc.net.
update.microsoft.com.nsatc.net  canonical name = www.update.microsoft.com.
www.update.microsoft.com        canonical name = www.update.microsoft.com.nsatc.net.
Name:   www.update.microsoft.com.nsatc.net
Address: 65.55.184.125
> set q=txt
> set class=chaos
> version.bind
Server:         192.5.5.241
Address:        192.5.5.241#53

** server can't find version.bind: NOTIMP

na lokale nefunguje:

Kód:

nslookup
> server 192.168.1.50
Default server: 192.168.1.50
Address: 192.168.1.50#53
> update.microsoft.com
Server:         192.168.1.50
Address:        192.168.1.50#53

** server can't find update.microsoft.com: SERVFAIL
>

[Fox!MURDER]

Kód:

Default server: 192.5.5.241
Address: 192.5.5.241#53
> update.microsoft.com
Server:         192.5.5.241
Address:        192.5.5.241#53

Non-authoritative answer:
update.microsoft.com    canonical name = update.microsoft.com.nsatc.net.
update.microsoft.com.nsatc.net  canonical name = www.update.microsoft.com.
www.update.microsoft.com        canonical name = www.update.microsoft.com.nsatc.net.
Name:   www.update.microsoft.com.nsatc.net
Address: 65.55.184.125
> set q=txt
> set class=chaos
> version.bind
Server:         192.5.5.241
Address:        192.5.5.241#53

** server can't find version.bind: NOTIMP

na lokale nefunguje:

Kód:

nslookup
> server 192.168.1.50
Default server: 192.168.1.50
Address: 192.168.1.50#53
> update.microsoft.com
Server:         192.168.1.50
Address:        192.168.1.50#53

** server can't find update.microsoft.com: SERVFAIL
>

Kód:

> server 192.5.5.241
Default server: 192.5.5.241
Address: 192.5.5.241#53
> update.microsoft.com
Server:         192.5.5.241
Address:        192.5.5.241#53

Non-authoritative answer:
*** Can't find update.microsoft.com: No answer
> set q=txt
> set class=chaoss
unknown query class: chaoss
> set class=chaos
> version.bind
Server:         192.5.5.241
Address:        192.5.5.241#53

version.bind    text = "9.3.4"

takhle to ma vypadat v realu... zkus totez hodit treba jeste na nameserver 62.24.64.2

[Rainbow]

U mna to hodilo:

Kód:

version.bind    text = "9.3.2-P1"

Mozno je to cluster alebo co.

Ale kazdopadne to ten microsoft resolvovat nema.

[NeMeM9aA]

Kód:

# nslookup
> server 62.24.64.2
Default server: 62.24.64.2
Address: 62.24.64.2#53
> update.microsoft.com
Server:         62.24.64.2
Address:        62.24.64.2#53

Non-authoritative answer:
update.microsoft.com    canonical name = update.microsoft.com.nsatc.net.
update.microsoft.com.nsatc.net  canonical name = www.update.microsoft.com.
www.update.microsoft.com        canonical name = www.update.microsoft.com.nsatc.net.
Name:   www.update.microsoft.com.nsatc.net
Address: 65.55.184.157
> set q=txt
> set class=chaos
> version.bind
Server:         62.24.64.2
Address:        62.24.64.2#53

** server can't find version.bind: NOTIMP
>

tak netusim co je spatne.