Re: Bind & FORMERR resolving domain
Udelam takovy maly souhrn:
Jeste doplnim, ze jsem udelal pokus, kdy jsem spustil DNS na vnitrnim serveru s jednou sitovkou, ktery chodil pres branu ven (na ktere je taky DNS, ktera se chova stejne blbe jako ta vnitrni). Problemova data, ktera jsem odchytal jsou stejna na drate, ktery je mezi servrem na vnitrni siti a branou, i na drate, ktery je mezi braznou a internetem.
Abych to naznacil:
SERVER S1 , jedna sitovka 192.168.1.3 je ve vnitrni siti a bezi na nem bind
SERVER S2, dve sitovky, 192.168.1.1 pro vnitrni sit a 88.146.251.201 (verejna IP) pro internet. Slouzi jako router (a mel by slouzit i jako caching DNS server pro vnitrni sit)
Takze:
Odchytana data jsou mezi 192.168.1.3 a 192.168.1.1
Celkova komunikace:
a ted odpoved, kterou bind nepobral (zdekodovane etherealem):Kód:No. Time Source SourceMAC Destination DestMAC Protocol Info 6256 1204.086905 192.168.1.3 00:b0:d0:31:33:7e 192.5.5.241 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6257 1204.087648 192.168.1.3 00:b0:d0:31:33:7e 192.5.5.241 00:15:58:a7:2c:90 DNS Standard query NS <Root> 6259 1204.252609 192.5.5.241 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6260 1204.254732 192.168.1.3 00:b0:d0:31:33:7e 128.8.10.90 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6261 1204.336741 192.5.5.241 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response NS i.root-servers.net NS k.root-servers.net NS d.root-servers.net NS f.root-servers.net NS g.root-servers.net NS h.root-servers.net NS m.root-servers.net NS l.root-servers.net NS b.root-servers.net NS e.root-servers.net NS a.root-servers.net NS j.root-servers.net NS c.root-servers.net 6263 1204.429027 128.8.10.90 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6264 1204.430830 192.168.1.3 00:b0:d0:31:33:7e 202.12.27.33 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6268 1204.638181 202.12.27.33 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6269 1204.640034 192.168.1.3 00:b0:d0:31:33:7e 192.33.4.12 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6273 1204.831800 192.33.4.12 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6274 1204.833604 192.168.1.3 00:b0:d0:31:33:7e 192.112.36.4 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6278 1205.064535 192.112.36.4 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6279 1205.066373 192.168.1.3 00:b0:d0:31:33:7e 192.36.148.17 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6280 1205.239516 192.36.148.17 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6281 1205.241426 192.168.1.3 00:b0:d0:31:33:7e 193.0.14.129 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6282 1205.398754 193.0.14.129 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6283 1205.400567 192.168.1.3 00:b0:d0:31:33:7e 192.203.230.10 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6284 1205.549708 192.203.230.10 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6285 1205.551399 192.168.1.3 00:b0:d0:31:33:7e 128.63.2.53 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6286 1205.744772 128.63.2.53 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6287 1205.746677 192.168.1.3 00:b0:d0:31:33:7e 199.7.83.42 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6288 1205.901128 199.7.83.42 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6289 1205.902991 192.168.1.3 00:b0:d0:31:33:7e 192.228.79.201 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6290 1206.038780 192.228.79.201 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6291 1206.040635 192.168.1.3 00:b0:d0:31:33:7e 198.41.0.4 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6292 1206.205111 198.41.0.4 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6293 1206.206941 192.168.1.3 00:b0:d0:31:33:7e 192.58.128.30 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6294 1206.354802 192.58.128.30 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6295 1206.361098 192.168.1.3 00:b0:d0:31:33:7e 192.228.79.201 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6296 1206.473671 192.228.79.201 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6297 1206.475364 192.168.1.3 00:b0:d0:31:33:7e 192.58.128.30 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6298 1206.631173 192.58.128.30 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6299 1206.632937 192.168.1.3 00:b0:d0:31:33:7e 192.203.230.10 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6300 1206.755267 192.203.230.10 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6301 1206.756876 192.168.1.3 00:b0:d0:31:33:7e 199.7.83.42 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6302 1206.909498 199.7.83.42 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6303 1206.911259 192.168.1.3 00:b0:d0:31:33:7e 193.0.14.129 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6304 1207.092086 193.0.14.129 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6305 1207.093853 192.168.1.3 00:b0:d0:31:33:7e 198.41.0.4 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6306 1207.267025 198.41.0.4 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6307 1207.268740 192.168.1.3 00:b0:d0:31:33:7e 128.8.10.90 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6308 1207.441030 128.8.10.90 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6309 1207.442801 192.168.1.3 00:b0:d0:31:33:7e 192.36.148.17 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6310 1207.626405 192.36.148.17 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6311 1207.628158 192.168.1.3 00:b0:d0:31:33:7e 192.33.4.12 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6312 1207.783978 192.33.4.12 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6313 1207.785758 192.168.1.3 00:b0:d0:31:33:7e 128.63.2.53 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6314 1207.929877 128.63.2.53 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6315 1207.931629 192.168.1.3 00:b0:d0:31:33:7e 202.12.27.33 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6316 1208.096459 202.12.27.33 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6317 1208.098107 192.168.1.3 00:b0:d0:31:33:7e 192.112.36.4 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6318 1208.271924 192.112.36.4 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 6319 1208.273662 192.168.1.3 00:b0:d0:31:33:7e 192.5.5.241 00:15:58:a7:2c:90 DNS Standard query A www.bckolin.cz 6320 1208.395349 192.5.5.241 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 8175 1677.803934 192.168.1.3 00:b0:d0:31:33:7e 192.228.79.201 00:15:58:a7:2c:90 DNS Standard query A www.idnes.cz 8179 1678.311981 192.228.79.201 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c1.idnes.cz A 194.79.52.192 8180 1678.314656 192.168.1.3 00:b0:d0:31:33:7e 192.203.230.10 00:15:58:a7:2c:90 DNS Standard query A c1.idnes.cz 8181 1678.459115 192.203.230.10 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response A 194.79.52.192 8529 1687.909254 192.168.1.3 00:b0:d0:31:33:7e 192.168.1.1 00:15:58:a7:2c:90 DNS Standard query A www.idnes.cz 8531 1688.229250 192.168.1.1 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c1.idnes.cz A 194.79.52.192
a odpoved, kterou bind pobralKód:No. Time Source SourceMAC Destination DestMAC Protocol Info 6259 1204.252609 192.5.5.241 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150 Frame 6259 (320 bytes on wire, 320 bytes captured) Arrival Time: Mar 9, 2008 18:19:11.542858000 Time delta from previous packet: 0.164961000 seconds Time since reference or first frame: 1204.252609000 seconds Frame Number: 6259 Packet Length: 320 bytes Capture Length: 320 bytes Protocols in frame: eth:ip:udp:dns Ethernet II, Src: 192.168.1.1 (00:15:58:a7:2c:90), Dst: 192.168.1.3 (00:b0:d0:31:33:7e) Destination: 192.168.1.3 (00:b0:d0:31:33:7e) Source: 192.168.1.1 (00:15:58:a7:2c:90) Type: IP (0x0800) Internet Protocol, Src: 192.5.5.241 (192.5.5.241), Dst: 192.168.1.3 (192.168.1.3) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 306 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: UDP (0x11) Header checksum: 0xb619 [correct] Source: 192.5.5.241 (192.5.5.241) Destination: 192.168.1.3 (192.168.1.3) User Datagram Protocol, Src Port: domain (53), Dst Port: domain (53) Source port: domain (53) Destination port: domain (53) Length: 286 Checksum: 0x57da [correct] Domain Name System (response) Transaction ID: 0x5f6d Flags: 0x8180 (Standard query response, No error) 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 2 Authority RRs: 6 Additional RRs: 6 Queries www.bckolin.cz: type A, class IN Name: www.bckolin.cz Type: A (Host address) Class: IN (0x0001) Answers www.bckolin.cz: type CNAME, class IN, cname c150un.forpsi.com Name: www.bckolin.cz Type: CNAME (Canonical name for an alias) Class: IN (0x0001) Time to live: 3 days, 23 hours, 4 minutes, 57 seconds Data length: 19 Primary name: c150un.forpsi.com c150un.forpsi.com: type A, class IN, addr 81.2.194.150 Name: c150un.forpsi.com Type: A (Host address) Class: IN (0x0001) Time to live: 8 minutes, 47 seconds Data length: 4 Addr: 81.2.194.150 Authoritative nameservers cz: type NS, class IN, ns b.ns.nic.cz Name: cz Type: NS (Authoritative name server) Class: IN (0x0001) Time to live: 1 day, 20 hours, 4 minutes Data length: 11 Name server: b.ns.nic.cz cz: type NS, class IN, ns f.ns.nic.cz Name: cz Type: NS (Authoritative name server) Class: IN (0x0001) Time to live: 1 day, 20 hours, 4 minutes Data length: 4 Name server: f.ns.nic.cz cz: type NS, class IN, ns a.ns.nic.cz Name: cz Type: NS (Authoritative name server) Class: IN (0x0001) Time to live: 1 day, 20 hours, 4 minutes Data length: 4 Name server: a.ns.nic.cz cz: type NS, class IN, ns d.ns.nic.cz Name: cz Type: NS (Authoritative name server) Class: IN (0x0001) Time to live: 1 day, 20 hours, 4 minutes Data length: 4 Name server: d.ns.nic.cz cz: type NS, class IN, ns c.ns.nic.cz Name: cz Type: NS (Authoritative name server) Class: IN (0x0001) Time to live: 1 day, 20 hours, 4 minutes Data length: 4 Name server: c.ns.nic.cz cz: type NS, class IN, ns e.ns.nic.cz Name: cz Type: NS (Authoritative name server) Class: IN (0x0001) Time to live: 1 day, 20 hours, 4 minutes Data length: 4 Name server: e.ns.nic.cz Additional records b.ns.nic.cz: type A, class IN, addr 217.31.205.188 Name: b.ns.nic.cz Type: A (Host address) Class: IN (0x0001) Time to live: 5 minutes, 19 seconds Data length: 4 Addr: 217.31.205.188 f.ns.nic.cz: type A, class IN, addr 193.171.255.48 Name: f.ns.nic.cz Type: A (Host address) Class: IN (0x0001) Time to live: 15 minutes, 6 seconds Data length: 4 Addr: 193.171.255.48 a.ns.nic.cz: type A, class IN, addr 217.31.205.180 Name: a.ns.nic.cz Type: A (Host address) Class: IN (0x0001) Time to live: 24 minutes, 58 seconds Data length: 4 Addr: 217.31.205.180 d.ns.nic.cz: type A, class IN, addr 193.29.206.1 Name: d.ns.nic.cz Type: A (Host address) Class: IN (0x0001) Time to live: 28 minutes, 31 seconds Data length: 4 Addr: 193.29.206.1 c.ns.nic.cz: type A, class IN, addr 195.66.241.202 Name: c.ns.nic.cz Type: A (Host address) Class: IN (0x0001) Time to live: 27 minutes, 49 seconds Data length: 4 Addr: 195.66.241.202 e.ns.nic.cz: type A, class IN, addr 194.146.105.38 Name: e.ns.nic.cz Type: A (Host address) Class: IN (0x0001) Time to live: 18 minutes, 59 seconds Data length: 4 Addr: 194.146.105.38
Jak jsem psal, rozdily jsou v pocetu Authority RSS a Aditional RSS zaznamuKód:No. Time Source SourceMAC Destination DestMAC Protocol Info 8179 1678.311981 192.228.79.201 00:15:58:a7:2c:90 192.168.1.3 00:b0:d0:31:33:7e DNS Standard query response CNAME c1.idnes.cz A 194.79.52.192 Frame 8179 (178 bytes on wire, 178 bytes captured) Arrival Time: Mar 9, 2008 18:27:05.602230000 Time delta from previous packet: 0.508047000 seconds Time since reference or first frame: 1678.311981000 seconds Frame Number: 8179 Packet Length: 178 bytes Capture Length: 178 bytes Protocols in frame: eth:ip:udp:dns Ethernet II, Src: 192.168.1.1 (00:15:58:a7:2c:90), Dst: 192.168.1.3 (00:b0:d0:31:33:7e) Destination: 192.168.1.3 (00:b0:d0:31:33:7e) Source: 192.168.1.1 (00:15:58:a7:2c:90) Type: IP (0x0800) Internet Protocol, Src: 192.228.79.201 (192.228.79.201), Dst: 192.168.1.3 (192.168.1.3) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 164 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 60 Protocol: UDP (0x11) Header checksum: 0x6bf0 [correct] Source: 192.228.79.201 (192.228.79.201) Destination: 192.168.1.3 (192.168.1.3) User Datagram Protocol, Src Port: domain (53), Dst Port: domain (53) Source port: domain (53) Destination port: domain (53) Length: 144 Checksum: 0x6e0c [correct] Domain Name System (response) Transaction ID: 0x7fa3 Flags: 0x8180 (Standard query response, No error) 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 2 Authority RRs: 2 Additional RRs: 2 Queries www.idnes.cz: type A, class IN Name: www.idnes.cz Type: A (Host address) Class: IN (0x0001) Answers www.idnes.cz: type CNAME, class IN, cname c1.idnes.cz Name: www.idnes.cz Type: CNAME (Canonical name for an alias) Class: IN (0x0001) Time to live: 15 minutes, 55 seconds Data length: 5 Primary name: c1.idnes.cz c1.idnes.cz: type A, class IN, addr 194.79.52.192 Name: c1.idnes.cz Type: A (Host address) Class: IN (0x0001) Time to live: 15 minutes, 55 seconds Data length: 4 Addr: 194.79.52.192 Authoritative nameservers idnes.cz: type NS, class IN, ns ns.mafra.cz Name: idnes.cz Type: NS (Authoritative name server) Class: IN (0x0001) Time to live: 22 minutes, 37 seconds Data length: 11 Name server: ns.mafra.cz idnes.cz: type NS, class IN, ns ns2.mafra.cz Name: idnes.cz Type: NS (Authoritative name server) Class: IN (0x0001) Time to live: 22 minutes, 37 seconds Data length: 6 Name server: ns2.mafra.cz Additional records ns.mafra.cz: type A, class IN, addr 194.79.53.77 Name: ns.mafra.cz Type: A (Host address) Class: IN (0x0001) Time to live: 30 minutes, 53 seconds Data length: 4 Addr: 194.79.53.77 ns2.mafra.cz: type A, class IN, addr 194.79.55.77 Name: ns2.mafra.cz Type: A (Host address) Class: IN (0x0001) Time to live: 40 minutes, 22 seconds Data length: 4 Addr: 194.79.55.77
a v TTL u jednotlivych odpovedi (jedna se o TTL DNS protokolu, ne o TTL IP protokolu)
Podle mne tedy zadny firewall ani jadro samotny paket nezere.
Na 192.168.1.1 je bind v9.5.x a fedora5 (aktualizovana)
Na 192.168.1.3 je bind v9.4.x a fedora8 (posledni aktualizace)
Po rucni kompilaci bind v9.4.x stazene z isc.org se server choval stejne.
Jsem z toho magor. Musi to byt nekde v bindu. Ale dost dlouho.
Nechapu, ze takovyhle problem mam jenom ja. A NeMeM9aA.
Jestli chces, tak ti poslu root heslo a muzes se mi na to podivat (byl bych moc rad, hlavne kdyby se to vyresilo)
Odpověď s citací