[rescue] Odd DNS problem with Solaris 8

Steve Sandau rescue at sunhelp.org
Sun Nov 11 19:12:35 CST 2001 

Well, I'm not sure I really have enough evidence for punishment yet. As
with kids, when I started watching, they started behaving. ;) I finally
caught a missed DNS request, though, while I was running tcpdump.

milhouse is the Solaris 8 client; marge is the DNS/masquerading firewall
Linux box. I don't have DNS problems with the HP-UX, Linux, FreeBSd or
Windows (only for my kids) machines on the same network.

Here's the conversation for the failed lookup:
19:38:32.489204 milhouse.sandau.33794 > marge.sandau.domain: 29957+ (45)
(DF) (ttl 255, id 53207)
19:38:32.490277 marge.sandau.domain > milhouse.sandau.33794: 29957
NXDomain* q: www.cc-soluti 0/1/0 (103) (ttl 64, id 16300)
19:38:32.493792 milhouse.sandau.33795 > marge.sandau.domain: 29958+ (52)
(DF) (ttl 255, id 53208)
19:38:32.515471 marge.sandau.domain > milhouse.sandau.33795: 29958
NXDomain* q: www.cc-soluti 0/1/0 (103) (ttl 64, id 16303)
19:38:32.519182 milhouse.sandau.33796 > marge.sandau.domain: 29959+ (47)
(DF) (ttl 255, id 53209)
19:38:32.558194 marge.sandau.domain > milhouse.sandau.33796: 29959
NXDomain* q: www.cc-soluti 0/1/0 (97) (ttl 64, id 16307)

And this one is the successful lookup. (Yeah, it took me a while to
realize that I wanted a comparison.. so I'm a little slow...):
20:04:24.446877 milhouse.sandau.33803 > marge.sandau.domain: 29960+ (38)
(DF) (ttl 255, id 9239)
20:04:24.718001 marge.sandau.domain > milhouse.sandau.33803: 29960* q:
www.cc-soluti 2/3/3 . (183) (ttl 64, id 17003)

I'm not sure if I know enough about tcpdump output to figure out what's
going wrong. If anyone else does know, great. If not, I'll try the same
thing with ethereal which will give more details of the transaction.
Even *I* should be able to decode that output.

Ideas?

Mike Nicewonger wrote:
> 
> On Sat, 10 Nov 2001, you wrote:
> > Just realized that the minor irritation I have when browsing on my SPARC
> > 5 here is the same as you described, Mike.
> >
> > This is on a home net with a local DNS box and a masquerading firewall.
> > Whenever I have investigated the problem, the local DNS box has no
> > difficulty locating the www server, but either the Sun can't ask nicely,
> > or the DNS box isn't answering. Maybe I'll sniff the wire and see if I
> > can identify (and appropriately punish) the offending machine.
> >
> Thanks Steve please do let me know who gets spanked.
> 
> Mike N
> _______________________________________________
> rescue maillist  -  rescue at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/rescue

-- 
Steve Sandau
IS Technician, TMA, Bath, Maine
ssandau at bath.tmac.com

More information about the rescue mailing list