Date: Sat, 13 Dec 2014 17:44:00 -0800 From: Kevin Oberman <rkoberman@gmail.com> To: Marcelo Gondim <gondim@bsdinfo.com.br> Cc: "freebsd-net >> FreeBSD Net" <freebsd-net@freebsd.org> Subject: Re: DNS resolution problem Message-ID: <CAN6yY1tt-mr5pCLQ8p-S207jC_DB0vQ13Q6j8vovTxupSnJ1zQ@mail.gmail.com> In-Reply-To: <548C3072.10303@bsdinfo.com.br> References: <548C3072.10303@bsdinfo.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 13, 2014 at 4:26 AM, Marcelo Gondim <gondim@bsdinfo.com.br> wrote: > Dear, > > I'm having trouble resolving domain name freebsd.org. The portsnap server > works correctly but the pkg audit -F does not work and can not even access > the site according to the following tests: > > # host ec2-sa-east-1.portsnap.freebsd.org > ec2-sa-east-1.portsnap.freebsd.org has address 177.71.188.240 > > # host vuxml.freebsd.org > Host vuxml.freebsd.org not found: 3(NXDOMAIN) > > # host -a freebsd.org > Trying "freebsd.org" > Trying "freebsd.org.intnet.com.br" > Host freebsd.org not found: 3(NXDOMAIN) > Received 86 bytes from ::1#53 in 0 ms > > # host www.freebsd.org > ;; connection timed out; no servers could be reached > > Only the first address I'm having name resolution (ec2-sa-east-1.portsnap. > freebsd.org). > > My block IP: 186.193.48.0/20 > > One could check for any restrictions on our IP block? > > I think a bit of DNS debugging is in order. I could resolve all of the nodes you listed, but there are some potential issues I see. First, when looking up hostname with host(1), always terminate the name: > host -a freebsd.org. Trying "freebsd.org" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24171 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;freebsd.org. IN TYPE255 ;; ANSWER SECTION: freebsd.org. 534 IN AAAA 2001:1900:2254:206a::50:0 freebsd.org. 534 IN MX 10 mx1.freebsd.org. freebsd.org. 534 IN A 8.8.178.110 But "ANY" queries are fuzzy things at best as the first resolver you hit will just return whatever is cached and not try getting an authoritative response. www.freebsd.org and vuxml.freebsd.org are CNAME entries pointing to the same place, 8.8.178.110. This is in FreeBSD's own address space from Yahoo nd is probably in the mail FreeBSD cluster. I was a bit surprised to find that is is an Amazon AWS address, so the portsnap files are actually coming from a totally different place. DNS is provided by ISC-SNS. 72.52.71.1, 38.103.2.1 and 63.243.194.1. Try pinging these. Since BIND, the second oldest and most popular DNS server is written and supported by ISA, I would think that it is well run. Try pinging and tracing to these addresses. All of them are in very dispersed locations on different provider backbones. (Cogent, Hurricane Electric, and ISC, itself. You might try directing queries to each system to see if one fails when other succeed. Use "dig @servr-addr host". -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1tt-mr5pCLQ8p-S207jC_DB0vQ13Q6j8vovTxupSnJ1zQ>