Date: Mon, 5 Feb 2018 15:41:49 -0600 From: Weldon Godfrey <weldon@excelsusphoto.com> To: byrnejb@harte-lyne.ca Cc: freebsd-questions@harte-lyne.ca Subject: Re: FreeBSD jails, dns and ping Message-ID: <1375BACA-6553-4D46-BFC3-68385D68F7E1@excelsusphoto.com> In-Reply-To: <0e8b6603883129b6406e0eb0ee296ec9.squirrel@webmail.harte-lyne.ca> References: <0e8b6603883129b6406e0eb0ee296ec9.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Feb 5, 2018, at 3:18 PM, James B. Byrne via freebsd-questions = <freebsd-questions@freebsd.org> wrote: >=20 > Can anyone explain what is causing this particular inconsistency?=20 > Unbound can resolve the address but ping cannot? >=20 > <pre> > [root@hll107 ~]# drill pkg.freebsd.org > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 64648 > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3 > ;; QUESTION SECTION: > ;; pkg.freebsd.org. IN A >=20 > ;; ANSWER SECTION: > pkg.freebsd.org. 300 IN CNAME = pkgmir.geo.freebsd.org. > pkgmir.geo.freebsd.org. 150 IN A 96.47.72.71 >=20 > ;; AUTHORITY SECTION: > geo.freebsd.org. 2743 IN NS gns1.freebsd.org. > geo.freebsd.org. 2743 IN NS gns2.freebsd.org. > geo.freebsd.org. 2743 IN NS gns0.freebsd.org. >=20 > ;; ADDITIONAL SECTION: > gns2.freebsd.org. 2743 IN A 213.138.116.75 > gns0.freebsd.org. 2743 IN A 8.8.178.30 > gns1.freebsd.org. 2743 IN A 96.47.72.24 >=20 =46rom what I can tell, the authoritative server, such as = ns2.isc-sns.com. is giving NS records for the A record of those three = gns*.freebsd.org <http://freebsd.org/>. servers. ALL three are giving = me query refuses. So the issue I believe is, at least, ns2.isc-sns.com. is giving the A = record for the CNAME entry and NS records of the gns* servers. The TTL = of the A record is only 300 seconds, but the NS records are closer to = 2800 seconds. When the A record expires, your DNS client will trust the = DNS records handed over at the end and use those to requery and it cant = because the three servers are giving no answer Although I would think more than just you would see this, I haven't seen = it expire out badly on my side yet. example of what I am seeing Authoritative answers can be found from: freebsd.org nameserver =3D ns2.isc-sns.com. freebsd.org nameserver =3D ns3.isc-sns.info. freebsd.org nameserver =3D ns1.isc-sns.net. > server ns2.isc-sns.com. Default server: ns2.isc-sns.com. Address: 63.243.194.1#53 > pkg.freebsd.org. Server: ns2.isc-sns.com. Address: 63.243.194.1#53 pkg.freebsd.org canonical name =3D pkgmir.geo.freebsd.org. > pkgmir.geo.freebsd.org. Server: ns2.isc-sns.com. Address: 63.243.194.1#53 Non-authoritative answer: *** Can't find pkgmir.geo.freebsd.org.: No answer Authoritative answers can be found from: geo.freebsd.org nameserver =3D gns2.freebsd.org. geo.freebsd.org nameserver =3D gns0.freebsd.org. geo.freebsd.org nameserver =3D gns1.freebsd.org. gns0.freebsd.org internet address =3D 8.8.178.30 gns1.freebsd.org internet address =3D 96.47.72.24 gns2.freebsd.org internet address =3D 213.138.116.75 > server gns2.freebsd.org. Default server: gns2.freebsd.org. Address: 213.138.116.75#53 > pkgmir.geo.freebsd.org. Server: gns2.freebsd.org. Address: 213.138.116.75#53 *** Can't find pkgmir.geo.freebsd.org.: No answer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1375BACA-6553-4D46-BFC3-68385D68F7E1>