From owner-freebsd-questions@freebsd.org Mon Feb 5 21:50:48 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA2C7EF2F64 for ; Mon, 5 Feb 2018 21:50:47 +0000 (UTC) (envelope-from weldon@excelsusphoto.com) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 859FD8B538 for ; Mon, 5 Feb 2018 21:50:46 +0000 (UTC) (envelope-from weldon@excelsusphoto.com) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 0ACA5623EF for ; Mon, 5 Feb 2018 16:50:46 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTIjsDjzi0AW for ; Mon, 5 Feb 2018 16:50:43 -0500 (EST) Received: from inet07.hamilton.harte-lyne.ca (inet07.hamilton.harte-lyne.ca [216.185.71.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "imap.hamilton.harte-lyne.ca", Issuer "CA HLL ISSUER 01" (not verified)) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPS for ; Mon, 5 Feb 2018 16:50:43 -0500 (EST) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (verified OK)) by inet07.hamilton.harte-lyne.ca (Postfix) with ESMTPS id 6C88B8A335; Mon, 5 Feb 2018 16:50:43 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 48848623EF; Mon, 5 Feb 2018 16:50:42 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NjKZ1dobitd2; Mon, 5 Feb 2018 16:50:38 -0500 (EST) X-Greylist: delayed 522 seconds by postgrey-1.34 at inet08.hamilton.harte-lyne.ca; Mon, 05 Feb 2018 16:50:37 EST Received: from veyron.excelsus.com (emmett.excelsus.com [74.93.113.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPS; Mon, 5 Feb 2018 16:50:35 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by veyron.excelsus.com (Postfix) with ESMTP id 375322143; Mon, 5 Feb 2018 15:41:51 -0600 (CST) Received: from veyron.excelsus.com ([127.0.0.1]) by localhost (mail.excelsus.com [127.0.0.1]) (maiad, port 10024) with ESMTP id 41277-05; Mon, 5 Feb 2018 15:41:50 -0600 (CST) Received: from [192.168.0.100] (74-93-113-253-Nashville.hfc.comcastbusiness.net [74.93.113.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: weldon@excelsusphoto.com) by veyron.excelsus.com (Postfix) with ESMTPSA id 8971B2140; Mon, 5 Feb 2018 15:41:50 -0600 (CST) Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: FreeBSD jails, dns and ping From: Weldon Godfrey X-Priority: 3 (Normal) In-Reply-To: <0e8b6603883129b6406e0eb0ee296ec9.squirrel@webmail.harte-lyne.ca> Date: Mon, 5 Feb 2018 15:41:49 -0600 Cc: freebsd-questions@harte-lyne.ca Message-Id: <1375BACA-6553-4D46-BFC3-68385D68F7E1@excelsusphoto.com> References: <0e8b6603883129b6406e0eb0ee296ec9.squirrel@webmail.harte-lyne.ca> To: byrnejb@harte-lyne.ca X-Mailer: Apple Mail (2.3445.5.20) X-Virus-Scanned: Maia Mailguard Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 21:50:48 -0000 > On Feb 5, 2018, at 3:18 PM, James B. Byrne via freebsd-questions = wrote: >=20 > Can anyone explain what is causing this particular inconsistency?=20 > Unbound can resolve the address but ping cannot? >=20 > 
> [root@hll107 ~]# drill pkg.freebsd.org
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 64648
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
> ;; QUESTION SECTION:
> ;; pkg.freebsd.org.     IN      A
>=20
> ;; ANSWER SECTION:
> pkg.freebsd.org.        300     IN      CNAME   =
pkgmir.geo.freebsd.org.
> pkgmir.geo.freebsd.org. 150     IN      A       96.47.72.71
>=20
> ;; AUTHORITY SECTION:
> geo.freebsd.org.        2743    IN      NS      gns1.freebsd.org.
> geo.freebsd.org.        2743    IN      NS      gns2.freebsd.org.
> geo.freebsd.org.        2743    IN      NS      gns0.freebsd.org.
>=20
> ;; ADDITIONAL SECTION:
> gns2.freebsd.org.       2743    IN      A       213.138.116.75
> gns0.freebsd.org.       2743    IN      A       8.8.178.30
> gns1.freebsd.org.       2743    IN      A       96.47.72.24
>=20


=46rom what I can tell, the authoritative server, such as =
ns2.isc-sns.com.  is giving NS records for the A record of those three =
gns*.freebsd.org .   servers.  ALL three are giving =
me query refuses.

So the issue I believe is, at least, ns2.isc-sns.com. is giving the A =
record for the CNAME entry and NS records of the gns* servers.  The TTL =
of the A record is only 300 seconds, but the NS records are closer to =
2800 seconds.  When the A record expires, your DNS client will trust the =
DNS records handed over at the end and use those to requery and it cant =
because the three servers are giving no answer

Although I would think more than just you would see this, I haven't seen =
it expire out badly on my side yet.


example of what I am seeing

Authoritative answers can be found from:
freebsd.org     nameserver =3D ns2.isc-sns.com.
freebsd.org     nameserver =3D ns3.isc-sns.info.
freebsd.org     nameserver =3D ns1.isc-sns.net.
> server ns2.isc-sns.com.
Default server: ns2.isc-sns.com.
Address: 63.243.194.1#53
> pkg.freebsd.org.
Server:         ns2.isc-sns.com.
Address:        63.243.194.1#53

pkg.freebsd.org canonical name =3D pkgmir.geo.freebsd.org.
> pkgmir.geo.freebsd.org.
Server:         ns2.isc-sns.com.
Address:        63.243.194.1#53

Non-authoritative answer:
*** Can't find pkgmir.geo.freebsd.org.: No answer

Authoritative answers can be found from:
geo.freebsd.org nameserver =3D gns2.freebsd.org.
geo.freebsd.org nameserver =3D gns0.freebsd.org.
geo.freebsd.org nameserver =3D gns1.freebsd.org.
gns0.freebsd.org        internet address =3D 8.8.178.30
gns1.freebsd.org        internet address =3D 96.47.72.24
gns2.freebsd.org        internet address =3D 213.138.116.75
> server gns2.freebsd.org.
Default server: gns2.freebsd.org.
Address: 213.138.116.75#53
> pkgmir.geo.freebsd.org.
Server:         gns2.freebsd.org.
Address:        213.138.116.75#53

*** Can't find pkgmir.geo.freebsd.org.: No answer