[88680] in North American Network Operators' Group
dnsauth3.sys.gtei.net DNS record is poisoned???
daemon@ATHENA.MIT.EDU (Joe Shen)
Wed Feb 15 11:07:22 2006
Date: Thu, 16 Feb 2006 00:06:54 +0800 (CST)
From: Joe Shen <joe_hznm@yahoo.com.sg>
To: "bind-users@isc.org" <bind-users@isc.org>,
NANGO <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
Hi,
Today, some of our customers could not resolve
state.gov by our cache server.
I found state.gov is served by dnsauth1.sys.gtei.net,
dnsauth2.sys.gtei.net, dnsauth3.sys.gtei.net. Using
some others' DNS servers I found their IP addresses
should be 4.2.49.2, 4.2.49.3, 4.2.49.4. But, our cache
server(BIND9.3.1) got some othere IPs( I've tried
restart bind9.3.1). So, it always failed to resolve
state.gov. After restarting BIND9.3.1 again, I did
"rndc flush" for several times, then it comes back.
Why? is there something poisoned ?
Joe
=========== BIND9 got wrong server IP ====
> set debug
> dnsauth1.sys.gtei.net
Server: dnsv2.zjhzptt.net.cn
Address: 202.101.172.133
;; res_nmkquery(QUERY, dnsauth1.sys.gtei.net, IN, A)
------------
Got answer:
HEADER:
opcode = QUERY, id = 58203, rcode = NOERROR
header flags: response, want recursion,
recursion avail.
questions = 1, answers = 1, authority
records = 3, additional = 2
QUESTIONS:
dnsauth1.sys.gtei.net, type = A, class = IN
ANSWERS:
-> dnsauth1.sys.gtei.net
internet address = 128.121.126.139
ttl = 86084 (86084)
AUTHORITY RECORDS:
-> gtei.net
nameserver = dnsauth2.sys.gtei.net
ttl = 172565 (172565)
-> gtei.net
nameserver = dnsauth3.sys.gtei.net
ttl = 172565 (172565)
-> gtei.net
nameserver = dnsauth1.sys.gtei.net
ttl = 172565 (172565)
ADDITIONAL RECORDS:
-> dnsauth2.sys.gtei.net
internet address = 169.132.13.103
ttl = 86084 (86084)
-> dnsauth3.sys.gtei.net
internet address = 192.67.198.6
ttl = 86084 (86084)
------------
Non-authoritative answer:
Name: dnsauth1.sys.gtei.net
Address: 128.121.126.139
>
==============================
Restart bind and do "rndc flush" 6 times, I got:
======================
> set debug
> state.gov
Server: hzdnsv2.zjhzptt.net.cn
Address: 202.101.172.133
;; res_nmkquery(QUERY, state.gov, IN, A)
------------
Got answer:
HEADER:
opcode = QUERY, id = 20953, rcode = NOERROR
header flags: response, want recursion,
recursion avail.
questions = 1, answers = 1, authority
records = 3, additional = 3
QUESTIONS:
state.gov, type = A, class = IN
ANSWERS:
-> state.gov
internet address = 164.109.48.80
ttl = 1778 (1778)
AUTHORITY RECORDS:
-> state.gov
nameserver = dnsauth3.sys.gtei.net
ttl = 1778 (1778)
-> state.gov
nameserver = dnsauth1.sys.gtei.net
ttl = 1778 (1778)
-> state.gov
nameserver = dnsauth2.sys.gtei.net
ttl = 1778 (1778)
ADDITIONAL RECORDS:
-> dnsauth1.sys.gtei.net
internet address = 4.2.49.2
ttl = 172767 (172767)
-> dnsauth2.sys.gtei.net
internet address = 4.2.49.3
ttl = 172767 (172767)
-> dnsauth3.sys.gtei.net
internet address = 4.2.49.4
ttl = 172767 (172767)
------------
Non-authoritative answer:
Name: state.gov
Address: 164.109.48.80
>
==================================
__________________________________
Meet your soulmate!
Yahoo! Asia presents Meetic - where millions of singles gather
http://asia.yahoo.com/meetic
