[GTER] RES: Problema resolucao dns
Network Operation Center AlfainfNet
noc at alfainfnet.com.br
Wed Oct 17 14:38:45 -03 2012
Boa tarde amigos,
Continuo com o problema,
Vou postar logs para talvez alguem ascender luz no fim do tunel
[root at dns3 logs]# cat dns3-srv.log | grep lupie
17-Oct-2012 14:30:57.916 security: debug 3: client 127.0.0.1#35116: query (cache) 'www.calcadoslupie.com.br/A/IN' approved
17-Oct-2012 14:30:58.075 lame-servers: info: lame server resolving 'www.calcadoslupie.com.br' (in 'calcadoslupie.com.br'?): 75.125.228.235#53
17-Oct-2012 14:30:58.235 lame-servers: info: lame server resolving 'www.calcadoslupie.com.br' (in 'calcadoslupie.com.br'?): 75.125.228.234#53
17-Oct-2012 14:30:58.235 query-errors: debug 1: client 127.0.0.1#35116: query failed (SERVFAIL) for www.calcadoslupie.com.br/IN/A at query.c:4651
17-Oct-2012 14:30:58.235 query-errors: debug 2: fetch completed at resolver.c:3087 for www.calcadoslupie.com.br/A in 0.318351: failure/success [domain:calcadoslupie.com.br,referral:0,restart:2,qrysent:2,timeout:0,lame:4,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
17-Oct-2012 14:30:58.236 security: debug 3: client 127.0.0.1#42245: query (cache) 'www.calcadoslupie.com.br/A/IN' approved
17-Oct-2012 14:30:58.236 query-errors: debug 1: client 127.0.0.1#42245: query failed (SERVFAIL) for www.calcadoslupie.com.br/IN/A at query.c:4651
17-Oct-2012 14:30:58.236 query-errors: debug 2: fetch completed at resolver.c:3087 for www.calcadoslupie.com.br/A in 0.000219: failure/success [domain:calcadoslupie.com.br,referral:0,restart:1,qrysent:0,timeout:0,lame:2,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
17-Oct-2012 14:30:58.236 security: debug 3: client 127.0.0.1#40316: query (cache) 'www.calcadoslupie.com.br.alfainfnet.net.br/A/IN' approved
====================================================================================================================
cat dns3-clt.log | grep lupie
17-Oct-2012 14:30:57.916 resolver: debug 1: createfetch: www.calcadoslupie.com.br A
17-Oct-2012 14:30:57.917 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): create
17-Oct-2012 14:30:57.917 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): join
17-Oct-2012 14:30:57.917 resolver: debug 3: fetch 0x2aaab2fc2180 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): created
17-Oct-2012 14:30:57.917 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): start
17-Oct-2012 14:30:57.917 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): try
17-Oct-2012 14:30:57.917 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): cancelqueries
17-Oct-2012 14:30:57.917 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): getaddresses
17-Oct-2012 14:30:57.917 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): query
17-Oct-2012 14:30:57.917 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): send
17-Oct-2012 14:30:57.917 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): sent
17-Oct-2012 14:30:57.917 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): udpconnected
17-Oct-2012 14:30:57.917 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): senddone
17-Oct-2012 14:30:58.075 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): response
;www.calcadoslupie.com.br. IN A
17-Oct-2012 14:30:58.075 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): cancelquery
17-Oct-2012 14:30:58.075 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): add_bad
17-Oct-2012 14:30:58.075 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): try
17-Oct-2012 14:30:58.075 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): query
17-Oct-2012 14:30:58.075 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): send
17-Oct-2012 14:30:58.076 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): sent
17-Oct-2012 14:30:58.076 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): udpconnected
17-Oct-2012 14:30:58.076 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): senddone
17-Oct-2012 14:30:58.235 resolver: debug 3: resquery 0x2aaaaca90f10 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): response
;www.calcadoslupie.com.br. IN A
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): cancelquery
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): add_bad
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): try
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): cancelqueries
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): getaddresses
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): no addresses
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): done
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): stopeverything
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): cancelqueries
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): sendevents
17-Oct-2012 14:30:58.235 resolver: debug 3: fetch 0x2aaab2fc2180 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): destroyfetch
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): shutdown
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): doshutdown
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): stopeverything
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): cancelqueries
17-Oct-2012 14:30:58.235 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): destroy
17-Oct-2012 14:30:58.236 resolver: debug 1: createfetch: www.calcadoslupie.com.br A
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): create
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): join
17-Oct-2012 14:30:58.236 resolver: debug 3: fetch 0x2aaab2fc2180 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): created
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): start
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): try
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): cancelqueries
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): getaddresses
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): no addresses
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): done
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): stopeverything
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): cancelqueries
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): sendevents
17-Oct-2012 14:30:58.236 resolver: debug 3: fetch 0x2aaab2fc2180 (fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A)): destroyfetch
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): shutdown
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): doshutdown
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): stopeverything
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): cancelqueries
17-Oct-2012 14:30:58.236 resolver: debug 3: fctx 0x2aaaaca89f10(www.calcadoslupie.com.br/A'): destroy
Estranho eh no primeito log, cliente, mostra um lame server com ip muito estranho, nada a ver com dominio em questa ou NS do mesmo.
Alguma dica ?????
Gabriel V. Longo
inoc-dba 262883:100
noc at alfainfnet.com.br
http://www.alfainfnet.com.br
-----Mensagem original-----
De: gter [mailto:gter-bounces at eng.registro.br] Em nome de Caio Zanolla
Enviada em: terça-feira, 25 de setembro de 2012 20:36
Para: Grupo de Trabalho de Engenharia e Operacao de Redes
Assunto: Re: [GTER] Problema resolucao dns
http://www.intodns.com/calcadoslupie.com.br
Atenciosamente,
Caio Zanolla
2012/9/25 Ricardo Rodrigues <rcr.listas at ig.com.br>:
> Aqui resolveu normalmente. Tente verificar nos logs ou via tcpdump o que
> seu servidor DNS está tentando fazer.
>
> De qualquer forma, aqui vale a mesma recomendação: não usar mesmo endereço
> IP para DNS e para servidor Web, mesmo que tudo esteja no mesmo servidor
> físico.
>
> Abs,
> Ricardo
>
> Em 25 de setembro de 2012 16:44, Network Operation Center AlfainfNet <
> noc at alfainfnet.com.br> escreveu:
>
>> Boa tarde.
>>
>>
>>
>> Estou com um stress de resolução dns a dias. Domínio “calcadoslupie.com.br
>> ”.
>>
>> Assim que o mesmo expira o ttl de cache, server recursivo não resolve mais
>> o domínio somente forçando um DIG em cima de outro server, assim entrando
>> novamente em seu cache e então volta a resolver.
>>
>> Fiz várias análises, em outros server resolve normal, porem achei algo
>> estranho e entao resolvi trocar uma ideia com o grupo:
>>
>> Observem:
>>
>>
>>
>> [root at dns3 logs]# dig calcadoslupie.com.br @f.dns.br
>>
>> ; <<>> DiG 9.7.3-P3 <<>> calcadoslupie.com.br @f.dns.br
>>
>> ;; global options: +cmd
>>
>> ;; Got answer:
>>
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34529
>>
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
>>
>> ;; WARNING: recursion requested but not available
>>
>>
>>
>> ;; QUESTION SECTION:
>>
>> ;calcadoslupie.com.br. IN A
>>
>>
>>
>> ;; AUTHORITY SECTION:
>>
>> calcadoslupie.com.br. 86400 IN NS ns1.interfacevirtual.com.
>>
>> calcadoslupie.com.br. 86400 IN NS ns2.interfacevirtual.com.
>>
>>
>>
>> ;; Query time: 22 msec
>>
>> ;; SERVER: 200.219.159.10#53(200.219.159.10)
>>
>> ;; WHEN: Tue Sep 25 16:22:48 2012
>>
>> ;; MSG SIZE rcvd: 94
>>
>>
>>
>> ===========================================================
>>
>>
>>
>> [root at dns3 logs]# dig interfacevirtual.com @a.gtld-servers.net
>>
>> ; <<>> DiG 9.7.3-P3 <<>> interfacevirtual.com @a.gtld-servers.net
>>
>> ;; global options: +cmd
>>
>> ;; Got answer:
>>
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39838
>>
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
>>
>> ;; WARNING: recursion requested but not available
>>
>>
>>
>> ;; QUESTION SECTION:
>>
>> ;interfacevirtual.com. IN A
>>
>>
>>
>> ;; AUTHORITY SECTION:
>>
>> interfacevirtual.com. 172800 IN NS ns1.meta358.org.
>>
>> interfacevirtual.com. 172800 IN NS ns2.meta358.org.
>>
>>
>>
>> ;; Query time: 128 msec
>>
>> ;; SERVER: 192.5.6.30#53(192.5.6.30)
>>
>> ;; WHEN: Tue Sep 25 16:35:16 2012
>>
>> ;; MSG SIZE rcvd: 85
>>
>>
>>
>>
>>
>> [root at dns3 logs]# dig interfacevirtual.com @ns1.meta358.org
>>
>>
>>
>> ; <<>> DiG 9.7.3-P3 <<>> interfacevirtual.com @ns1.meta358.org
>>
>> ;; global options: +cmd
>>
>> ;; Got answer:
>>
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8950
>>
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>>
>> ;; WARNING: recursion requested but not available
>>
>>
>>
>> ;; QUESTION SECTION:
>>
>> ;interfacevirtual.com. IN A
>>
>>
>>
>> ;; ANSWER SECTION:
>>
>> interfacevirtual.com. 14400 IN A 67.228.172.192
>>
>>
>>
>> ;; AUTHORITY SECTION:
>>
>> interfacevirtual.com. 86400 IN NS ns1.interfacevirtual.com.
>>
>> interfacevirtual.com. 86400 IN NS ns2.interfacevirtual.com.
>>
>>
>>
>> ;; ADDITIONAL SECTION:
>>
>> ns1.interfacevirtual.com. 14400 IN A 67.228.172.192
>>
>> ns2.interfacevirtual.com. 14400 IN A 67.228.172.193
>>
>>
>>
>> ;; Query time: 156 msec
>>
>> ;; SERVER: 67.228.172.192#53(67.228.172.192)
>>
>> ;; WHEN: Tue Sep 25 16:36:34 2012
>>
>> ;; MSG SIZE rcvd: 122
>>
>>
>>
>>
>>
>> De fato o server autoritativo que responde pelo dominio
>> “interfacevirtual.com” eh o ns1/ns2.meta358.org, porem na zona no mesmo
>> constam outros NS, ns1/ns2.interfacevirtual.com. No meu entendimento
>> deveria
>> ter na zona interfacevirtual.com os NS ns1/ns2.meta358.org ou entao nos
>> GTLD-Servers deveria estar com NS e IP da zona interfacevirtual.com.
>>
>> Isto é um equívoco?
>>
>> Pode estar causando estas falhas de resolucao?
>>
>> Rodo dns recursivo com dnssec habilitado.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Gabriel V. Longo
>>
>> inoc-dba 262883:100
>>
>> noc at alfainfnet.com.br
>>
>> http://www.alfainfnet.com.br <http://www.alfainfnet.com.br/>
>>
>>
>>
>> --
>> gter list https://eng.registro.br/mailman/listinfo/gter
>>
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
--
gter list https://eng.registro.br/mailman/listinfo/gter
More information about the gter
mailing list