[GTER] Erro na Resolução de DNS

Roberto Alcântara roberto at eletronica.org
Tue May 6 11:30:36 -03 2014


Senhores,

Observamos um comportamento estranho em alguns domínios da Locaweb.

Domínios como www.acecoti.com.br  ou  www.casadaarte.com.br não estão sendo
propriamente resolvidos (A) em um recursivo interno, que roda no Windows.

A primeira opção foi: o Windows deve estar fazendo algo errado :-)  Mas
simulando a mesma condição em outros 2 domínios, o Windows fez o que era
esperado. Analisando as respostas, parece ter algo realmente diferente com
os flags que a Locaweb envia.

Ao receber o CNAME em um bind configurado por mim, temos os bits de * "want
recursion, recursion avail" *na resposta.  Ao receber o CNAME proveniente
da Locaweb, esses flags não estão setados e aparentemente o Windows para a
recursão nesse ponto.

NA RFC 1034 temos: "Note that the name server should never perform
recursive service unless asked via RD, since this interferes with trouble
shooting of name servers and their databases."

Então o Windows estaria fazendo o correto interrompendo a recursão ? Um
bind recursivo que testei "segue em frente" e resolve o A até o final. Como
não conheço tão a fundo o DNS, gostaria da opinião de vocês.


Teste com o domínio problemático:

www.casadaarte.com.br -> CNAME www.casadaarte.vtexcommerce.com.br

C:\Users\robertopdaf>nslookup -d www.casadaarte.com.br
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion
avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.123.7.10.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.123.7.10.in-addr.arpa
        name = trtads01.dom.local
        ttl = 1200 (20 mins)

------------
Servidor:  trtads01.dom.local
Address:  10.0.123.3

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion
avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.casadaarte.com.br.dom.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  dom.local
        ttl = 3600 (1 hour)
        primary name server = trtads01.dom.local
        responsible mail addr = admin.dom.local
        serial  = 612824
        refresh = 1800 (30 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion
avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.casadaarte.com.br.dom.local, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  dom.local
        ttl = 3600 (1 hour)
        primary name server = trtads01.dom.local
        responsible mail addr = admin.dom.local
        serial  = 612824
        refresh = 1800 (30 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, auth. answer
        questions = 1,  answers = 1,  authority records = 1,  additional = 0

    QUESTIONS:
        www.casadaarte.com.br, type = A, class = IN
    ANSWERS:
    ->  www.casadaarte.com.br
        canonical name = www.casadaarte.vtexcommerce.com.br
        ttl = 3600 (1 hour)
    AUTHORITY RECORDS:
    ->  com.br
        ttl = 3600 (1 hour)
        primary name server = ns1.locaweb.com.br
        responsible mail addr = postmaster.locaweb.com.br
        serial  = 2014030601
        refresh = 3600 (1 hour)
        retry   = 600 (10 mins)
        expire  = 1209600 (14 days)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NXDOMAIN
        header flags:  response, auth. answer
        questions = 1,  answers = 1,  authority records = 1,  additional = 0

    QUESTIONS:
        www.casadaarte.com.br, type = AAAA, class = IN
    ANSWERS:
    ->  www.casadaarte.com.br
        canonical name = www.casadaarte.vtexcommerce.com.br
        ttl = 3600 (1 hour)
    AUTHORITY RECORDS:
    ->  com.br
        ttl = 3600 (1 hour)
        primary name server = ns1.locaweb.com.br
        responsible mail addr = postmaster.locaweb.com.br
        serial  = 2014030601
        refresh = 3600 (1 hour)
        retry   = 600 (10 mins)
        expire  = 1209600 (14 days)
        default TTL = 3600 (1 hour)

------------
*** trtads01.dom.local não encontrou www.casadaarte.com.br: Non-existent
domain




Simulando este tipo de consulta em um bind , temos:

Teste com o domínio simulando o problema.   teste.pci.eletronica.org ->
devs.com.br


C:\Users\robertopdaf>nslookup -d teste.pci.eletronica.org
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion
avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.123.7.10.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.123.7.10.in-addr.arpa
        name = trtads01.dom.local
        ttl = 1200 (20 mins)

------------
Servidor:  trtads01.dom.local
Address:  10.0.123.3

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion
avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        teste.pci.eletronica.org.dom.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  dom.local
        ttl = 3600 (1 hour)
        primary name server = trtads01.dom.local
        responsible mail addr = admin.dom.local
        serial  = 612824
        refresh = 1800 (30 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion
avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        teste.pci.eletronica.org.dom.local, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  dom.local
        ttl = 3600 (1 hour)
        primary name server = trtads01.dom.local
        responsible mail addr = admin.dom.local
        serial  = 612824
        refresh = 1800 (30 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  response,* want recursion, recursion avail.*
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        teste.pci.eletronica.org, type = A, class = IN
    ANSWERS:
    ->  teste.pci.eletronica.org
        canonical name = www.devs.com.br
        ttl = 300 (5 mins)
    ->  www.devs.com.br
        internet address = 72.18.203.216
        ttl = 84015 (23 hours 20 mins 15 secs)

------------
Não é resposta de autorização:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        teste.pci.eletronica.org, type = AAAA, class = IN
    ANSWERS:
    ->  teste.pci.eletronica.org
        canonical name = www.devs.com.br
        ttl = 300 (5 mins)

------------
Nome:    www.devs.com.br
Address:  72.18.203.216
Aliases:  teste.pci.eletronica.org




 - Roberto



More information about the gter mailing list