[GTER] Erro na Resolução de DNS
Roberto Alcântara
roberto at eletronica.org
Tue May 6 11:30:36 -03 2014
Senhores,
Observamos um comportamento estranho em alguns domínios da Locaweb.
Domínios como www.acecoti.com.br ou www.casadaarte.com.br não estão sendo
propriamente resolvidos (A) em um recursivo interno, que roda no Windows.
A primeira opção foi: o Windows deve estar fazendo algo errado :-) Mas
simulando a mesma condição em outros 2 domínios, o Windows fez o que era
esperado. Analisando as respostas, parece ter algo realmente diferente com
os flags que a Locaweb envia.
Ao receber o CNAME em um bind configurado por mim, temos os bits de * "want
recursion, recursion avail" *na resposta. Ao receber o CNAME proveniente
da Locaweb, esses flags não estão setados e aparentemente o Windows para a
recursão nesse ponto.
NA RFC 1034 temos: "Note that the name server should never perform
recursive service unless asked via RD, since this interferes with trouble
shooting of name servers and their databases."
Então o Windows estaria fazendo o correto interrompendo a recursão ? Um
bind recursivo que testei "segue em frente" e resolve o A até o final. Como
não conheço tão a fundo o DNS, gostaria da opinião de vocês.
Teste com o domínio problemático:
www.casadaarte.com.br -> CNAME www.casadaarte.vtexcommerce.com.br
C:\Users\robertopdaf>nslookup -d www.casadaarte.com.br
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
3.123.7.10.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 3.123.7.10.in-addr.arpa
name = trtads01.dom.local
ttl = 1200 (20 mins)
------------
Servidor: trtads01.dom.local
Address: 10.0.123.3
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.casadaarte.com.br.dom.local, type = A, class = IN
AUTHORITY RECORDS:
-> dom.local
ttl = 3600 (1 hour)
primary name server = trtads01.dom.local
responsible mail addr = admin.dom.local
serial = 612824
refresh = 1800 (30 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.casadaarte.com.br.dom.local, type = AAAA, class = IN
AUTHORITY RECORDS:
-> dom.local
ttl = 3600 (1 hour)
primary name server = trtads01.dom.local
responsible mail addr = admin.dom.local
serial = 612824
refresh = 1800 (30 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = NXDOMAIN
header flags: response, auth. answer
questions = 1, answers = 1, authority records = 1, additional = 0
QUESTIONS:
www.casadaarte.com.br, type = A, class = IN
ANSWERS:
-> www.casadaarte.com.br
canonical name = www.casadaarte.vtexcommerce.com.br
ttl = 3600 (1 hour)
AUTHORITY RECORDS:
-> com.br
ttl = 3600 (1 hour)
primary name server = ns1.locaweb.com.br
responsible mail addr = postmaster.locaweb.com.br
serial = 2014030601
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 1209600 (14 days)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 5, rcode = NXDOMAIN
header flags: response, auth. answer
questions = 1, answers = 1, authority records = 1, additional = 0
QUESTIONS:
www.casadaarte.com.br, type = AAAA, class = IN
ANSWERS:
-> www.casadaarte.com.br
canonical name = www.casadaarte.vtexcommerce.com.br
ttl = 3600 (1 hour)
AUTHORITY RECORDS:
-> com.br
ttl = 3600 (1 hour)
primary name server = ns1.locaweb.com.br
responsible mail addr = postmaster.locaweb.com.br
serial = 2014030601
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 1209600 (14 days)
default TTL = 3600 (1 hour)
------------
*** trtads01.dom.local não encontrou www.casadaarte.com.br: Non-existent
domain
Simulando este tipo de consulta em um bind , temos:
Teste com o domínio simulando o problema. teste.pci.eletronica.org ->
devs.com.br
C:\Users\robertopdaf>nslookup -d teste.pci.eletronica.org
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
3.123.7.10.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 3.123.7.10.in-addr.arpa
name = trtads01.dom.local
ttl = 1200 (20 mins)
------------
Servidor: trtads01.dom.local
Address: 10.0.123.3
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
teste.pci.eletronica.org.dom.local, type = A, class = IN
AUTHORITY RECORDS:
-> dom.local
ttl = 3600 (1 hour)
primary name server = trtads01.dom.local
responsible mail addr = admin.dom.local
serial = 612824
refresh = 1800 (30 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
teste.pci.eletronica.org.dom.local, type = AAAA, class = IN
AUTHORITY RECORDS:
-> dom.local
ttl = 3600 (1 hour)
primary name server = trtads01.dom.local
responsible mail addr = admin.dom.local
serial = 612824
refresh = 1800 (30 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: response,* want recursion, recursion avail.*
questions = 1, answers = 2, authority records = 0, additional = 0
QUESTIONS:
teste.pci.eletronica.org, type = A, class = IN
ANSWERS:
-> teste.pci.eletronica.org
canonical name = www.devs.com.br
ttl = 300 (5 mins)
-> www.devs.com.br
internet address = 72.18.203.216
ttl = 84015 (23 hours 20 mins 15 secs)
------------
Não é resposta de autorização:
------------
Got answer:
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
teste.pci.eletronica.org, type = AAAA, class = IN
ANSWERS:
-> teste.pci.eletronica.org
canonical name = www.devs.com.br
ttl = 300 (5 mins)
------------
Nome: www.devs.com.br
Address: 72.18.203.216
Aliases: teste.pci.eletronica.org
- Roberto
More information about the gter
mailing list