cancel
Showing results for 
Search instead for 
Did you mean: 

Help with a DNS anomaly ?

Anonymous
Not applicable

Help with a DNS anomaly ?

I have a stand-alone DNS server on my home network - running 'dnsmasq' on Ubuntu server - which works very well at caching and significantly speeding up DNS lookups.
However today I discovered an oddity that I would like to understand, and resolve, so I can ensure future reliability of my network.
My network has various Windows PC's, and some Ubuntu desktops, they are ALL configured to use the same said DNS server, and I have never (in two years) had any problems with any other website,
but if I try to browse http://www.kegs.org.uk/, then the Ubuntu PC's ALWAYS work fine and display the webpage, but all the Windows PC's report "DNS error occurred. Server cannot be found"
If I change a Windows PC's DNS settings to say the Google DNS (8.8.4.4), or other conventional DNS, then the problematic site works fine.
If I reboot my DNS server then occasionally the Windows PC's will work OK for a while, but then get stuck in a failed state.
If I run "> ipconfig /flushdns" in a DOS command window, then sometimes that recovers the problem for a while.
If I do an NSLOOKUP on an Ubuntu PC it says -
Quote
> nslookup www.kegs.org.uk
Server:        192.168.?.?
Address:    192.168.?.?#53
Non-authoritative answer:
www.kegs.org.uk ;   canonical name = kegshost.org.uk.
kegshost.org.uk    canonical name = henry.kegs.essex.sch.uk.
Name:    henry.kegs.essex.sch.uk
Address: 94.101.160.194


Whereas an NSLOOKUP on Windows says -
Quote
> nslookup www.kegs.org.uk
Server:  henry.kegs.essex.sch.uk
Address:  94.101.160.194
Aliases:  www.kegs.org.uk, kegshost.org.uk
*** www.kegs.org.uk can't find nslookup: No response from server

So even in the failed state, Windows can retrieve the correct IP address from the DNS server.
I have also tried both Firefox and Internet Explorer browsers.
So far all four Windows PC's fail, and three Ubuntu PC's work !
And as I said earlier, it is only the website http://www.kegs.org.uk that shows this problem, any other site continues to work without any problems.
Any ideas ?
10 REPLIES 10
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Help with a DNS anomaly ?

I also use Linux and dnsmasq - testing with the "host" command, I can't resolve that address using plusnet's DNS servers, but can using google's:

$ host www.kegs.org.uk 212.159.6.9
Using domain server:
Name: 212.159.6.9
Address: 212.159.6.9#53
Aliases:
Host www.kegs.org.uk not found: 3(NXDOMAIN)
$ host www.kegs.org.uk 8.8.4.4
Using domain server:
Name: 8.8.4.4
Address: 8.8.4.4#53
Aliases:
www.kegs.org.uk is an alias for kegshost.org.uk.
kegshost.org.uk is an alias for henry.kegs.essex.sch.uk.
henry.kegs.essex.sch.uk has address 94.101.160.194
Anonymous
Not applicable

Re: Help with a DNS anomaly ?

Thanks for that, I just repeated the 'host' command with all the external DNS's that I use, and it is ONLY the Plusnet DNS's that fail (212.159.6.9, 212.159.6.10, 212.159.13.49, 212.159.13.50), but Google DNS and OpenDNS work fine.
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: Help with a DNS anomaly ?

Quote from: purleigh
Whereas an NSLOOKUP on Windows says -
Quote
> nslookup www.kegs.org.uk
Server:  henry.kegs.essex.sch.uk
Address:  94.101.160.194
Aliases:  www.kegs.org.uk, kegshost.org.uk
*** www.kegs.org.uk can't find nslookup: No response from server

Well to me that looks like your windows PC was using 94.101.160.194 (aka henry.kegs.essex.sch.uk) as its DNS, whereas the linux machines were using a DNS on your local network.
Anonymous
Not applicable

Re: Help with a DNS anomaly ?

I am confused by that Windows response as well.
In the short periods when Windows does resolve this correctly it does this instead -
Quote
> nslookup www.kegs.org.uk
Server:  "the_name_of_my_DNS_server"
Address:  192.168.?.?  (the IP of my DNS server)
Non-authoritative answer:
Name:    henry.kegs.essex.sch.uk
Address:  94.101.160.194
Aliases:  www.kegs.org.uk, ; kegshost.org.uk

It does look like, in either working or failed mode, Windows can get the IP address correctly from my DNS server.
BUT in the failed state, it looks like Windows is trying to do another DNS lookup using the address that the local DNS server has already provided ! ? !
I have also just removed all references to the PlusNet DNS servers from my own DNS servers 'resolv.conf' file, and Windows lookups now appear to be fine (in the short time that I have tried !).
So -
1)  The Plusnet DNS not resolving seems to trigger the problem.
2)  Can't yet explain why it is that if I start my DNS first (with Plusnet IPs), then boot Windows (in failed state), then start an Ubuntu PC, that Ubuntu works but Windows doesn't.
3)  Windows might be trying to do a recursive lookup ?
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: Help with a DNS anomaly ?

Hmmm, not sure, I sometimes struggle with the intricate details of DNS, but given that its only that IP that you know of, I would suggest there is something wrong with their DNS configuration.  Try contacting Plusnet support and asking why they can't when OpenDNS etc can resolve that address, their answer (if you get the techs answer) may be enlightening.
Anonymous
Not applicable

Re: Help with a DNS anomaly ?

I have just checked the problematic URL in a DNS configuration checker, and it does look like that site is misconfigured !

but that does not explain the difference between Windows and Ubuntu lookups, when both are getting the correct target IP address from my local DNS server !
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: Help with a DNS anomaly ?

Different OS's have different rub points and levels of forgiveness when breaking standards.
Given the open nature of Linux it wouldn't surprise me that someone 'fixed' the DNS lookup on Linux so that it worked with lame DNS.
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Help with a DNS anomaly ?

My Linux setup doesn't resolve it. I'm running Fedora 13, dnsmasq is running to provide the local DNS cache. I configured dnsmasq with "strict-order" enabled in the configuration file, so normally it only uses the first plusnet DNS server.
Although the plusnet DNS server returns NXDOMAIN for www.kegs.org.uk, it also returns the first alias kegshost.org.uk (try the "dig" command), if you query that you get NXDOMAIN again and the second alias henry.kegs.essex.sch.uk, and if you look that up you get the IP address. I guess something on Ubuntu is doing that automatically for you.
Anonymous
Not applicable

Re: Help with a DNS anomaly ?

I don't use "strict-order", instead I use "all-servers"
Quote
--all-servers
              By default, when dnsmasq has more than one upstream server available, it will send queries to just one server. Setting this flag forces dnsmasq to send all queries to all  avail‐
              able servers. The reply from the server which answers first will be returned to the original requestor.

Which might explain the apparent randomness I am seeing, as the fastest responding DNS might change over time !

I also use the "--no-negcache" setting, so 'dnsmasq' does only caches good results, but it does not seem to have helped in this instance.
Quote
--no-negcache
              Disable negative caching. Negative caching allows dnsmasq to remember "no such domain" answers from upstream nameservers and answer  identical  queries  without  forwarding  them
              again.


What I need is to find a 'dnsmasq' setting that ignores the fastest responding DNS replies when like in this instance the PlusNet DNS returns NXDOMAIN, and therefore check the other subsequent DNS replies for a positive result (such as those from Google and OpenDNS) - and only after all responses have failed then give up.
MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: Help with a DNS anomaly ?

Quote from: purleigh
What I need is to find a 'dnsmasq' setting that ignores the fastest responding DNS replies  [...]

No, the DNS for kegs.org.uk needs fixing. When only one zone causes problems that zone needs fixing, not everyone else's resolvers (incl. yours).
Incidentally, don't use nslookup for troubleshooting - it's use has been depracated as it can give some very misleading results, particularly given that it often mistinterprets what it finds (i.e. it doesn't give you the true response). Try 'dig' instead.
Mathew