Re: rare dns problemen

[Paul van der Vlis <paul@vandervlis.nl>]

Op 07-10-2021 om 09:07 schreef Paul van der Vlis:
> Hallo Jaap en anderen,
>
> Op 06-10-2021 om 22:58 schreef Jaap van Wingerde:
> > Ik kan thuis niet naar Wikipedia browsen: "We can’t connect to the
> > server at www.wikipedia.org".
> >
> > Diggen op ns-server op extern VPS geeft de volgende resultaten.
>  >
> > jaap@artio:~$ dig @gaugino en.wikipedia.org
> >
> > ; <<>> DiG 9.16.15-Debian <<>> @gaugino en.wikipedia.org
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60422
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 1232
> > ; COOKIE: e341d86ef35fd4dc01000000615db16d640e4226c09cf16f (good)
> > ;; QUESTION SECTION:
> > ;en.wikipedia.org.              IN      A
> >
> > ;; ANSWER SECTION:
> > en.wikipedia.org.       86400   IN      CNAME   dyna.wikimedia.org.
> > dyna.wikimedia.org.     600     IN      A       91.198.174.192
> >
> > ;; Query time: 1128 msec
> > ;; SERVER: 10.203.111.2#53(10.203.111.2)
> > ;; WHEN: Wed Oct 06 14:23:41 UTC 2021
> > ;; MSG SIZE  rcvd: 121
> >
> >
> > De locale ns-server faalt echter.
> >
> > jaap@artio:~$ dig en.wikipedia.org
> >
> > ; <<>> DiG 9.16.15-Debian <<>> en.wikipedia.org
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 510
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 1232
> > ; COOKIE: c2a8c1bff5784db901000000615db188e6581a7982e9234f (good)
> > ;; QUESTION SECTION:
> > ;en.wikipedia.org.              IN      A
> >
> > ;; Query time: 0 msec
> > ;; SERVER: 10.203.180.1#53(10.203.180.1)
> > ;; WHEN: Wed Oct 06 14:24:08 UTC 2021
> > ;; MSG SIZE  rcvd: 73
> >
> > jaap@artio:~$
> >
> > query-errors.log zegt het volgende.
> >
> > 06-Oct-2021 14:23:44.357 query-errors: debug 1: client @0x7f858801df58
> > 10.203.180.1#53846 (88.45.176.143.in-addr.arpa): view intern: query
> > failed (SERVFAIL) for 88.45.176.143.in-addr.arpa/IN/PTR at query.c:6648
> > 06-Oct-2021 14:23:45.309 query-errors: debug 1: client @0x7f8584000cc8
> > 10.203.180.1#35018 (88.45.176.143.in-addr.arpa): view intern: query
> > failed (SERVFAIL) for 88.45.176.143.in-addr.arpa/IN/PTR at query.c:6648
> > 06-Oct-2021 14:23:45.309 query-errors: debug 1: client @0x7f858c005088
> > 10.203.180.1#36657 (88.45.176.143.in-addr.arpa): view intern: query
> > failed (SERVFAIL) for 88.45.176.143.in-addr.arpa/IN/PTR at query.c:6648
> > 06-Oct-2021 14:23:58.941 lame-servers: info: lame server resolving
> > 'en.wikipedia.org' (in 'wikipedia.org'?): 208.80.153.231#53 06-Oct-2021
> > 14:23:58.945 lame-servers: info: lame server resolving
> > 'en.wikipedia.org' (in 'wikipedia.org'?): 208.80.154.238#53 06-Oct-2021
> > 14:23:58.949 lame-servers: info: lame server resolving
> > 'en.wikipedia.org' (in 'wikipedia.org'?): 91.198.174.239#53 06-Oct-2021
> > 14:23:58.949 lame-servers: info: lame server resolving
> > 'ns1.wikimedia.org' (in 'wikimedia.org'?): 208.80.153.231#53
> > 06-Oct-2021 14:23:58.953 lame-servers: info: lame server resolving
> > 'ns0.wikimedia.org' (in 'wikimedia.org'?): 208.80.153.231#53
> > 06-Oct-2021 14:23:58.953 lame-servers: info: lame server resolving
> > 'ns2.wikimedia.org' (in 'wikimedia.org'?): 208.80.153.231#53
> > 06-Oct-2021 14:23:58.957 lame-servers: info: lame server resolving
> > 'ns1.wikimedia.org' (in 'wikimedia.org'?): 208.80.154.238#53
> > 06-Oct-2021 14:23:58.957 lame-servers: info: lame server resolving
> > 'ns0.wikimedia.org' (in 'wikimedia.org'?): 208.80.154.238#53
> > 06-Oct-2021 14:23:58.957 lame-servers: info: lame server resolving
> > 'ns2.wikimedia.org' (in 'wikimedia.org'?): 208.80.154.238#53
> > 06-Oct-2021 14:23:58.961 lame-servers: info: lame server resolving
> > 'ns1.wikimedia.org' (in 'wikimedia.org'?): 91.198.174.239#53
> > 06-Oct-2021 14:23:58.961 lame-servers: info: lame server resolving
> > 'ns2.wikimedia.org' (in 'wikimedia.org'?): 91.198.174.239#53
> > 06-Oct-2021 14:23:58.961 lame-servers: info: lame server resolving
> > 'ns0.wikimedia.org' (in 'wikimedia.org'?): 91.198.174.239#53
> > 06-Oct-2021 14:24:08.941 query-errors: debug 1: client @0x7f858801df58
> > 10.203.180.1#56457 (en.wikipedia.org): view intern: query failed (timed
> > out) for en.wikipedia.org/IN/A at query.c:7360 06-Oct-2021 14:24:08.941
> > query-errors: debug 1: client @0x7f8588021cb8 10.203.180.1#56457
> > (en.wikipedia.org): view intern: query failed (SERVFAIL) for
> > en.wikipedia.org/IN/A at query.c:6648
> >
> > Ik heb ten einde raad in named.conf.options wat forwarders ingesteld.
> >     forwarders {
> >          8.8.8.8;
> >          8.8.4.4;
> >     };
> >
> > Dit levert de volgende bind-logs op:
> >
> > 06-Oct-2021 14:40:17.351 query-errors: debug 1: client @0x7f61380210c8
> > 10.203.180.250#53438 (ns4.versatel.net): view intern: query failed
> > (timed out) for ns4.versatel.net/IN/A at query.c:7360 06-Oct-2021
> > 14:40:17.351 query-errors: debug 1: client @0x7f6130010648
> > 10.203.180.250#60059 (ns4.versatel.net): view intern: query failed
> > (timed out) for ns4.versatel.net/IN/AAAA at query.c:7360 06-Oct-2021
> > 14:40:17.351 query-errors: debug 1: client @0x7f6138005088
> > 10.203.180.250#42998 (ns3.versatel.net): view intern: query failed
> > (timed out) for ns3.versatel.net/IN/AAAA at query.c:7360 06-Oct-2021
> > 14:40:17.535 lame-servers: info: timed out resolving
> > 'mozilla.com/DS/IN': 8.8.4.4#53 06-Oct-2021 14:40:17.539 lame-servers:
> > info: timed out resolving 'mozilla.com/DS/IN': 8.8.4.4#53 06-Oct-2021
> > 14:40:18.787 lame-servers: info: timed out resolving 'com/DNSKEY/IN':
> > 8.8.8.8#53 06-Oct-2021 14:40:18.791 lame-servers: info: timed out
> > resolving 'com/DNSKEY/IN': 8.8.8.8#53 06-Oct-2021 14:40:18.923
> > lame-servers: info: timed out resolving
> > 'contile.services.mozilla.com/A/IN': 8.8.8.8#53 06-Oct-2021
> > 14:40:18.923 lame-servers: info: timed out resolving
> > 'contile.services.mozilla.com/A/IN': 8.8.8.8#53 06-Oct-2021
> > 14:40:19.747 query-errors: debug 1: client @0x7f6138025748
> > 10.203.180.250#43771 (ns2.versatel.net): view intern: query failed
> > (timed out) for ns2.versatel.net/IN/AAAA at query.c:7360 06-Oct-2021
> > 14:40:19.747 query-errors: debug 1: client @0x7f612c005088
> > 10.203.180.250#55455 (ns1.versatel.net): view intern: query failed
> > (timed out) for ns1.versatel.net/IN/AAAA at query.c:7360 06-Oct-2021
> > 14:40:19.987 lame-servers: info: timed out resolving 'com/DNSKEY/IN':
> > 8.8.4.4#53 06-Oct-2021 14:40:19.991 lame-servers: info: timed out
> > resolving 'com/DNSKEY/IN': 8.8.4.4#53 06-Oct-2021 14:40:20.123
> > lame-servers: info: timed out resolving
> > 'contile.services.mozilla.com/A/IN': 8.8.4.4#53 06-Oct-2021
> > 14:40:20.123 lame-servers: info: timed out resolving
> > 'contile.services.mozilla.com/A/IN': 8.8.4.4#53
> >
> > Wat moet ik hier van denken?
>
> Bij mij werkt het wel.
>
> Ze hebben DNSsec niet goed voor elkaar, zie ook:
> https://dnssec-analyzer.verisignlabs.com/www.wikipedia.org
> Maar als ik het goed zie dan zou dat geen problemen moeten geven, anders 
> dan waarschuwingen.
>
> Wat ik zou doen als ik jou was, is verschillende apparaten rebooten. 
> Denk aan je router, computer, en vooral ook eventuele tussenliggende 
> switches.
>
> Ik heb ook wel meegemaakt dat het met een switch niet mogelijk was een 
> bepaalde website te bezoeken (ging om marktplaats.nl). Het vervangen van 
> de switch bracht de oplossing.
>
> Mocht dat niet helpen dan zou ik hulp zoeken bij mijn ISP.
>
> Ik heb gehoord dat sommige ISP's al het DNS verkeer naar hun eigen DNS 
> doorsturen via een transparante proxy. Daar kan het ook mis zijn.
> https://www.dnsleaktest.com/what-is-transparent-dns-proxy.html
>
> Ook kunnen er routing problemen zijn.

Als noodoplossing zou je een proxy kunnen gebruiken, iets als:
https://www.hidemyass.com/nl-nl/proxy
Daarmee kun je waarschijnlijk wel naar Wikipedia.

Groet,
Paul

--
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/