nameserver issues involving *.debian.org

To: debian-user@lists.debian.org
Subject: nameserver issues involving *.debian.org
From: Joel Roth <joelz@pobox.com>
Date: Sun, 30 Jan 2011 11:26:37 -1000
Message-id: <[🔎] 20110130212637.GA14302@sprite>
Reply-to: Joel Roth <joelz@pobox.com>
Hi all,

Some nslookup oddities have been bothering me.  Does it look
to you like my ISP is blocking certain DNS queries?

First, here's what I expect *and* what I get when
I SSH to an account at maseru.dreamhost.com:

[maseru]$ nslookup debian.org
	Server:         66.33.216.127
	Address:        66.33.216.127#53

	Non-authoritative answer:
	Name:   debian.org
	Address: 206.12.19.7
	[...]

[maseru]$ nslookup ftp.us.debian.org
	Server:         66.33.216.127
	Address:        66.33.216.127#53

	Non-authoritative answer:
	Name:   ftp.us.debian.org
	Address: 204.152.191.39
	[...]

Now, let's try querying the *same* nameserver from my home computer
via my ISP (hawaiian telecom).

$ nslookup google.com 66.33.216.127
	Server:         66.33.216.127
	Address:        66.33.216.127#53

	Non-authoritative answer:
	Name:   google.com
	Address: 74.125.224.52
	[...]

$ nslookup debian.org 66.33.216.127
	;; connection timed out; no servers could be reached

$ nslookup ftp.us.debian.org 66.33.216.127
	;; connection timed out; no servers could be reached

$ nslookup perl.com 66.33.216.127
	Server:         66.33.216.127
	Address:        66.33.216.127#53

	Non-authoritative answer:
	Name:   perl.com
	Address: 208.201.239.101
	[...]

I'd like to find some other explanation. This
is with my firewall turned off.

btw, I get the same issues using my ISPs nameserver
via the ethernet modem.


$ nslookup google.com 192.168.0.1
Server:         192.168.0.1
Address:        192.168.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 74.125.224.83
[...]

$ nslookup debian.org 192.168.0.1
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find debian.org: SERVFAIL

Finally, here are the queries (external DNS
server, then via ISP's ASDL modem) followed by a 
corresponding wireshark dump of the network
traffic.

Thanks for your attention!

------------------------------------------------------------
nslookup google.com 66.33.216.127 # succeeds
nslookup debian.org 66.33.216.127
	;; connection timed out; no servers could be reached
nslookup google.com 192.168.0.1   # succeeds
nslookup debian.org 192.168.0.1
	** server can't find debian.org: SERVFAIL
------------------------------------------------------------

No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.0.105         66.33.216.127         DNS      Standard query A google.com

Frame 1 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: WistronI_19:e6:be (f0:de:f1:19:e6:be), Dst: AniCommu_c5:4f:19 (00:40:05:c5:4f:19)
Internet Protocol, Src: 192.168.0.105 (192.168.0.105), Dst: 66.33.216.127 (66.33.216.127)
User Datagram Protocol, Src Port: 47670 (47670), Dst Port: domain (53)
Domain Name System (query)

No.     Time        Source                Destination           Protocol Info
      2 0.031068    66.33.216.127         192.168.0.105         DNS      Standard query response A 74.125.224.81 A 74.125.224.82 A 74.125.224.83 A 74.125.224.84 A 74.125.224.80

Frame 2 (286 bytes on wire, 286 bytes captured)
Ethernet II, Src: AniCommu_c5:4f:19 (00:40:05:c5:4f:19), Dst: WistronI_19:e6:be (f0:de:f1:19:e6:be)
Internet Protocol, Src: 66.33.216.127 (66.33.216.127), Dst: 192.168.0.105 (192.168.0.105)
User Datagram Protocol, Src Port: domain (53), Dst Port: 47670 (47670)
Domain Name System (response)

No.     Time        Source                Destination           Protocol Info
      3 7.417343    192.168.0.105         66.33.216.127         DNS      Standard query A debian.org

Frame 3 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: WistronI_19:e6:be (f0:de:f1:19:e6:be), Dst: AniCommu_c5:4f:19 (00:40:05:c5:4f:19)
Internet Protocol, Src: 192.168.0.105 (192.168.0.105), Dst: 66.33.216.127 (66.33.216.127)
User Datagram Protocol, Src Port: 55129 (55129), Dst Port: domain (53)
Domain Name System (query)

No.     Time        Source                Destination           Protocol Info
      4 12.417482   192.168.0.105         66.33.216.127         DNS      Standard query A debian.org

Frame 4 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: WistronI_19:e6:be (f0:de:f1:19:e6:be), Dst: AniCommu_c5:4f:19 (00:40:05:c5:4f:19)
Internet Protocol, Src: 192.168.0.105 (192.168.0.105), Dst: 66.33.216.127 (66.33.216.127)
User Datagram Protocol, Src Port: 55129 (55129), Dst Port: domain (53)
Domain Name System (query)

No.     Time        Source                Destination           Protocol Info
      5 17.417696   192.168.0.105         66.33.216.127         DNS      Standard query A debian.org

Frame 5 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: WistronI_19:e6:be (f0:de:f1:19:e6:be), Dst: AniCommu_c5:4f:19 (00:40:05:c5:4f:19)
Internet Protocol, Src: 192.168.0.105 (192.168.0.105), Dst: 66.33.216.127 (66.33.216.127)
User Datagram Protocol, Src Port: 55129 (55129), Dst Port: domain (53)
Domain Name System (query)

No.     Time        Source                Destination           Protocol Info
      6 28.176305   192.168.0.105         192.168.0.1           DNS      Standard query A google.com

Frame 6 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: WistronI_19:e6:be (f0:de:f1:19:e6:be), Dst: AniCommu_c5:4f:19 (00:40:05:c5:4f:19)
Internet Protocol, Src: 192.168.0.105 (192.168.0.105), Dst: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 47893 (47893), Dst Port: domain (53)
Domain Name System (query)

No.     Time        Source                Destination           Protocol Info
      7 28.214736   192.168.0.1           192.168.0.105         DNS      Standard query response A 74.125.224.83 A 74.125.224.84 A 74.125.224.80 A 74.125.224.81 A 74.125.224.82

Frame 7 (286 bytes on wire, 286 bytes captured)
Ethernet II, Src: AniCommu_c5:4f:19 (00:40:05:c5:4f:19), Dst: WistronI_19:e6:be (f0:de:f1:19:e6:be)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.105 (192.168.0.105)
User Datagram Protocol, Src Port: domain (53), Dst Port: 47893 (47893)
Domain Name System (response)

No.     Time        Source                Destination           Protocol Info
      8 33.652277   192.168.0.105         192.168.0.1           DNS      Standard query A debian.org

Frame 8 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: WistronI_19:e6:be (f0:de:f1:19:e6:be), Dst: AniCommu_c5:4f:19 (00:40:05:c5:4f:19)
Internet Protocol, Src: 192.168.0.105 (192.168.0.105), Dst: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 36765 (36765), Dst Port: domain (53)
Domain Name System (query)

No.     Time        Source                Destination           Protocol Info
      9 37.456094   66.33.216.127         192.168.0.105         DNS      Standard query response, Server failure

Frame 9 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: AniCommu_c5:4f:19 (00:40:05:c5:4f:19), Dst: WistronI_19:e6:be (f0:de:f1:19:e6:be)
Internet Protocol, Src: 66.33.216.127 (66.33.216.127), Dst: 192.168.0.105 (192.168.0.105)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55129 (55129)
Domain Name System (response)

No.     Time        Source                Destination           Protocol Info
     10 37.456141   192.168.0.105         66.33.216.127         ICMP     Destination unreachable (Port unreachable)

Frame 10 (98 bytes on wire, 98 bytes captured)
Ethernet II, Src: WistronI_19:e6:be (f0:de:f1:19:e6:be), Dst: AniCommu_c5:4f:19 (00:40:05:c5:4f:19)
Internet Protocol, Src: 192.168.0.105 (192.168.0.105), Dst: 66.33.216.127 (66.33.216.127)
Internet Control Message Protocol

No.     Time        Source                Destination           Protocol Info
     11 37.457408   72.235.80.4           192.168.0.105         DNS      Standard query response, Server failure

Frame 11 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: AniCommu_c5:4f:19 (00:40:05:c5:4f:19), Dst: WistronI_19:e6:be (f0:de:f1:19:e6:be)
Internet Protocol, Src: 72.235.80.4 (72.235.80.4), Dst: 192.168.0.105 (192.168.0.105)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55129 (55129)
Domain Name System (response)

No.     Time        Source                Destination           Protocol Info
     12 37.458709   192.168.0.1           192.168.0.105         DNS      Standard query response, Server failure

Frame 12 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: AniCommu_c5:4f:19 (00:40:05:c5:4f:19), Dst: WistronI_19:e6:be (f0:de:f1:19:e6:be)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.105 (192.168.0.105)
User Datagram Protocol, Src Port: domain (53), Dst Port: 36765 (36765)
Domain Name System (response)

No.     Time        Source                Destination           Protocol Info
     13 37.459083   192.168.0.105         192.168.0.1           DNS      Standard query A debian.org

Frame 13 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: WistronI_19:e6:be (f0:de:f1:19:e6:be), Dst: AniCommu_c5:4f:19 (00:40:05:c5:4f:19)
Internet Protocol, Src: 192.168.0.105 (192.168.0.105), Dst: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 59945 (59945), Dst Port: domain (53)
Domain Name System (query)

No.     Time        Source                Destination           Protocol Info
     14 42.451901   66.33.216.127         192.168.0.105         DNS      Standard query response, Server failure

Frame 14 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: AniCommu_c5:4f:19 (00:40:05:c5:4f:19), Dst: WistronI_19:e6:be (f0:de:f1:19:e6:be)
Internet Protocol, Src: 66.33.216.127 (66.33.216.127), Dst: 192.168.0.105 (192.168.0.105)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55129 (55129)
Domain Name System (response)

No.     Time        Source                Destination           Protocol Info
     15 42.453101   192.168.0.1           192.168.0.105         DNS      Standard query response, Server failure

Frame 15 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: AniCommu_c5:4f:19 (00:40:05:c5:4f:19), Dst: WistronI_19:e6:be (f0:de:f1:19:e6:be)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.105 (192.168.0.105)
User Datagram Protocol, Src Port: domain (53), Dst Port: 59945 (59945)
Domain Name System (response)

<end>

Regards,

Joel

-- 
Joel Roth
Reply to:
Follow-Ups:
- Re: nameserver issues involving *.debian.org
  - From: Joel Roth <joelz@pobox.com>
- Re: nameserver issues involving *.debian.org
  - From: Bob Proulx <bob@proulx.com>
- Re: nameserver issues involving *.debian.org
  - From: Camaleón <noelamac@gmail.com>
Prev by Date: Re: iptables/routing network problem
Next by Date: Re: iptables/routing network problem
Previous by thread: Re: Help with Sun Java in Debian Sid
Next by thread: Re: nameserver issues involving *.debian.org
Index(es):
- Date
- Thread