'Re: problem w/ www.macys.com and www.jcrew.com..'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       djbdns
Subject:    Re: problem w/ www.macys.com and www.jcrew.com..
From:       Rob <djbstuff () itsbeen ! sent ! com>
Date:       2006-11-15 0:19:31
Message-ID: 455A5D13.1020708 () itsbeen ! sent ! com
[Download RAW message or body]

B. Cook wrote:
> Hello all,
> 
> I'm having users complain that they can't open certain web pages.. and 
> after checking into things.. it seems the authoritative are doing 
> something w/ dns that dnscache doesn't like or understand.
> 
> host www.macys.com
> ;; connection timed out; no servers could be reached
> 
> (I set up a maradns server on the loopback using the icann roots; same 
> as dnscache)
> 
> host www.macys.com 127.0.0.1
> Using domain server:
> Name: 127.0.0.1
> Address: 127.0.0.1#53
> Aliases:
> 
> www.macys.com is an alias for www.macys.com.edgekey.net.
> www.macys.com.edgekey.net has address 72.246.68.134
> Using domain server:
> Name: 127.0.0.1
> Address: 127.0.0.1#53
> Aliases:
> 
> www.macys.com is an alias for www.macys.com.edgekey.net.
> Using domain server:
> Name: 127.0.0.1
> Address: 127.0.0.1#53
> Aliases:
> 
> www.macys.com is an alias for www.macys.com.edgekey.net.
> 
> host www.jcrew.com
> ;; connection timed out; no servers could be reached
> 
> 
> host www.jcrew.com 127.0.0.1
> Using domain server:
> Name: 127.0.0.1
> Address: 127.0.0.1#53
> Aliases:
> 
> www.jcrew.com is an alias for www.jcrew.com.edgesuite.net.
> www.jcrew.com.edgesuite.net has address 64.72.65.215
> Using domain server:
> Name: 127.0.0.1
> Address: 127.0.0.1#53
> Aliases:
> 
> www.jcrew.com is an alias for www.jcrew.com.edgesuite.net.
> Using domain server:
> Name: 127.0.0.1
> Address: 127.0.0.1#53
> Aliases:
> 
> www.jcrew.com is an alias for www.jcrew.com.edgesuite.net.
> 
> 
> host macys.com
> macys.com has address 63.73.131.68
> macys.com mail is handled by 10 mail4.mayco.com.
> macys.com mail is handled by 5 fdsmail01.fds.com.
> macys.com mail is handled by 5 fdsmail02.fds.com.
> macys.com mail is handled by 5 fdsmail03.fds.com.
> 
> host jcrew.com
> jcrew.com has address 164.109.32.247
> jcrew.com mail is handled by 20 emailscan8a.mci.com.
> jcrew.com mail is handled by 10 emailscan8.mci.com.
> 
> 
> This is on a FreeBSD box with the jumbo patch installed for what it's 
> worth.  Running from Daemontools
> 
> Any help is appreciated.

Hi,

Despite the previously mentioned issues with djb/Akamai and the exceptional dns \
server mess for these domains, I found that the ibm NS servers refused the query \
directly from dig but dnscache easily resolved www.macys.com. It did take 700+ msecs \
and it expended 93 work units (loops). The only difference I found was that dnscache \
didn't set the rd bit (and dig did by default).

Is it possible that you have a FORWARDONLY file in the env directory of one of your \
caches?

A) response from my copy of dnscache:
10:26:13.713173 IP 170.224.33.5.53 > 10.20.10.90.4377:  3120*- 1/0/0 CNAME \
                www.macys.com.edgekey.net. (70)
         0x0000:  4500 0062 5ded 0000 0e11 6e4b aae0 2105  E..b].....nK..!.
         0x0010:  0a14 0a5a 0035 1119 004e d93f 0c30 8400  ...Z.5...N.?.0..
         0x0020:  0001 0001 0000 0000 0377 7777 056d 6163  .........www.mac
         0x0030:  7973 0363 6f6d 0000 0100 01c0 0c00 0500  ys.com..........
         0x0040:  0100 000e 1000 1b03 7777 7705 6d61 6379  ........www.macy
         0x0050:  7303 636f 6d07 6564 6765 6b65 7903 6e65  s.com.edgekey.ne
         0x0060:  7400                                     t.

B) response from dig directly to the same IBM dns server (ns2.raleigh.usf.ibm.com.):
10:27:54.055365 IP 170.224.33.5.53 > 10.20.10.90.33874:  3205 Refused- 0/0/0 (31)
         0x0000:  4500 003b 827d 0000 0e11 49e2 aae0 2105  E..;.}....I...!.
         0x0010:  0a14 0a5a 0035 8452 0027 3d37 0c85 8105  ...Z.5.R.'=7....
         0x0020:  0001 0000 0000 0000 0377 7777 056d 6163  .........www.mac
         0x0030:  7973 0363 6f6d 0000 0100 01              ys.com.....

Line by line query comparison:

A 10:26:13.630228 IP 10.20.10.90.4377 > 170.224.33.5.53:  3120 A? www.macys.com. (31)
B 10:27:53.974153 IP 10.20.10.90.33874 > 170.224.33.5.53:  3205+ A? www.macys.com. \
(31)  Ver  Len  ID   Flag TTL  CKSUM
                    TOS                 UDP     Src  IP
A       0x0000:  4500 003b eb66 4000 4011 6ef8 0a14 0a5a  E..;.f@.@.n....Z
B       0x0000:  4500 003b 0000 4000 4011 5a5f 0a14 0a5a  E..;..@.@.Z_...Z
                  Dest IP   SPortDPortLen  CKSUM     Param
                                                DNSID
A       0x0010:  aae0 2105 1119 0035 0027 31cb 0c30 0000  ..!....5.'1..0..
B       0x0010:  aae0 2105 8452 0035 0027 bd3c 0c85 0100  ..!..R.5.'.<....
                  Qcnt Acnt AuthsAdds Ln## #### Ln## ####
A       0x0020:  0001 0000 0000 0000 0377 7777 056d 6163  .........www.mac
B       0x0020:  0001 0000 0000 0000 0377 7777 056d 6163  .........www.mac
                  #### Ln## #### \0TYPE CLASS
A       0x0030:  7973 0363 6f6d 0000 0100 01              ys.com.....
B       0x0030:  7973 0363 6f6d 0000 0100 01              ys.com.....

I find that running the following before testing helps tracking down where problems \
are occurring: # tail -fF /etc/dnscache/log/main/current &
# tcpdump -X -s 65535 -nnvvvi eth0 port 53 &
# svc -t /service/dnscache

Perhaps the packet trace and dnscache logs can pinpoint where the breakdown is \
happening for you, if you have access to the dnscache machine.

fpdns reports: fingerprint (ns2.raleigh.usf.ibm.com., 170.224.33.5): BIND 9.2.3rc1 -- \
9.4.0a0


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic