www.heroesonline.com unresolvable via local unbound instance?
Todd Blake
tbblake at gmail.com
Thu May 2 11:34:40 UTC 2019
Tom, This doesn't explain the behavior of the other two though. To test, I
ran dig's from my workplace. I get the REFUSED as you do to
ns21.kpmedia.org from work and home, but from my workplace, dig's to the
other two work just fine. a dig from home times out. See below. I'm
wondering if they're just not answering queries from known cable internet
user space...
*Home:*
[root at topo ~]# host ns19.kpmedia.org. 8.8.8.8 | grep has
ns19.kpmedia.org has address 192.64.118.171
[root at topo ~]# host ns20.kpmedia.org. 8.8.8.8 | grep has
ns20.kpmedia.org has address 162.213.254.70
[root at topo ~]# host ns21.kpmedia.org. 8.8.8.8 | grep has
ns21.kpmedia.org has address 37.61.235.107
[root at topo ~]# dig www.heroesonline.com @192.64.118.171
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.heroesonline.com @
192.64.118.171
;; global options: +cmd
;; connection timed out; no servers could be reached
[root at topo ~]# dig www.heroesonline.com @162.213.254.70
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.heroesonline.com @
162.213.254.70
;; global options: +cmd
;; connection timed out; no servers could be reached
[root at topo ~]# dig www.heroesonline.com @37.61.235.107
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.heroesonline.com @
37.61.235.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 23571
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.heroesonline.com. IN A
;; Query time: 106 msec
;; SERVER: 37.61.235.107#53(37.61.235.107)
;; WHEN: Thu May 02 07:31:52 EDT 2019
;; MSG SIZE rcvd: 49
*Work:*
[blaket at topo2 ~]$ host www.heroesonline.com
www.heroesonline.com has address 162.213.254.70
[blaket at topo2 ~]$ host -t NS heroesonline.com
heroesonline.com name server ns21.kpmedia.org.
heroesonline.com name server ns20.kpmedia.org.
heroesonline.com name server ns19.kpmedia.org.
[blaket at topo2 ~]$ dig www.heroesonline.com @ns19.kpmedia.org.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> www.heroesonline.com
@ns19.kpmedia.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40206
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.heroesonline.com. IN A
;; ANSWER SECTION:
www.heroesonline.com. 3600 IN A 162.213.254.70
;; AUTHORITY SECTION:
heroesonline.com. 86400 IN NS ns19.kpmedia.org.
heroesonline.com. 86400 IN NS ns20.kpmedia.org.
heroesonline.com. 86400 IN NS ns21.kpmedia.org.
;; Query time: 28 msec
;; SERVER: 192.64.118.171#53(192.64.118.171)
;; WHEN: Thu May 2 11:28:01 2019
;; MSG SIZE rcvd: 122
[blaket at topo2 ~]$ dig www.heroesonline.com @ns20.kpmedia.org.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> www.heroesonline.com
@ns20.kpmedia.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54332
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.heroesonline.com. IN A
;; ANSWER SECTION:
www.heroesonline.com. 3600 IN A 162.213.254.70
;; AUTHORITY SECTION:
heroesonline.com. 86400 IN NS ns21.kpmedia.org.
heroesonline.com. 86400 IN NS ns19.kpmedia.org.
heroesonline.com. 86400 IN NS ns20.kpmedia.org.
;; Query time: 18 msec
;; SERVER: 162.213.254.70#53(162.213.254.70)
;; WHEN: Thu May 2 11:28:06 2019
;; MSG SIZE rcvd: 122
[blaket at topo2 ~]$ dig www.heroesonline.com @ns21.kpmedia.org.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> www.heroesonline.com
@ns21.kpmedia.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 18346
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.heroesonline.com. IN A
;; Query time: 140 msec
;; SERVER: 37.61.235.107#53(37.61.235.107)
;; WHEN: Thu May 2 11:28:09 2019
;; MSG SIZE rcvd: 38
[blaket at topo2 ~]$
On Wed, May 1, 2019 at 11:44 PM Tom Samplonius <tom at samplonius.org> wrote:
>
> Of the three authoritative servers, ns21.kpmedia.org is responding with
> a REFUSED response.
>
> $ dig www.heroesonline.com @ns21.kpmedia.org
>
> ; <<>> DiG 9.10.6 <<>> www.heroesonline.com @ns21.kpmedia.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 506
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.heroesonline.com. IN A
>
> ;; Query time: 348 msec
> ;; SERVER: 37.61.235.107#53(37.61.235.107)
> ;; WHEN: Wed May 01 20:40:38 PDT 2019
> ;; MSG SIZE rcvd: 49
>
>
>
> So 33% of lookups will fail. It is possible that Google retries
> different NS servers, if a REFUSED is received. Or perhaps they hit the
> two working servers, and are just returning the cached result.
>
> Either way, this is not specifically an Unbound issue, as the REFUSED
> behaviour can be seen anywhere on the Internet.
>
>
>
>
> On May 1, 2019, at 1:14 PM, Todd Blake via Unbound-users <
> unbound-users at nlnetlabs.nl> wrote:
>
> heroesonline.com name server ns21.kpmedia.org.
> heroesonline.com name server ns19.kpmedia.org.
> heroesonline.com name server ns20.kpmedia.org.
> root at stretch:~# host ns21.kpmedia.org. 8.8.8.8
> Using domain server:
> Name: 8.8.8.8
> Address: 8.8.8.8#53
> Aliases:
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190502/5d84621f/attachment.htm>
More information about the Unbound-users
mailing list