LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   pdnsd reject not working properly (https://www.linuxquestions.org/questions/linux-networking-3/pdnsd-reject-not-working-properly-680027/)

Tortanick 10-30-2008 10:14 AM
pdnsd reject not working properly
 
I'm trying to use pdnsd's reject statement to stop opendns from serving me its own advert pages, or lieing about google's ip address and it's not working: Through a bit of testing I think the problem is that pdsnd caches an illegitimate cname pointing from google to opendns's address; then when it finds that cname points to a rejected ip address it goes to the next server however rather than trying the original query again pdnsd tries the same illegitimate cname and finds that on this server it points to a non-rejected ip.

The lack of reject statements in the second server is deliberate since the second servers are trusted, ideally they would double check to make sure pdnsd isn't rejecting something they should.

I can think of a few workarounds but I'd rather fix the real problem, besides I am curious as to what I am doing wrong.

my pdnsd.conf
Code:
// Read the pdnsd.conf(5) manpage for an explanation of the options.

/* Note: this file is overriden by automatic config files when
  /etc/default/pdnsd AUTO_MODE is set and that
  /usr/share/pdnsd/pdnsd-$AUTO_MODE.conf exists
 */

global {
        perm_cache=2048;
        cache_dir="/var/cache/pdnsd";
        run_as="pdnsd";
        server_ip = 127.0.0.1;  // Use eth0 here if you want to allow other
                                // machines on your network to query pdnsd.
        status_ctl = on;
          paranoid=on;
//        query_method=tcp_udp;        // pdnsd must be compiled with tcp
                                // query support for this to work.
        min_ttl=15m;      // Retain cached entries at least 15 minutes.
        max_ttl=1w;          // One week.
        timeout=10;        // Global timeout option (10 seconds).
//        debug=on;
        // Don't enable if you don't recurse yourself, can lead to problems
        // delegation_only="com","net";
        linkdown_kluge=off;
}

/* with status_ctl=on and resolvconf installed, this will work out from the box
  this is the recommended setup for mobile machines */
//server {
//    label="resolvconf";
//}

// The servers provided by OpenDNS are fast, but they do not reply with
// NXDOMAIN for non-existant domains, instead they supply you with an
// address of one of their search engines. They also lie about the addresses of
// of the search engines of google, microsoft and yahoo.
// If you do not like this behaviour the "reject" option may be useful.
server {
        label = "opendns";
        ip = 208.67.222.222, 208.67.220.220;
        reject = 208.69.32.0/24,  // You may need to add additional address ranges
                208.69.34.0/24,  // here if the addresses of their search engines
                208.67.219.0/24, // change.
                208.67.217.0/24;
        reject_policy = fail;    // If you do not provide any alternative server
                                  // sections, like the following root-server
                                  // example, "negate" may be more appropriate here.
        timeout = 4;
        uptest = ping;            // Test availability using ICMP echo requests.
        ping_timeout = 100;      // ping test will time out after 10 seconds.
        interval = 15m;          // Test every 15 minutes.
        preset = off;
        caching=on;
        purge_cache=off;
}

// This section is meant for resolving from root servers.
server {
        label = "root-servers";
        root_server=on;
        ip =        198.41.0.4
        ,        192.228.79.201
        ,        192.33.4.12
        ,        128.8.10.90
        ,        192.203.230.10
        ,        192.5.5.241
        ,        192.112.36.4
        ,        128.63.2.53
//        ,        192.36.148.17
//        ,        192.58.128.30
//        ,        193.0.14.129
//        ,        198.32.64.12
//        ,        202.12.27.33
        ;
        timeout = 5;
        uptest = query;
        interval = 30m;      // Test every half hour.
        ping_timeout = 300;  // 30 seconds.
        purge_cache = off;
        exclude = .localdomain;
        policy = included;
        preset = off;
}


/*
source {
        owner=localhost;
        serve_aliases=on;
        file="/etc/hosts";
}
*/
rr {
        name=localhost;
        reverse=on;
        a=127.0.0.1;
        owner=localhost;
        soa=localhost,root.localhost,42,86400,900,86400,86400;
}

/*
neg {
        name=doubleclick.net;
        types=domain;  // This will also block xxx.doubleclick.net, etc.
}
*/

/*
neg {
        name=bad.server.com;  // Badly behaved server you don't want to connect to.
        types=A,AAAA;
}
*/

/* vim:set ft=c: */
and my resolve.conf
Code:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#    DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search localnet

unSpawn 10-31-2008 03:04 AM
You set your reject_policy to "fail" which means you explicitly trust the next severs it queries. Setting it to "negate" would block things after the first query but apparently that's not what you're looking for. Could you add an example of an all-out verbose 'dig' query (with pdnsd.debug log lines?) to illustrate your problem? TIA

Tortanick 10-31-2008 04:50 AM
Sure, although I found something odd, if I use dig it actually responds correctly, but if I use Iceweasel the show ip extension says i'm on an opendns IP (208.67.219.231) unless I already have the correct address in pdnsd's cache.

pdnsd.debug useing iceweasel
Code:
* 10/31 10:04:50| pdnsd: info: pdnsd-1.2.6-par starting.
- 10/31 10:04:50| Debug messages activated
- 10/31 10:04:50| Using IPv4.
- 10/31 10:04:50| performing uptest (type=ping) for 208.67.222.222
- 10/31 10:04:50| All threads started successfully.
- 10/31 10:04:50| result of uptest for 208.67.222.222: OK
- 10/31 10:04:50| performing uptest (type=ping) for 208.67.220.220
- 10/31 10:04:50| result of uptest for 208.67.220.220: OK
- 10/31 10:04:50| performing uptest (type=query) for 198.41.0.4
- 10/31 10:04:51| Server 198.41.0.4 returned error code: query format error
- 10/31 10:04:51| result of uptest for 198.41.0.4: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.228.79.201
- 10/31 10:04:51| Status socket query pending.
- 10/31 10:04:51| Received STATUS query.
- 10/31 10:04:51| Status socket query pending.
- 10/31 10:04:51| Received STATUS query.
- 10/31 10:04:51| Server 192.228.79.201 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.228.79.201: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.33.4.12
- 10/31 10:04:51| Server 192.33.4.12 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.33.4.12: OK
- 10/31 10:04:51| performing uptest (type=query) for 128.8.10.90
- 10/31 10:04:51| Server 128.8.10.90 returned error code: query format error
- 10/31 10:04:51| result of uptest for 128.8.10.90: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.203.230.10
- 10/31 10:04:51| Server 192.203.230.10 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.203.230.10: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.5.5.241
- 10/31 10:04:51| Server 192.5.5.241 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.5.5.241: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.112.36.4
- 10/31 10:04:51| Server 192.112.36.4 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.112.36.4: OK
- 10/31 10:04:51| performing uptest (type=query) for 128.63.2.53
- 10/31 10:04:51| Server 128.63.2.53 returned error code: query format error
- 10/31 10:04:51| result of uptest for 128.63.2.53: OK
1 10/31 10:04:56| Received query.
1 10/31 10:04:56| Questions are:
1 10/31 10:04:56|        qc=IN (1), qt=AAAA (28), query="www.google.co.uk."
1 10/31 10:04:56| Starting cached resolve for: www.google.co.uk., query AAAA
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.67.222.222
1 10/31 10:04:56| Sending query to 208.67.220.220
1 10/31 10:04:56| Marked server 208.67.222.222 up.
1 10/31 10:04:56| Query to 208.67.222.222 succeeded.
1 10/31 10:04:56| Starting cached resolve for: www.google.com., query AAAA
1 10/31 10:04:56| Record found in cache for www.google.com.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=900
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query AAAA
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.67.222.222
1 10/31 10:04:56| Sending query to 208.67.220.220
1 10/31 10:04:56| Marked server 208.67.222.222 up.
1 10/31 10:04:56| Query to 208.67.222.222 succeeded.
1 10/31 10:04:56| No remaining authoritative name servers to try in authority section from 208.67.222.222.
1 10/31 10:04:56| Marked server 208.67.220.220 up.
1 10/31 10:04:56| Query to 208.67.220.220 succeeded.
1 10/31 10:04:56| No remaining authoritative name servers to try in authority section from 208.67.220.220.
1 10/31 10:04:56| Sending query to 198.41.0.4
1 10/31 10:04:56| Sending query to 192.228.79.201
1 10/31 10:04:56| Marked server 198.41.0.4 up.
1 10/31 10:04:56| Query to 198.41.0.4 succeeded.
1 10/31 10:04:56| Starting cached resolve for: E.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for E.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: I.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for I.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: F.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for F.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: H.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for H.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: J.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for J.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: M.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.67.222.222
1 10/31 10:04:56| Sending query to 208.67.220.220
1 10/31 10:04:56| Marked server 208.67.222.222 up.
1 10/31 10:04:56| Query to 208.67.222.222 succeeded.
1 10/31 10:04:56| Starting cached resolve for: C.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for C.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: B.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for B.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: K.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for K.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: D.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for D.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: A.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for A.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: L.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.67.222.222
1 10/31 10:04:56| Sending query to 208.67.220.220
1 10/31 10:04:56| Marked server 208.67.222.222 up.
1 10/31 10:04:56| Query to 208.67.222.222 succeeded.
1 10/31 10:04:56| Starting cached resolve for: G.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for G.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query AAAA
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 192.12.94.30
1 10/31 10:04:56| Sending query to 192.43.172.30
1 10/31 10:04:56| Query to 192.12.94.30 succeeded.
1 10/31 10:04:56| Starting cached resolve for: auth1.opendns.com., query A
1 10/31 10:04:56| Record found in cache for auth1.opendns.com.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: auth2.opendns.com., query A
1 10/31 10:04:56| Record found in cache for auth2.opendns.com.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: auth3.opendns.com., query A
1 10/31 10:04:56| Record found in cache for auth3.opendns.com.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query AAAA
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.69.39.2
1 10/31 10:04:56| Sending query to 38.99.20.68
1 10/31 10:04:56| Caching type AAAA for domain google.navigation.opendns.com. negative with ttl 2560
1 10/31 10:04:56| Query to 208.69.39.2 succeeded.
1 10/31 10:04:56| Outbound msg len 155, tc=0, rc="no error"
1 10/31 10:04:56| Answering to: 127.0.0.1, source address: 127.0.0.1
2 10/31 10:04:56| Received query.
2 10/31 10:04:56| Questions are:
2 10/31 10:04:56|        qc=IN (1), qt=AAAA (28), query="www.google.co.uk."
2 10/31 10:04:56| Starting cached resolve for: www.google.co.uk., query AAAA
2 10/31 10:04:56| Record found in cache for www.google.co.uk.
2 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=344675
2 10/31 10:04:56| Using cached record.
2 10/31 10:04:56| Starting cached resolve for: www.google.com., query AAAA
2 10/31 10:04:56| Record found in cache for www.google.com.
2 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=900
2 10/31 10:04:56| Using cached record.
2 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query AAAA
2 10/31 10:04:56| Record found in cache for google.navigation.opendns.com.
2 10/31 10:04:56| Requery decision: dflags=0, cflags=NEG|AUT|NOP, req=0, neg=1, timed=0, ttl=2560
2 10/31 10:04:56| Using cached record.
2 10/31 10:04:56| Outbound msg len 155, tc=0, rc="no error"
2 10/31 10:04:56| Answering to: 127.0.0.1, source address: 127.0.0.1
3 10/31 10:04:56| Received query.
3 10/31 10:04:56| Questions are:
3 10/31 10:04:56|        qc=IN (1), qt=A (1), query="www.google.co.uk."
3 10/31 10:04:56| Starting cached resolve for: www.google.co.uk., query A
3 10/31 10:04:56| Record found in cache for www.google.co.uk.
3 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=344675
3 10/31 10:04:56| Using cached record.
3 10/31 10:04:56| Starting cached resolve for: www.google.com., query A
3 10/31 10:04:56| Record found in cache for www.google.com.
3 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=900
3 10/31 10:04:56| Using cached record.
3 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query A
3 10/31 10:04:56| Record found in cache for google.navigation.opendns.com.
3 10/31 10:04:56| Requery decision: dflags=0, cflags=0, req=0, neg=0, timed=1, timestamp=0
3 10/31 10:04:56| Trying name servers.
3 10/31 10:04:56| Not querying root-server 198.41.0.4, using cached information instead.
3 10/31 10:04:56| Sending query to 208.67.222.222
3 10/31 10:04:56| Sending query to 208.67.220.220
3 10/31 10:04:56| Marked server 208.67.222.222 up.
3 10/31 10:04:56| Rejecting answer from server 208.67.222.222 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.231
3 10/31 10:04:56| Marked server 208.67.220.220 up.
3 10/31 10:04:56| Rejecting answer from server 208.67.220.220 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.231
3 10/31 10:04:56| Sending query to 192.12.94.30
3 10/31 10:04:56| Sending query to 192.43.172.30
3 10/31 10:04:57| Query to 192.12.94.30 succeeded.
3 10/31 10:04:57| Starting cached resolve for: auth1.opendns.com., query A
3 10/31 10:04:57| Record found in cache for auth1.opendns.com.
3 10/31 10:04:57| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
3 10/31 10:04:57| Using cached record.
3 10/31 10:04:57| Starting cached resolve for: auth2.opendns.com., query A
3 10/31 10:04:57| Record found in cache for auth2.opendns.com.
3 10/31 10:04:57| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
3 10/31 10:04:57| Using cached record.
3 10/31 10:04:57| Starting cached resolve for: auth3.opendns.com., query A
3 10/31 10:04:57| Record found in cache for auth3.opendns.com.
3 10/31 10:04:57| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
3 10/31 10:04:57| Using cached record.
3 10/31 10:04:57| Starting cached resolve for: google.navigation.opendns.com., query A
3 10/31 10:04:57| Record found in cache for google.navigation.opendns.com.
3 10/31 10:04:57| Requery decision: dflags=0, cflags=0, req=0, neg=0, timed=1, timestamp=0
3 10/31 10:04:57| Trying name servers.
3 10/31 10:04:57| Sending query to 208.69.39.2
3 10/31 10:04:57| Sending query to 38.99.20.68
3 10/31 10:04:57| Query to 208.69.39.2 succeeded.
3 10/31 10:04:57| Outbound msg len 242, tc=0, rc="no error"
3 10/31 10:04:57| Answering to: 127.0.0.1, source address: 127.0.0.1

Tortanick 10-31-2008 04:50 AM
And using dig (I restarted pdnsd and empted the cache)

Code:
dig @127.0.0.1 www.google.co.uk

; <<>> DiG 9.5.0-P2 <<>> @127.0.0.1 www.google.co.uk
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13749
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.co.uk.              IN      A

;; ANSWER SECTION:
www.google.co.uk.      345600  IN      CNAME  www.google.com.
www.google.com.        604800  IN      CNAME  www.l.google.com.
www.l.google.com.      900    IN      A      74.125.79.103
www.l.google.com.      900    IN      A      74.125.79.99
www.l.google.com.      900    IN      A      74.125.79.147
www.l.google.com.      900    IN      A      74.125.79.104

;; Query time: 512 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 31 09:46:07 2008
;; MSG SIZE  rcvd: 146
Code:
* 10/31 09:46:04| pdnsd: info: pdnsd-1.2.6-par starting.
- 10/31 09:46:04| Debug messages activated
- 10/31 09:46:04| Using IPv4.
- 10/31 09:46:04| performing uptest (type=ping) for 208.67.222.222
- 10/31 09:46:04| All threads started successfully.
- 10/31 09:46:04| result of uptest for 208.67.222.222: OK
- 10/31 09:46:04| performing uptest (type=ping) for 208.67.220.220
- 10/31 09:46:04| result of uptest for 208.67.220.220: OK
- 10/31 09:46:04| performing uptest (type=query) for 198.41.0.4
- 10/31 09:46:04| Status socket query pending.
- 10/31 09:46:04| Received STATUS query.
- 10/31 09:46:04| Server 198.41.0.4 returned error code: query format error
- 10/31 09:46:04| result of uptest for 198.41.0.4: OK
- 10/31 09:46:04| performing uptest (type=query) for 192.228.79.201
- 10/31 09:46:04| Status socket query pending.
- 10/31 09:46:04| Received STATUS query.
- 10/31 09:46:04| Server 192.228.79.201 returned error code: query format error
- 10/31 09:46:04| result of uptest for 192.228.79.201: OK
- 10/31 09:46:04| performing uptest (type=query) for 192.33.4.12
- 10/31 09:46:04| Server 192.33.4.12 returned error code: query format error
- 10/31 09:46:04| result of uptest for 192.33.4.12: OK
- 10/31 09:46:04| performing uptest (type=query) for 128.8.10.90
- 10/31 09:46:04| Server 128.8.10.90 returned error code: query format error
- 10/31 09:46:04| result of uptest for 128.8.10.90: OK
- 10/31 09:46:04| performing uptest (type=query) for 192.203.230.10
- 10/31 09:46:04| Server 192.203.230.10 returned error code: query format error
- 10/31 09:46:04| result of uptest for 192.203.230.10: OK
- 10/31 09:46:04| performing uptest (type=query) for 192.5.5.241
- 10/31 09:46:05| Server 192.5.5.241 returned error code: query format error
- 10/31 09:46:05| result of uptest for 192.5.5.241: OK
- 10/31 09:46:05| performing uptest (type=query) for 192.112.36.4
- 10/31 09:46:05| Server 192.112.36.4 returned error code: query format error
- 10/31 09:46:05| result of uptest for 192.112.36.4: OK
- 10/31 09:46:05| performing uptest (type=query) for 128.63.2.53
- 10/31 09:46:05| Server 128.63.2.53 returned error code: query format error
- 10/31 09:46:05| result of uptest for 128.63.2.53: OK
1 10/31 09:46:07| Received query.
1 10/31 09:46:07| Questions are:
1 10/31 09:46:07|        qc=IN (1), qt=A (1), query="www.google.co.uk."
1 10/31 09:46:07| Starting cached resolve for: www.google.co.uk., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Rejecting answer from server 208.67.222.222 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.230
1 10/31 09:46:07| Marked server 208.67.220.220 up.
1 10/31 09:46:07| Rejecting answer from server 208.67.220.220 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.231
1 10/31 09:46:07| Sending query to 198.41.0.4
1 10/31 09:46:07| Sending query to 192.228.79.201
1 10/31 09:46:07| Marked server 198.41.0.4 up.
1 10/31 09:46:07| Query to 198.41.0.4 succeeded.
1 10/31 09:46:07| Starting cached resolve for: NS2.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS2.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS6.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS6.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS7.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS7.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS1.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS1.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NSA.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NSA.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS5.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS5.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS4.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS4.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NSC.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NSC.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS3.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS3.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NSB.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NSB.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NSD.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NSD.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: www.google.co.uk., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 217.79.164.131
1 10/31 09:46:07| Sending query to 213.248.254.130
1 10/31 09:46:07| Query to 213.248.254.130 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns4.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns2.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns3.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns1.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: www.google.co.uk., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 216.239.38.10
1 10/31 09:46:07| Sending query to 216.239.34.10
1 10/31 09:46:07| Caching type A for domain www.google.co.uk. negative with ttl 900
1 10/31 09:46:07| Record for www.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for a.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for b.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for c.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for d.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for e.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for f.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for g.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Query to 216.239.34.10 succeeded.
1 10/31 09:46:07| Starting cached resolve for: www.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Rejecting answer from server 208.67.222.222 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.230
1 10/31 09:46:07| Marked server 208.67.220.220 up.
1 10/31 09:46:07| Rejecting answer from server 208.67.220.220 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.230
1 10/31 09:46:07| Sending query to 198.41.0.4
1 10/31 09:46:07| Sending query to 192.228.79.201
1 10/31 09:46:07| Marked server 198.41.0.4 up.
1 10/31 09:46:07| Query to 198.41.0.4 succeeded.
1 10/31 09:46:07| Starting cached resolve for: E.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for E.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: L.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for L.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: G.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for G.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: I.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for I.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: J.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for J.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: B.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for B.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: F.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for F.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: H.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for H.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: D.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for D.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: M.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: A.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for A.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: K.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for K.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: C.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for C.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: www.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 192.12.94.30
1 10/31 09:46:07| Sending query to 192.41.162.30
1 10/31 09:46:07| Query to 192.41.162.30 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns1.google.com., query A
1 10/31 09:46:07| Record found in cache for ns1.google.com.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=172795
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: ns2.google.com., query A
1 10/31 09:46:07| Record found in cache for ns2.google.com.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=172795
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: ns3.google.com., query A
1 10/31 09:46:07| Record found in cache for ns3.google.com.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=172795
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: ns4.google.com., query A
1 10/31 09:46:07| Record found in cache for ns4.google.com.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=172795
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: www.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 216.239.32.10
1 10/31 09:46:07| Sending query to 216.239.34.10
1 10/31 09:46:07| Caching type A for domain www.google.com. negative with ttl 900
1 10/31 09:46:07| Query to 216.239.32.10 succeeded.
1 10/31 09:46:07| Starting cached resolve for: www.l.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Not querying root-server 198.41.0.4, using cached information instead.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Outbound msg len 146, tc=0, rc="no error"
1 10/31 09:46:07| Answering to: 127.0.0.1, source address: 127.0.0.1

Tortanick 11-01-2008 04:30 AM
I managed to fix it :) mostly by luck. Setting network.disableIPv6 in iceweasel's about config actually fixed the problem (until I actually want IPv6) anyone have a clue why that would make any diffrence?

unSpawn 11-01-2008 04:36 AM
Yeah, clearly the "google.navigation.opendns.com". I think only the "neg Section" in 'man pdnsd.conf' could help *not* cache the darn thing and move on cleanly. Haven't tried it though.

I actually ditched using OpenDNS a long time ago (for breaking DNS protocol) for other servers. What I did was make me a list of fast-responding servers, group them in three "server" statements and have them listed above the root server config. That allows for enough redundancy for me and resolution remains quick. That needs "par_queries" tweaked, which you haven't AFAIK.

unSpawn 11-01-2008 04:39 AM
Quote:
Originally Posted by Tortanick (Post 3328051)
I managed to fix it :) mostly by luck. Setting network.disableIPv6 in iceweasel's about config actually fixed the problem (until I actually want IPv6) anyone have a clue why that would make any diffrence?
IPv6 shouldn't affect anything (OK, speed because of finding out the proto actually isn't available) unless you actually use it?..

Tortanick 11-01-2008 12:31 PM
No I don't use use IPv6, my ISP dosn't support it yet, normally I blacklist it to stop my machines wasting time trying to use it but I hadn't gotten around to it on this machine (turns out that works just as well as disableing ipv6 lookups in firefox) and I agree it shouldn't change anything but clearly it dose. Now that this problem is solved (sort off) I'm going to file a bug on it.

The neg section dose seem like a good idea, but the problem is already solved. Pity you can't have a per server neg section since that wouldn't block it if a non-opendns server responded with google.navigation.opendns.com but how likely is that to happen :)


All times are GMT -5. The time now is 01:02 PM.