LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-30-2008, 10:14 AM   #1
Tortanick
Member
 
Registered: Jul 2006
Distribution: Debian Testing
Posts: 299

Rep: Reputation: 30
pdnsd reject not working properly


I'm trying to use pdnsd's reject statement to stop opendns from serving me its own advert pages, or lieing about google's ip address and it's not working: Through a bit of testing I think the problem is that pdsnd caches an illegitimate cname pointing from google to opendns's address; then when it finds that cname points to a rejected ip address it goes to the next server however rather than trying the original query again pdnsd tries the same illegitimate cname and finds that on this server it points to a non-rejected ip.

The lack of reject statements in the second server is deliberate since the second servers are trusted, ideally they would double check to make sure pdnsd isn't rejecting something they should.

I can think of a few workarounds but I'd rather fix the real problem, besides I am curious as to what I am doing wrong.

my pdnsd.conf
Code:
// Read the pdnsd.conf(5) manpage for an explanation of the options.

/* Note: this file is overriden by automatic config files when
   /etc/default/pdnsd AUTO_MODE is set and that
   /usr/share/pdnsd/pdnsd-$AUTO_MODE.conf exists
 */

global {
	perm_cache=2048;
	cache_dir="/var/cache/pdnsd";
	run_as="pdnsd";
	server_ip = 127.0.0.1;  // Use eth0 here if you want to allow other
				// machines on your network to query pdnsd.
	status_ctl = on;
  	paranoid=on;
//	query_method=tcp_udp;	// pdnsd must be compiled with tcp
				// query support for this to work.
	min_ttl=15m;       // Retain cached entries at least 15 minutes.
	max_ttl=1w;	   // One week.
	timeout=10;        // Global timeout option (10 seconds).
//	debug=on;
        // Don't enable if you don't recurse yourself, can lead to problems
        // delegation_only="com","net";
	linkdown_kluge=off;
}

/* with status_ctl=on and resolvconf installed, this will work out from the box
   this is the recommended setup for mobile machines */
//server {
//    label="resolvconf";
//}

// The servers provided by OpenDNS are fast, but they do not reply with
// NXDOMAIN for non-existant domains, instead they supply you with an
// address of one of their search engines. They also lie about the addresses of 
// of the search engines of google, microsoft and yahoo.
// If you do not like this behaviour the "reject" option may be useful.
server {
	label = "opendns";
	ip = 208.67.222.222, 208.67.220.220;
	reject = 208.69.32.0/24,  // You may need to add additional address ranges
	         208.69.34.0/24,  // here if the addresses of their search engines
	         208.67.219.0/24, // change.
		 208.67.217.0/24;
	reject_policy = fail;     // If you do not provide any alternative server
	                          // sections, like the following root-server
	                          // example, "negate" may be more appropriate here.
	timeout = 4;
	uptest = ping;            // Test availability using ICMP echo requests.
        ping_timeout = 100;       // ping test will time out after 10 seconds.
	interval = 15m;           // Test every 15 minutes.
	preset = off;
	caching=on;
	purge_cache=off;
}

// This section is meant for resolving from root servers.
server {
	label = "root-servers";
	root_server=on;
	ip = 	198.41.0.4
	,	192.228.79.201
	,	192.33.4.12
	,	128.8.10.90
	,	192.203.230.10
	,	192.5.5.241
	,	192.112.36.4
	,	128.63.2.53
//	,	192.36.148.17
//	,	192.58.128.30
//	,	193.0.14.129
//	,	198.32.64.12
//	,	202.12.27.33
	;
	timeout = 5;
	uptest = query;
	interval = 30m;      // Test every half hour.
	ping_timeout = 300;  // 30 seconds.
	purge_cache = off;
	exclude = .localdomain;
	policy = included;
	preset = off;
}


/*
source {
	owner=localhost;
	serve_aliases=on;
	file="/etc/hosts";
}
*/
rr {
	name=localhost;
	reverse=on;
	a=127.0.0.1;
	owner=localhost;
	soa=localhost,root.localhost,42,86400,900,86400,86400;
}

/*
neg {
	name=doubleclick.net;
	types=domain;   // This will also block xxx.doubleclick.net, etc.
}
*/

/*
neg {
	name=bad.server.com;   // Badly behaved server you don't want to connect to.
	types=A,AAAA;
}
*/

/* vim:set ft=c: */
and my resolve.conf
Code:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search localnet
 
Old 10-31-2008, 03:04 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
You set your reject_policy to "fail" which means you explicitly trust the next severs it queries. Setting it to "negate" would block things after the first query but apparently that's not what you're looking for. Could you add an example of an all-out verbose 'dig' query (with pdnsd.debug log lines?) to illustrate your problem? TIA
 
Old 10-31-2008, 04:50 AM   #3
Tortanick
Member
 
Registered: Jul 2006
Distribution: Debian Testing
Posts: 299

Original Poster
Rep: Reputation: 30
Sure, although I found something odd, if I use dig it actually responds correctly, but if I use Iceweasel the show ip extension says i'm on an opendns IP (208.67.219.231) unless I already have the correct address in pdnsd's cache.

pdnsd.debug useing iceweasel
Code:
* 10/31 10:04:50| pdnsd: info: pdnsd-1.2.6-par starting.
- 10/31 10:04:50| Debug messages activated
- 10/31 10:04:50| Using IPv4.
- 10/31 10:04:50| performing uptest (type=ping) for 208.67.222.222
- 10/31 10:04:50| All threads started successfully.
- 10/31 10:04:50| result of uptest for 208.67.222.222: OK
- 10/31 10:04:50| performing uptest (type=ping) for 208.67.220.220
- 10/31 10:04:50| result of uptest for 208.67.220.220: OK
- 10/31 10:04:50| performing uptest (type=query) for 198.41.0.4
- 10/31 10:04:51| Server 198.41.0.4 returned error code: query format error
- 10/31 10:04:51| result of uptest for 198.41.0.4: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.228.79.201
- 10/31 10:04:51| Status socket query pending.
- 10/31 10:04:51| Received STATUS query.
- 10/31 10:04:51| Status socket query pending.
- 10/31 10:04:51| Received STATUS query.
- 10/31 10:04:51| Server 192.228.79.201 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.228.79.201: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.33.4.12
- 10/31 10:04:51| Server 192.33.4.12 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.33.4.12: OK
- 10/31 10:04:51| performing uptest (type=query) for 128.8.10.90
- 10/31 10:04:51| Server 128.8.10.90 returned error code: query format error
- 10/31 10:04:51| result of uptest for 128.8.10.90: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.203.230.10
- 10/31 10:04:51| Server 192.203.230.10 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.203.230.10: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.5.5.241
- 10/31 10:04:51| Server 192.5.5.241 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.5.5.241: OK
- 10/31 10:04:51| performing uptest (type=query) for 192.112.36.4
- 10/31 10:04:51| Server 192.112.36.4 returned error code: query format error
- 10/31 10:04:51| result of uptest for 192.112.36.4: OK
- 10/31 10:04:51| performing uptest (type=query) for 128.63.2.53
- 10/31 10:04:51| Server 128.63.2.53 returned error code: query format error
- 10/31 10:04:51| result of uptest for 128.63.2.53: OK
1 10/31 10:04:56| Received query.
1 10/31 10:04:56| Questions are:
1 10/31 10:04:56| 	qc=IN (1), qt=AAAA (28), query="www.google.co.uk."
1 10/31 10:04:56| Starting cached resolve for: www.google.co.uk., query AAAA
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.67.222.222
1 10/31 10:04:56| Sending query to 208.67.220.220
1 10/31 10:04:56| Marked server 208.67.222.222 up.
1 10/31 10:04:56| Query to 208.67.222.222 succeeded.
1 10/31 10:04:56| Starting cached resolve for: www.google.com., query AAAA
1 10/31 10:04:56| Record found in cache for www.google.com.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=900
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query AAAA
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.67.222.222
1 10/31 10:04:56| Sending query to 208.67.220.220
1 10/31 10:04:56| Marked server 208.67.222.222 up.
1 10/31 10:04:56| Query to 208.67.222.222 succeeded.
1 10/31 10:04:56| No remaining authoritative name servers to try in authority section from 208.67.222.222.
1 10/31 10:04:56| Marked server 208.67.220.220 up.
1 10/31 10:04:56| Query to 208.67.220.220 succeeded.
1 10/31 10:04:56| No remaining authoritative name servers to try in authority section from 208.67.220.220.
1 10/31 10:04:56| Sending query to 198.41.0.4
1 10/31 10:04:56| Sending query to 192.228.79.201
1 10/31 10:04:56| Marked server 198.41.0.4 up.
1 10/31 10:04:56| Query to 198.41.0.4 succeeded.
1 10/31 10:04:56| Starting cached resolve for: E.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for E.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: I.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for I.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: F.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for F.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: H.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for H.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: J.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for J.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: M.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.67.222.222
1 10/31 10:04:56| Sending query to 208.67.220.220
1 10/31 10:04:56| Marked server 208.67.222.222 up.
1 10/31 10:04:56| Query to 208.67.222.222 succeeded.
1 10/31 10:04:56| Starting cached resolve for: C.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for C.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: B.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for B.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: K.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for K.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: D.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for D.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: A.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for A.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: L.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.67.222.222
1 10/31 10:04:56| Sending query to 208.67.220.220
1 10/31 10:04:56| Marked server 208.67.222.222 up.
1 10/31 10:04:56| Query to 208.67.222.222 succeeded.
1 10/31 10:04:56| Starting cached resolve for: G.GTLD-SERVERS.NET., query A
1 10/31 10:04:56| Record found in cache for G.GTLD-SERVERS.NET.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query AAAA
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 192.12.94.30
1 10/31 10:04:56| Sending query to 192.43.172.30
1 10/31 10:04:56| Query to 192.12.94.30 succeeded.
1 10/31 10:04:56| Starting cached resolve for: auth1.opendns.com., query A
1 10/31 10:04:56| Record found in cache for auth1.opendns.com.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: auth2.opendns.com., query A
1 10/31 10:04:56| Record found in cache for auth2.opendns.com.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: auth3.opendns.com., query A
1 10/31 10:04:56| Record found in cache for auth3.opendns.com.
1 10/31 10:04:56| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
1 10/31 10:04:56| Using cached record.
1 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query AAAA
1 10/31 10:04:56| Trying name servers.
1 10/31 10:04:56| Sending query to 208.69.39.2
1 10/31 10:04:56| Sending query to 38.99.20.68
1 10/31 10:04:56| Caching type AAAA for domain google.navigation.opendns.com. negative with ttl 2560
1 10/31 10:04:56| Query to 208.69.39.2 succeeded.
1 10/31 10:04:56| Outbound msg len 155, tc=0, rc="no error"
1 10/31 10:04:56| Answering to: 127.0.0.1, source address: 127.0.0.1
2 10/31 10:04:56| Received query.
2 10/31 10:04:56| Questions are:
2 10/31 10:04:56| 	qc=IN (1), qt=AAAA (28), query="www.google.co.uk."
2 10/31 10:04:56| Starting cached resolve for: www.google.co.uk., query AAAA
2 10/31 10:04:56| Record found in cache for www.google.co.uk.
2 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=344675
2 10/31 10:04:56| Using cached record.
2 10/31 10:04:56| Starting cached resolve for: www.google.com., query AAAA
2 10/31 10:04:56| Record found in cache for www.google.com.
2 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=900
2 10/31 10:04:56| Using cached record.
2 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query AAAA
2 10/31 10:04:56| Record found in cache for google.navigation.opendns.com.
2 10/31 10:04:56| Requery decision: dflags=0, cflags=NEG|AUT|NOP, req=0, neg=1, timed=0, ttl=2560
2 10/31 10:04:56| Using cached record.
2 10/31 10:04:56| Outbound msg len 155, tc=0, rc="no error"
2 10/31 10:04:56| Answering to: 127.0.0.1, source address: 127.0.0.1
3 10/31 10:04:56| Received query.
3 10/31 10:04:56| Questions are:
3 10/31 10:04:56| 	qc=IN (1), qt=A (1), query="www.google.co.uk."
3 10/31 10:04:56| Starting cached resolve for: www.google.co.uk., query A
3 10/31 10:04:56| Record found in cache for www.google.co.uk.
3 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=344675
3 10/31 10:04:56| Using cached record.
3 10/31 10:04:56| Starting cached resolve for: www.google.com., query A
3 10/31 10:04:56| Record found in cache for www.google.com.
3 10/31 10:04:56| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=900
3 10/31 10:04:56| Using cached record.
3 10/31 10:04:56| Starting cached resolve for: google.navigation.opendns.com., query A
3 10/31 10:04:56| Record found in cache for google.navigation.opendns.com.
3 10/31 10:04:56| Requery decision: dflags=0, cflags=0, req=0, neg=0, timed=1, timestamp=0
3 10/31 10:04:56| Trying name servers.
3 10/31 10:04:56| Not querying root-server 198.41.0.4, using cached information instead.
3 10/31 10:04:56| Sending query to 208.67.222.222
3 10/31 10:04:56| Sending query to 208.67.220.220
3 10/31 10:04:56| Marked server 208.67.222.222 up.
3 10/31 10:04:56| Rejecting answer from server 208.67.222.222 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.231
3 10/31 10:04:56| Marked server 208.67.220.220 up.
3 10/31 10:04:56| Rejecting answer from server 208.67.220.220 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.231
3 10/31 10:04:56| Sending query to 192.12.94.30
3 10/31 10:04:56| Sending query to 192.43.172.30
3 10/31 10:04:57| Query to 192.12.94.30 succeeded.
3 10/31 10:04:57| Starting cached resolve for: auth1.opendns.com., query A
3 10/31 10:04:57| Record found in cache for auth1.opendns.com.
3 10/31 10:04:57| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
3 10/31 10:04:57| Using cached record.
3 10/31 10:04:57| Starting cached resolve for: auth2.opendns.com., query A
3 10/31 10:04:57| Record found in cache for auth2.opendns.com.
3 10/31 10:04:57| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
3 10/31 10:04:57| Using cached record.
3 10/31 10:04:57| Starting cached resolve for: auth3.opendns.com., query A
3 10/31 10:04:57| Record found in cache for auth3.opendns.com.
3 10/31 10:04:57| Requery decision: dflags=0, cflags=ADD|NOP, req=0, neg=0, timed=0, ttl=172800
3 10/31 10:04:57| Using cached record.
3 10/31 10:04:57| Starting cached resolve for: google.navigation.opendns.com., query A
3 10/31 10:04:57| Record found in cache for google.navigation.opendns.com.
3 10/31 10:04:57| Requery decision: dflags=0, cflags=0, req=0, neg=0, timed=1, timestamp=0
3 10/31 10:04:57| Trying name servers.
3 10/31 10:04:57| Sending query to 208.69.39.2
3 10/31 10:04:57| Sending query to 38.99.20.68
3 10/31 10:04:57| Query to 208.69.39.2 succeeded.
3 10/31 10:04:57| Outbound msg len 242, tc=0, rc="no error"
3 10/31 10:04:57| Answering to: 127.0.0.1, source address: 127.0.0.1

Last edited by Tortanick; 10-31-2008 at 05:06 AM.
 
Old 10-31-2008, 04:50 AM   #4
Tortanick
Member
 
Registered: Jul 2006
Distribution: Debian Testing
Posts: 299

Original Poster
Rep: Reputation: 30
And using dig (I restarted pdnsd and empted the cache)

Code:
dig @127.0.0.1 www.google.co.uk

; <<>> DiG 9.5.0-P2 <<>> @127.0.0.1 www.google.co.uk
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13749
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.co.uk.              IN      A

;; ANSWER SECTION:
www.google.co.uk.       345600  IN      CNAME   www.google.com.
www.google.com.         604800  IN      CNAME   www.l.google.com.
www.l.google.com.       900     IN      A       74.125.79.103
www.l.google.com.       900     IN      A       74.125.79.99
www.l.google.com.       900     IN      A       74.125.79.147
www.l.google.com.       900     IN      A       74.125.79.104

;; Query time: 512 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 31 09:46:07 2008
;; MSG SIZE  rcvd: 146
Code:
* 10/31 09:46:04| pdnsd: info: pdnsd-1.2.6-par starting.
- 10/31 09:46:04| Debug messages activated
- 10/31 09:46:04| Using IPv4.
- 10/31 09:46:04| performing uptest (type=ping) for 208.67.222.222
- 10/31 09:46:04| All threads started successfully.
- 10/31 09:46:04| result of uptest for 208.67.222.222: OK
- 10/31 09:46:04| performing uptest (type=ping) for 208.67.220.220
- 10/31 09:46:04| result of uptest for 208.67.220.220: OK
- 10/31 09:46:04| performing uptest (type=query) for 198.41.0.4
- 10/31 09:46:04| Status socket query pending.
- 10/31 09:46:04| Received STATUS query.
- 10/31 09:46:04| Server 198.41.0.4 returned error code: query format error
- 10/31 09:46:04| result of uptest for 198.41.0.4: OK
- 10/31 09:46:04| performing uptest (type=query) for 192.228.79.201
- 10/31 09:46:04| Status socket query pending.
- 10/31 09:46:04| Received STATUS query.
- 10/31 09:46:04| Server 192.228.79.201 returned error code: query format error
- 10/31 09:46:04| result of uptest for 192.228.79.201: OK
- 10/31 09:46:04| performing uptest (type=query) for 192.33.4.12
- 10/31 09:46:04| Server 192.33.4.12 returned error code: query format error
- 10/31 09:46:04| result of uptest for 192.33.4.12: OK
- 10/31 09:46:04| performing uptest (type=query) for 128.8.10.90
- 10/31 09:46:04| Server 128.8.10.90 returned error code: query format error
- 10/31 09:46:04| result of uptest for 128.8.10.90: OK
- 10/31 09:46:04| performing uptest (type=query) for 192.203.230.10
- 10/31 09:46:04| Server 192.203.230.10 returned error code: query format error
- 10/31 09:46:04| result of uptest for 192.203.230.10: OK
- 10/31 09:46:04| performing uptest (type=query) for 192.5.5.241
- 10/31 09:46:05| Server 192.5.5.241 returned error code: query format error
- 10/31 09:46:05| result of uptest for 192.5.5.241: OK
- 10/31 09:46:05| performing uptest (type=query) for 192.112.36.4
- 10/31 09:46:05| Server 192.112.36.4 returned error code: query format error
- 10/31 09:46:05| result of uptest for 192.112.36.4: OK
- 10/31 09:46:05| performing uptest (type=query) for 128.63.2.53
- 10/31 09:46:05| Server 128.63.2.53 returned error code: query format error
- 10/31 09:46:05| result of uptest for 128.63.2.53: OK
1 10/31 09:46:07| Received query.
1 10/31 09:46:07| Questions are:
1 10/31 09:46:07| 	qc=IN (1), qt=A (1), query="www.google.co.uk."
1 10/31 09:46:07| Starting cached resolve for: www.google.co.uk., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Rejecting answer from server 208.67.222.222 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.230
1 10/31 09:46:07| Marked server 208.67.220.220 up.
1 10/31 09:46:07| Rejecting answer from server 208.67.220.220 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.231
1 10/31 09:46:07| Sending query to 198.41.0.4
1 10/31 09:46:07| Sending query to 192.228.79.201
1 10/31 09:46:07| Marked server 198.41.0.4 up.
1 10/31 09:46:07| Query to 198.41.0.4 succeeded.
1 10/31 09:46:07| Starting cached resolve for: NS2.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS2.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS6.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS6.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS7.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS7.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS1.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS1.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NSA.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NSA.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS5.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS5.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS4.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS4.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NSC.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NSC.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NS3.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NS3.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NSB.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NSB.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: NSD.NIC.uk., query A
1 10/31 09:46:07| Record found in cache for NSD.NIC.uk.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: www.google.co.uk., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 217.79.164.131
1 10/31 09:46:07| Sending query to 213.248.254.130
1 10/31 09:46:07| Query to 213.248.254.130 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns4.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns2.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns3.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns1.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: www.google.co.uk., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 216.239.38.10
1 10/31 09:46:07| Sending query to 216.239.34.10
1 10/31 09:46:07| Caching type A for domain www.google.co.uk. negative with ttl 900
1 10/31 09:46:07| Record for www.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for a.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for b.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for c.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for d.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for e.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for f.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Record for g.l.google.com. not in nsdomain google.co.uk.; dropped.
1 10/31 09:46:07| Query to 216.239.34.10 succeeded.
1 10/31 09:46:07| Starting cached resolve for: www.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Rejecting answer from server 208.67.222.222 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.230
1 10/31 09:46:07| Marked server 208.67.220.220 up.
1 10/31 09:46:07| Rejecting answer from server 208.67.220.220 because it contains an A record for "google.navigation.opendns.com." with an address in the reject list: 208.69.34.230
1 10/31 09:46:07| Sending query to 198.41.0.4
1 10/31 09:46:07| Sending query to 192.228.79.201
1 10/31 09:46:07| Marked server 198.41.0.4 up.
1 10/31 09:46:07| Query to 198.41.0.4 succeeded.
1 10/31 09:46:07| Starting cached resolve for: E.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for E.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: L.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for L.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: G.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for G.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: I.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for I.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: J.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for J.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: B.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for B.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: F.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for F.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: H.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for H.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: D.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for D.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: M.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Starting cached resolve for: A.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for A.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: K.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for K.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: C.GTLD-SERVERS.NET., query A
1 10/31 09:46:07| Record found in cache for C.GTLD-SERVERS.NET.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=ADD|NOP|RTS, req=0, neg=0, timed=0, ttl=172800
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: www.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 192.12.94.30
1 10/31 09:46:07| Sending query to 192.41.162.30
1 10/31 09:46:07| Query to 192.41.162.30 succeeded.
1 10/31 09:46:07| Starting cached resolve for: ns1.google.com., query A
1 10/31 09:46:07| Record found in cache for ns1.google.com.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=172795
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: ns2.google.com., query A
1 10/31 09:46:07| Record found in cache for ns2.google.com.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=172795
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: ns3.google.com., query A
1 10/31 09:46:07| Record found in cache for ns3.google.com.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=172795
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: ns4.google.com., query A
1 10/31 09:46:07| Record found in cache for ns4.google.com.
1 10/31 09:46:07| Requery decision: dflags=0, cflags=NOP, req=0, neg=0, timed=0, ttl=172795
1 10/31 09:46:07| Using cached record.
1 10/31 09:46:07| Starting cached resolve for: www.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Sending query to 216.239.32.10
1 10/31 09:46:07| Sending query to 216.239.34.10
1 10/31 09:46:07| Caching type A for domain www.google.com. negative with ttl 900
1 10/31 09:46:07| Query to 216.239.32.10 succeeded.
1 10/31 09:46:07| Starting cached resolve for: www.l.google.com., query A
1 10/31 09:46:07| Trying name servers.
1 10/31 09:46:07| Not querying root-server 198.41.0.4, using cached information instead.
1 10/31 09:46:07| Sending query to 208.67.222.222
1 10/31 09:46:07| Sending query to 208.67.220.220
1 10/31 09:46:07| Marked server 208.67.222.222 up.
1 10/31 09:46:07| Query to 208.67.222.222 succeeded.
1 10/31 09:46:07| Outbound msg len 146, tc=0, rc="no error"
1 10/31 09:46:07| Answering to: 127.0.0.1, source address: 127.0.0.1
 
Old 11-01-2008, 04:30 AM   #5
Tortanick
Member
 
Registered: Jul 2006
Distribution: Debian Testing
Posts: 299

Original Poster
Rep: Reputation: 30
I managed to fix it mostly by luck. Setting network.disableIPv6 in iceweasel's about config actually fixed the problem (until I actually want IPv6) anyone have a clue why that would make any diffrence?
 
Old 11-01-2008, 04:36 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Yeah, clearly the "google.navigation.opendns.com". I think only the "neg Section" in 'man pdnsd.conf' could help *not* cache the darn thing and move on cleanly. Haven't tried it though.

I actually ditched using OpenDNS a long time ago (for breaking DNS protocol) for other servers. What I did was make me a list of fast-responding servers, group them in three "server" statements and have them listed above the root server config. That allows for enough redundancy for me and resolution remains quick. That needs "par_queries" tweaked, which you haven't AFAIK.
 
Old 11-01-2008, 04:39 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by Tortanick View Post
I managed to fix it mostly by luck. Setting network.disableIPv6 in iceweasel's about config actually fixed the problem (until I actually want IPv6) anyone have a clue why that would make any diffrence?
IPv6 shouldn't affect anything (OK, speed because of finding out the proto actually isn't available) unless you actually use it?..
 
Old 11-01-2008, 12:31 PM   #8
Tortanick
Member
 
Registered: Jul 2006
Distribution: Debian Testing
Posts: 299

Original Poster
Rep: Reputation: 30
No I don't use use IPv6, my ISP dosn't support it yet, normally I blacklist it to stop my machines wasting time trying to use it but I hadn't gotten around to it on this machine (turns out that works just as well as disableing ipv6 lookups in firefox) and I agree it shouldn't change anything but clearly it dose. Now that this problem is solved (sort off) I'm going to file a bug on it.

The neg section dose seem like a good idea, but the problem is already solved. Pity you can't have a per server neg section since that wouldn't block it if a non-opendns server responded with google.navigation.opendns.com but how likely is that to happen
 
  


Reply

Tags
dns


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Applying SE Linux to Pdnsd: create a working policy in 5 minutes. unSpawn Linux - Security 2 08-21-2008 04:27 PM
pdnsd config issues BashTin Linux - Networking 16 12-04-2007 01:04 AM
how to install pdnsd on SuSE 10 sunilvadranapu Linux - Software 0 11-25-2007 11:33 PM
pdnsd insane memory usage Moloko Debian 1 10-07-2005 04:34 PM
pdnsd as a lan cache jhp Linux - Networking 1 03-01-2005 03:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration