LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 04-22-2010, 09:30 AM   #1
rmjohnso
Member
 
Registered: Mar 2006
Location: Wisconsin
Distribution: Slackware64-Current
Posts: 294

Rep: Reputation: 43
Strange DNS Problems


I've been experiencing random a DNS lookup problem that is ongoing (using slackware64-current). Here is what happened last night:

1. Opened Firefox and tried to go to www.cnn.com.
2. Firefox loaded the Washington Post's web site, but the URL said www.cnn.com and the favicon was for CNN.
3. Opened a terminal and ran 'traceroute www.cnn.com' to which it reported that there were two IPs available, so it was picking one.

I've had this happen for other sites. I'm not sure what is causing my DNS cache to get corrupted like this. I have two other laptops on the network running Windows, and this doesn't happen, so I'm pretty sure it isn't ISP or router related. I also tried changing my DNS servers in my router to Google's DNS servers just to check, and I'm still having this problem.
 
Old 04-22-2010, 11:04 AM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Are you running bind on the local machine? Have you checked the hosts file? What does your resolv.conf look like? If you manually resolve an address off one of the servers in the resolv.conf file does it work correctly? Has the machine been compromised at anytime that you're aware of? Have you checked to see if there are any well known root kits installed?
 
Old 04-22-2010, 01:19 PM   #3
rmjohnso
Member
 
Registered: Mar 2006
Location: Wisconsin
Distribution: Slackware64-Current
Posts: 294

Original Poster
Rep: Reputation: 43
I'll check the files tonight and post them on here. In the meantime, I can answer some of the other questions.

1. I'm not running bind.
2. The machine has not been compromised, to my knowledge. I can run a rootkit scan again tonight, but I seriously doubt that is the issue.
 
Old 04-22-2010, 07:00 PM   #4
rmjohnso
Member
 
Registered: Mar 2006
Location: Wisconsin
Distribution: Slackware64-Current
Posts: 294

Original Poster
Rep: Reputation: 43
I just ran a scan with chkrootkit and rkhunter, and they didn't find anything. Here is a copy of my /etc/resolve.conf file:

Code:
# Generated by dhcpcd from wlan0
# /etc/resolv.conf.head can replace this line
domain wi.rr.com
nameserver 192.168.1.2
nameserver 8.8.8.8
nameserver 8.8.4.4
# /etc/resolv.conf.tail can replace this line
 
Old 04-23-2010, 05:35 PM   #5
rmjohnso
Member
 
Registered: Mar 2006
Location: Wisconsin
Distribution: Slackware64-Current
Posts: 294

Original Poster
Rep: Reputation: 43
*bump*

Still having this problem...
 
Old 04-23-2010, 07:54 PM   #6
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 10,888
Blog Entries: 1

Rep: Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307
Hi,

Quote:
Originally Posted by rmjohnso View Post
I just ran a scan with chkrootkit and rkhunter, and they didn't find anything. Here is a copy of my /etc/resolve.conf file:

Code:
# Generated by dhcpcd from wlan0
# /etc/resolv.conf.head can replace this line
domain wi.rr.com <<< is this necessary? Not a valid domain
nameserver 192.168.1.2 <<< Your gateway?
nameserver 8.8.8.8 <<< slow response
nameserver 8.8.4.4 <<< very slow response
# /etc/resolv.conf.tail can replace this line
Quote:
whois 8.8.8.8
Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
8.0.0.0 - 8.255.255.255
Google Incorporated LVLT-GOOGL-1-8-8-8 (NET-8-8-8-0-1)
8.8.8.0 - 8.8.8.255

# ARIN WHOIS database, last updated 2010-04-22 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html

whois 8.8.4.4
Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
8.0.0.0 - 8.255.255.255
Google Incorporated LVLT-GOOGL-1-8-8-4 (NET-8-8-4-0-1)
8.8.4.0 - 8.8.4.255

# ARIN WHOIS database, last updated 2010-04-22 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
I would try another third level DNS, one or two of these should work;

Quote:
nameserver 4.2.2.1 << Verizon Third level
nameserver 4.2.2.2 << Verizon
nameserver 4.2.2.3 << Verizon
nameserver 208.67.222.222 << OPENDNS
nameserver 4.2.2.4 << Verizon
 
Old 04-23-2010, 10:24 PM   #7
rmjohnso
Member
 
Registered: Mar 2006
Location: Wisconsin
Distribution: Slackware64-Current
Posts: 294

Original Poster
Rep: Reputation: 43
The wi.rr.com domain is from my ISP. It's a valid domain. As for the DNS servers (8.8.8.8 and 8.8.4.4), those are Google's servers. As I mentioned in my original post, I changed from my ISP's DNS servers to Google's to see if it was a problem with my ISP's DNS servers. 192.168.1.2 is my gateway (wireless router).
 
Old 04-24-2010, 08:24 AM   #8
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 10,888
Blog Entries: 1

Rep: Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307
Hi,

Quote:
Originally Posted by rmjohnso View Post
The wi.rr.com domain is from my ISP. It's a valid domain. As for the DNS servers (8.8.8.8 and 8.8.4.4), those are Google's servers. As I mentioned in my original post, I changed from my ISP's DNS servers to Google's to see if it was a problem with my ISP's DNS servers. 192.168.1.2 is my gateway (wireless router).
Quote:
ping wi.rr.com
PING wi.rr.com (67.215.65.132) 56(84) bytes of data.
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=1 ttl=50 time=66.9 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=2 ttl=50 time=67.1 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=3 ttl=50 time=68.3 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=4 ttl=50 time=67.6 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=5 ttl=50 time=67.9 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=6 ttl=50 time=66.6 ms
No real reason to place 'wi.rr.com' as your local domain. Remove it and see what happens. Place one or two of the Verizon 3rd level. Remove your gateway by placing a # at the front. You can comment out any line that you don't wish to use. Just try and see what happens with just the two Verizon DNS in the '/etc/resolv.conf'. Don't forget to restart the 'inet'. Just a test, no harm.

The Google DNS are slow lately.

Post your ISP DNS. I'll bet one or more of them belong to a 'OPENDNS' IP.

 
Old 04-24-2010, 10:15 AM   #9
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 10,888
Blog Entries: 1

Rep: Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307Reputation: 1307
Hi,

One other thing!

What does your kernel route table show? Post 'route -n'.
 
Old 04-25-2010, 03:38 PM   #10
rmjohnso
Member
 
Registered: Mar 2006
Location: Wisconsin
Distribution: Slackware64-Current
Posts: 294

Original Poster
Rep: Reputation: 43
Here is the output from 'route -n'. I'll keep playing around with the other suggestions.

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     303    0        0 wlan0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.1.2     0.0.0.0         UG    303    0        0 wlan0
 
Old 04-25-2010, 03:50 PM   #11
gezley
Member
 
Registered: Sep 2009
Location: Ireland
Distribution: Slackware64, NetBSD
Posts: 474

Rep: Reputation: 200Reputation: 200Reputation: 200
Do you have a Squid proxy which doubles up as a DNS proxy?
 
Old 04-25-2010, 06:24 PM   #12
rmjohnso
Member
 
Registered: Mar 2006
Location: Wisconsin
Distribution: Slackware64-Current
Posts: 294

Original Poster
Rep: Reputation: 43
Quote:
Originally Posted by gezley View Post
Do you have a Squid proxy which doubles up as a DNS proxy?
No Squid proxy. Just a Linksys wireless router.
 
Old 04-25-2010, 06:35 PM   #13
rmjohnso
Member
 
Registered: Mar 2006
Location: Wisconsin
Distribution: Slackware64-Current
Posts: 294

Original Poster
Rep: Reputation: 43
Quote:
Originally Posted by onebuck View Post
No real reason to place 'wi.rr.com' as your local domain. Remove it and see what happens. Place one or two of the Verizon 3rd level. Remove your gateway by placing a # at the front. You can comment out any line that you don't wish to use. Just try and see what happens with just the two Verizon DNS in the '/etc/resolv.conf'. Don't forget to restart the 'inet'. Just a test, no harm.
I've played around with modifying the /etc/resolv.conf file, as suggested, but if I ever reboot, wicd must be overriding the file and changing it back.

I went back into the router and removed the Google DNS servers since those seem to be acting up lately. Here is my current /etc/resolv.conf file with my ISP's DNS servers.

Code:
# Generated by dhcpcd from wlan0
# /etc/resolv.conf.head can replace this line
domain wi.rr.com
nameserver 192.168.1.2
nameserver 209.18.47.61
nameserver 209.18.47.62
# /etc/resolv.conf.tail can replace this line
 
Old 04-25-2010, 08:22 PM   #14
mrclisdue
Senior Member
 
Registered: Dec 2005
Distribution: Slackware -current, 14.1
Posts: 1,019

Rep: Reputation: 157Reputation: 157
If your dns issues appear to be solved with your modified resolv.conf, then make the file immutable:

Code:
 :~ # chattr -i /etc/resolv.conf
It may not get to the root of the problem, but if it works....

cheers,
 
Old 04-25-2010, 08:38 PM   #15
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.1
Posts: 1,320

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by rmjohnso View Post
I've played around with modifying the /etc/resolv.conf file, as suggested, but if I ever reboot, wicd must be overriding the file and changing it back.
dhcpcd is probably the one changing it back unless you've set the DHCP_KEEPRESOLV[x] variable in rc.inet1.conf to "yes".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange DNS problem or ... ? skylimit123 Linux - Server 2 02-05-2010 06:09 AM
Strange DNS replies. jimdaworm Linux - Networking 2 02-04-2009 04:31 AM
Really strange DNS problems... FlyingMoose Linux - Networking 8 09-03-2007 07:32 PM
strange DNS vadirajcs Linux - Wireless Networking 3 07-27-2006 06:03 AM
Strange DNS problem ~=gr3p=~ Linux - Networking 1 12-23-2005 11:29 PM


All times are GMT -5. The time now is 02:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration