LinuxQuestions.org - [SOLVED] Strange DNS Problems

Page 1 of 2

Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - Strange DNS Problems (https://www.linuxquestions.org/questions/slackware-14/strange-dns-problems-803523/)

rmjohnso

04-22-2010 09:30 AM

Strange DNS Problems

I've been experiencing random a DNS lookup problem that is ongoing (using slackware64-current). Here is what happened last night:

1. Opened Firefox and tried to go to www.cnn.com.
2. Firefox loaded the Washington Post's web site, but the URL said www.cnn.com and the favicon was for CNN.
3. Opened a terminal and ran 'traceroute www.cnn.com' to which it reported that there were two IPs available, so it was picking one.

I've had this happen for other sites. I'm not sure what is causing my DNS cache to get corrupted like this. I have two other laptops on the network running Windows, and this doesn't happen, so I'm pretty sure it isn't ISP or router related. I also tried changing my DNS servers in my router to Google's DNS servers just to check, and I'm still having this problem.

rweaver

04-22-2010 11:04 AM

Are you running bind on the local machine? Have you checked the hosts file? What does your resolv.conf look like? If you manually resolve an address off one of the servers in the resolv.conf file does it work correctly? Has the machine been compromised at anytime that you're aware of? Have you checked to see if there are any well known root kits installed?

rmjohnso

04-22-2010 01:19 PM

I'll check the files tonight and post them on here. In the meantime, I can answer some of the other questions.

1. I'm not running bind.
2. The machine has not been compromised, to my knowledge. I can run a rootkit scan again tonight, but I seriously doubt that is the issue.

rmjohnso

04-22-2010 07:00 PM

I just ran a scan with chkrootkit and rkhunter, and they didn't find anything. Here is a copy of my /etc/resolve.conf file:

Code:

# Generated by dhcpcd from wlan0

# /etc/resolv.conf.head can replace this line

domain wi.rr.com

nameserver 192.168.1.2

nameserver 8.8.8.8

nameserver 8.8.4.4

# /etc/resolv.conf.tail can replace this line

rmjohnso

04-23-2010 05:35 PM

*bump*

Still having this problem...

onebuck

04-23-2010 07:54 PM

Hi,

Quote:

Originally Posted by rmjohnso (Post 3944574)

I just ran a scan with chkrootkit and rkhunter, and they didn't find anything. Here is a copy of my /etc/resolve.conf file:

Code:

# Generated by dhcpcd from wlan0

# /etc/resolv.conf.head can replace this line

domain wi.rr.com <<< is this necessary? Not a valid domain

nameserver 192.168.1.2 <<< Your gateway?

nameserver 8.8.8.8 <<< slow response

nameserver 8.8.4.4 <<< very slow response

# /etc/resolv.conf.tail can replace this line

Quote:

whois 8.8.8.8
Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
8.0.0.0 - 8.255.255.255
Google Incorporated LVLT-GOOGL-1-8-8-8 (NET-8-8-8-0-1)
8.8.8.0 - 8.8.8.255

# ARIN WHOIS database, last updated 2010-04-22 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html

whois 8.8.4.4
Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
8.0.0.0 - 8.255.255.255
Google Incorporated LVLT-GOOGL-1-8-8-4 (NET-8-8-4-0-1)
8.8.4.0 - 8.8.4.255

# ARIN WHOIS database, last updated 2010-04-22 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html

I would try another third level DNS, one or two of these should work;

Quote:

nameserver 4.2.2.1 << Verizon Third level
nameserver 4.2.2.2 << Verizon
nameserver 4.2.2.3 << Verizon
nameserver 208.67.222.222 << OPENDNS
nameserver 4.2.2.4 << Verizon

rmjohnso

04-23-2010 10:24 PM

The wi.rr.com domain is from my ISP. It's a valid domain. As for the DNS servers (8.8.8.8 and 8.8.4.4), those are Google's servers. As I mentioned in my original post, I changed from my ISP's DNS servers to Google's to see if it was a problem with my ISP's DNS servers. 192.168.1.2 is my gateway (wireless router).

onebuck

04-24-2010 08:24 AM

Hi,

Quote:

Originally Posted by rmjohnso (Post 3945969)

Quote:

ping wi.rr.com
PING wi.rr.com (67.215.65.132) 56(84) bytes of data.
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=1 ttl=50 time=66.9 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=2 ttl=50 time=67.1 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=3 ttl=50 time=68.3 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=4 ttl=50 time=67.6 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=5 ttl=50 time=67.9 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_seq=6 ttl=50 time=66.6 ms

No real reason to place 'wi.rr.com' as your local domain. Remove it and see what happens. Place one or two of the Verizon 3rd level. Remove your gateway by placing a # at the front. You can comment out any line that you don't wish to use. Just try and see what happens with just the two Verizon DNS in the '/etc/resolv.conf'. Don't forget to restart the 'inet'. Just a test, no harm.

The Google DNS are slow lately.

Post your ISP DNS. I'll bet one or more of them belong to a 'OPENDNS' IP.

:hattip:

onebuck

04-24-2010 10:15 AM

Hi,

One other thing!

What does your kernel route table show? Post 'route -n'.

rmjohnso

04-25-2010 03:38 PM

Here is the output from 'route -n'. I'll keep playing around with the other suggestions.

Code:

Kernel IP routing table

Destination    Gateway        Genmask        Flags Metric Ref    Use Iface

192.168.1.0    0.0.0.0        255.255.255.0  U    303    0        0 wlan0

127.0.0.0      0.0.0.0        255.0.0.0      U    0      0        0 lo

0.0.0.0        192.168.1.2    0.0.0.0        UG    303    0        0 wlan0

Gerard Lally

04-25-2010 03:50 PM

Do you have a Squid proxy which doubles up as a DNS proxy?

rmjohnso

04-25-2010 06:24 PM

Quote:

Originally Posted by gezley (Post 3947383)

Do you have a Squid proxy which doubles up as a DNS proxy?

No Squid proxy. Just a Linksys wireless router.

rmjohnso

04-25-2010 06:35 PM

Quote:

Originally Posted by onebuck (Post 3946252)

I've played around with modifying the /etc/resolv.conf file, as suggested, but if I ever reboot, wicd must be overriding the file and changing it back.

I went back into the router and removed the Google DNS servers since those seem to be acting up lately. Here is my current /etc/resolv.conf file with my ISP's DNS servers.

Code:

# Generated by dhcpcd from wlan0

# /etc/resolv.conf.head can replace this line

domain wi.rr.com

nameserver 192.168.1.2

nameserver 209.18.47.61

nameserver 209.18.47.62

# /etc/resolv.conf.tail can replace this line

mrclisdue

04-25-2010 08:22 PM

If your dns issues appear to be solved with your modified resolv.conf, then make the file immutable:

Code:

:~ # chattr -i /etc/resolv.conf

It may not get to the root of the problem, but if it works....

cheers,

Richard Cranium

04-25-2010 08:38 PM

Quote:

Originally Posted by rmjohnso (Post 3947526)

I've played around with modifying the /etc/resolv.conf file, as suggested, but if I ever reboot, wicd must be overriding the file and changing it back.

dhcpcd is probably the one changing it back unless you've set the DHCP_KEEPRESOLV[x] variable in rc.inet1.conf to "yes".

All times are GMT -5. The time now is 08:54 AM.

Page 1 of 2

Show 50 post(s) from this thread on one page