Go Back   The macosxhints Forums > OS X Help Requests > Networking



Reply
 
Thread Tools Rating: Thread Rating: 13 votes, 5.00 average. Display Modes
Old 08-07-2003, 09:15 AM   #1
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
Strange DNS lookup problems

I experience strange DNS lookup failures with my 10.2.6 box.

I've set up a Debian Linux box as our router/firewall. Before that we had a hardware router/firewall with which I had no problems.

The problem is sometimes a domain works, sometimes I get an immediate "server not found". The same domains work from all of our windows boxes using the same router and the same name servers. So this can't be an issue with the linux box, right?
If I do a manual domain lookup there's no problem and I can reach the hosts via their IP adresses. It doesn't matter which browser I use, and the same things happen with Mail and Sherlock. I really have no explanation for this bahaviour. Maybe someone else has?
olealf is offline   Reply With Quote
Old 08-07-2003, 09:33 AM   #2
atomictuesday
Triple-A Player
 
Join Date: Apr 2003
Location: /dev/bpf1
Posts: 220
Why don't you try doing a dump on the network when such an event occurs. Maybe you can determine what is happening from looking at the actual communication with the boot server. What configuration are you using, DHCP or static IP? Does this problem occur momentarily or does it last? Could it be a problem with the browser? If you are using IE, try using Safari to see if the same behaviour is experienced.
AtomicTuesday
__________________
The True Master is the One Who
Never Stops Learning.
atomictuesday is offline   Reply With Quote
Old 08-07-2003, 10:20 AM   #3
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
You mean tcpdump? I tried to but I think I don't have enough geek genes to really understand that. You might ask why I try to setup a firewall then, but hey, everyone has to start somewhere.

We use static IP adresses. 192.168.1.0/24.

The problem lasts, but it's always different. Sometimes I can't connect to e.g. macosxhints.com while I can connect to versiontracker.com. Sometimes it's the exact opposite. Or I can open all my Mac links in tabs and they all work. I try this with all my Linux links and 75% of them don't work. Then again, let's say ten minutes later, it's the other way round (is that correct english?).

It doesn't matter which browser I use. Normally I use Safari but I also tried Mozilla, Explorer, OmniWeb, Opera. And as I said, it also happens in Mail and Sherlock.

Maybe this is something for a linux forum?
olealf is offline   Reply With Quote
Old 08-07-2003, 10:36 AM   #4
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,473
dnstracer

You could try the 'dnstracer' utility, which is available via fink. Using it, especially with the "-v" option, might tell you what is happening when the DNS is failing.

It sounds to me like certain DNS queries are not getting past your Linux router for some reason.
hayne is offline   Reply With Quote
Old 08-07-2003, 11:09 AM   #5
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
I tried dnstracer but it gives me nothing but stars. Am I a complete idiot?

What I can understand from tcpdump is that the name server gets queried and I get an answer. But that's all I can understand.

Quote:
It sounds to me like certain DNS queries are not getting past your Linux router for some reason.

Sounds the same to me, but why are they getting through from our windows boxes? How do the DNS queries differ when made from a windows box? I hate things working on our windows boxes not working on our Macs.
olealf is offline   Reply With Quote
Old 08-07-2003, 11:42 AM   #6
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,473
Quote:
Originally posted by olealf
I tried dnstracer but it gives me nothing but stars.

I don't know why it would do that but it might be an indication of failure. Does that happen all the time or only when your Mac is having DNS problems?

Here's what it gives on my system:
Code:
% dnstracer www.macosxhints.com
Tracing to www.macosxhints.com via 206.47.244.79, timeout 15 seconds
206.47.244.79 (206.47.244.79) Got answer 
 |\___ ns2.amigo-3.com [macosxhints.com] (207.44.210.197) Got authoritative answer 
  \___ ns.amigo-3.com [macosxhints.com] (207.44.210.196) Got authoritative answer
Quote:
why are they getting through from our windows boxes? How do the DNS queries differ when made from a windows box?

First off, are you sure that your Windows boxes aren't just using previously cached results from the DNS server?

Try doing a 'traceroute' to your DNS server to see if the basic nectwork connectivity is there. (You siad that you see a reponse from the DNS server whne using tcpdump, so it seems like this is not the issue, but mybe worth doing anyway.)

Try doing 'nslookup www.macosxhints.com' (or whatever other machine you are having trouble in getting DNS lookup for)
Try the same thing from your Window boxes (nslookup should exist on Windows NT & XP, for others you may have to download it)
hayne is offline   Reply With Quote
Old 08-07-2003, 12:38 PM   #7
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
Quote:
Does that happen all the time or only when your Mac is having DNS problems?

This happens all the time and it doesn't matter if I try a host that's currently working or one which doesn't.
Also the problems are there all the time but always with different hosts.
I tried dnstracer on my Mac as well as on the firewall itself. Both with the same results. So I think the firewall is blocking some outgoing traffic that prevents dnstracer from working. I'll try to figure out what that is.
Quote:
First off, are you sure that your Windows boxes aren't just using previously cached results from the DNS server?

I'm quite sure, since I tried this mostly with mac related sites of which I know the windows user is surfing to.

I'll try the suggested nslookups and traceroutes tomorrow because I'm not at work anymore now .

Thanks for your help.
olealf is offline   Reply With Quote
Old 08-07-2003, 01:32 PM   #8
yellow
Moderator
 
Join Date: Jan 2002
Posts: 10,677
Make sure the firewall is configured to allow UDP 53 from the DNS servers to pass..
yellow is offline   Reply With Quote
Old 08-07-2003, 07:40 PM   #9
atomictuesday
Triple-A Player
 
Join Date: Apr 2003
Location: /dev/bpf1
Posts: 220
olealf, are you saying that this behaviour is experienced in a single machine, while the other macs do not? I suggested doing a dump on the network since it could help us in determining what is going on. You can most probably get a free packet sniffer for windows from versiontracker.com. With it do a dump on the windows machine interface. Bring the output here. As well, do a dump for a mac which is experiencing the said behaviour, and bring that here also. Then we can examine what is happening. DNS is really composed of very few steps. The machine making the request, and the DNS server responding to the request. Of course, that DNS server may need to make its own requests to a higher level DNS server when it does not have a specific URL in its database. Maybe the errors are occuring at this stage.
Tuesday
__________________
The True Master is the One Who
Never Stops Learning.
atomictuesday is offline   Reply With Quote
Old 08-08-2003, 07:21 AM   #10
dgovoni
Prospect
 
Join Date: May 2003
Posts: 47
My suggestion is to try and debug this from the linux box and capture the inbound traffic from the mac and the outbound traffic on the internet side.

See: http://www.linuxjournal.com/article.php?sid=6446

for a pretty good explanation of how to use tcpdump. It's best to filter the traffic for that host only so:

tcpdump -i <your LAN Interface> -nn host <IP address of MAC> and port 53 -w mac.log


tcpdump -i <your ISP interface on Linux>> -nn host <IP address of MAC> and port 53 -w ISP.log


Note the filtering on host and port. If you don't see much, then remove the port filter. Also, 2 log files are written, one for each interface on the linux box. Name doesn't matter as long as unique and identifiable.

If you can put a pointer to these files via web, some of us can look at them to see if there are any clues.

network issues like this are nearly impossible to debug without adequate data and we end up guessing. remember Gene Krantz's statement to flight controllers when Apollo 13 had that explosion: "Work the problem people... don't make it worse by guessing"....
dgovoni is offline   Reply With Quote
Old 08-08-2003, 07:24 AM   #11
dgovoni
Prospect
 
Join Date: May 2003
Posts: 47
I just remembered. If you have NAT enabled, the IP address on the outbound side will not be the Mac's, so just filter on port 53.

sorry for the confusion.
dgovoni is offline   Reply With Quote
Old 08-08-2003, 07:41 AM   #12
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
Did I say this is strange? I came to work today and the problem seems to have disappeared . So I cannnot recreate the problem anymore. All hosts seem to work.
I had this problem for four days now and I didn't change any configuration on both machines neither yesterday nor today. I didn't even reboot. Maybe posting here cures things magically?
Anyway for this afternoon we hired a Linux geek. Maybe he can tell what's going on. I'll post here what he finds out.
Also I'll do the tcpdumps as soon as the problem reappears.

Quote:
Make sure the firewall is configured to allow UDP 53 from the DNS servers to pass..

If this wasn't the case, wouldn't that mean that all DNS queries fail?
olealf is offline   Reply With Quote
Old 08-08-2003, 07:45 AM   #13
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
dgovoni, I posted my reply before reading yours.
Quote:
sorry for the confusion.

No problem, I think I can't be more confused than I am already.
olealf is offline   Reply With Quote
Old 08-08-2003, 07:47 AM   #14
yellow
Moderator
 
Join Date: Jan 2002
Posts: 10,677
Quote:
Originally posted by olealf
If this wasn't the case, wouldn't that mean that all DNS queries fail?

They should yes, but if your firewall is flaky or your rulesets poor, possibly not. It could be that your primary/secondary DNS were flaky, & someone finally noticed & restarted bind (or the machine).
yellow is offline   Reply With Quote
Old 08-08-2003, 07:54 AM   #15
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
Quote:
It could be that your primary/secondary DNS were flaky, & someone finally noticed & restarted bind (or the machine).

Ah, now that you said that, I remember two weeks ago our provider's DNS had serious problems. They said they were solved, but...
olealf is offline   Reply With Quote
Old 08-08-2003, 08:02 AM   #16
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
Okay, it's back again. I just could do a tcpdump while I couldn't reach www.oreillynet.com.
Here's what it gives me on my Mac:
Quote:
13:57:38.246076 192.168.1.13.49270 > sun1.kkf.net.domain: 33159+ A? www.oreillynet.com. (36)
13:57:38.258917 sun1.kkf.net.domain > 192.168.1.13.49270: 33159- 0/13/0 (260) (DF)
13:57:38.290972 192.168.1.13.49270 > sun1.kkf.net.domain: 23957+ A? www.oreillynet.com. (36)
13:57:38.298101 sun1.kkf.net.domain > 192.168.1.13.49270: 23957- 0/13/0 (260) (DF)
13:57:38.298430 192.168.1.13.49270 > sun1.kkf.net.domain: 31811+ AAAA? www.oreillynet.com. (36)
13:57:38.308265 sun1.kkf.net.domain > 192.168.1.13.49270: 31811- 0/13/0 (260) (DF)
13:57:39.047869 192.168.1.13.49270 > sun1.kkf.net.domain: 60934+ PTR? 13.1.168.192.in-addr.arpa. (43)
13:57:39.057256 sun1.kkf.net.domain > 192.168.1.13.49270: 60934- 0/2/2 (135) (DF)

Bad thing is I can't do it on one of our windows boxes right now, cause these machines are used by my boss. He's not here right now, so I can't just install something on one of his boxes while he's away...
olealf is offline   Reply With Quote
Old 08-08-2003, 08:05 AM   #17
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
Another one with www.deskmod.com:
Quote:
14:03:46.236434 192.168.1.13.49270 > sun1.kkf.net.domain: 41802+ A? www.deskmod.com. (33)
14:03:46.248653 sun1.kkf.net.domain > 192.168.1.13.49270: 41802- 0/13/0 (257) (DF)
14:03:46.364344 192.168.1.13.49270 > sun1.kkf.net.domain: 62512+ A? www.deskmod.com. (33)
14:03:46.378610 sun1.kkf.net.domain > 192.168.1.13.49270: 62512- 0/13/0 (257) (DF)
14:03:46.378914 192.168.1.13.49270 > sun1.kkf.net.domain: 15646+ AAAA? www.deskmod.com. (33)
14:03:46.388404 sun1.kkf.net.domain > 192.168.1.13.49270: 15646- 0/13/0 (257) (DF)
14:03:46.961255 192.168.1.13.49270 > sun1.kkf.net.domain: 64596+ PTR? 13.1.168.192.in-addr.arpa. (43)
14:03:46.970090 sun1.kkf.net.domain > 192.168.1.13.49270: 64596- 0/2/2 (135) (DF)
14:03:49.898326 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
14:03:50.968398 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
14:03:52.069807 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
14:03:53.171257 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
14:03:54.272698 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
14:03:55.374174 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
14:03:56.475591 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
14:03:57.576988 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
14:03:58.978904 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
14:04:00.080282 255.199.162.254 > 0.0.nis: nbp-lkup 58: "=:NRL@*"
^C
18 packets received by filter
0 packets dropped by kernel

olealf is offline   Reply With Quote
Old 08-08-2003, 10:32 AM   #18
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
The linux geek was were, replaced my firewall config with his own and the problem remains. Now I at least know that my firewall config wasn't that bad but still no solution... Archive and install time?
olealf is offline   Reply With Quote
Old 08-08-2003, 02:11 PM   #19
keithcal
Prospect
 
Join Date: Jan 2002
Posts: 25
Check you network port configuration on the mac and make sure built in ethernet is first in the list or the port you are using is first.
Maybe create a new location on the mac and see if that helps.
keithcal is offline   Reply With Quote
Old 08-09-2003, 07:13 AM   #20
olealf
Triple-A Player
 
Join Date: Jan 2002
Location: Hamburg; Germany
Posts: 241
Ethernet is first and the only one.

Created a new location to no avail.

Thanks for all your help here.
olealf is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 09:14 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.