FreeBSD jails, dns and ping

Weldon Godfrey weldon at excelsusphoto.com
Mon Feb 5 21:50:48 UTC 2018 


> On Feb 5, 2018, at 3:18 PM, James B. Byrne via freebsd-questions <freebsd-questions at freebsd.org> wrote:
> 
> Can anyone explain what is causing this particular inconsistency? 
> Unbound can resolve the address but ping cannot?
> 
> <pre>
> [root at hll107 ~]# drill pkg.freebsd.org
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 64648
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
> ;; QUESTION SECTION:
> ;; pkg.freebsd.org.     IN      A
> 
> ;; ANSWER SECTION:
> pkg.freebsd.org.        300     IN      CNAME   pkgmir.geo.freebsd.org.
> pkgmir.geo.freebsd.org. 150     IN      A       96.47.72.71
> 
> ;; AUTHORITY SECTION:
> geo.freebsd.org.        2743    IN      NS      gns1.freebsd.org.
> geo.freebsd.org.        2743    IN      NS      gns2.freebsd.org.
> geo.freebsd.org.        2743    IN      NS      gns0.freebsd.org.
> 
> ;; ADDITIONAL SECTION:
> gns2.freebsd.org.       2743    IN      A       213.138.116.75
> gns0.freebsd.org.       2743    IN      A       8.8.178.30
> gns1.freebsd.org.       2743    IN      A       96.47.72.24
> 


From what I can tell, the authoritative server, such as ns2.isc-sns.com.  is giving NS records for the A record of those three gns*.freebsd.org <http://freebsd.org/>.   servers.  ALL three are giving me query refuses.

So the issue I believe is, at least, ns2.isc-sns.com. is giving the A record for the CNAME entry and NS records of the gns* servers.  The TTL of the A record is only 300 seconds, but the NS records are closer to 2800 seconds.  When the A record expires, your DNS client will trust the DNS records handed over at the end and use those to requery and it cant because the three servers are giving no answer

Although I would think more than just you would see this, I haven't seen it expire out badly on my side yet.


example of what I am seeing

Authoritative answers can be found from:
freebsd.org     nameserver = ns2.isc-sns.com.
freebsd.org     nameserver = ns3.isc-sns.info.
freebsd.org     nameserver = ns1.isc-sns.net.
> server ns2.isc-sns.com.
Default server: ns2.isc-sns.com.
Address: 63.243.194.1#53
> pkg.freebsd.org.
Server:         ns2.isc-sns.com.
Address:        63.243.194.1#53

pkg.freebsd.org canonical name = pkgmir.geo.freebsd.org.
> pkgmir.geo.freebsd.org.
Server:         ns2.isc-sns.com.
Address:        63.243.194.1#53

Non-authoritative answer:
*** Can't find pkgmir.geo.freebsd.org.: No answer

Authoritative answers can be found from:
geo.freebsd.org nameserver = gns2.freebsd.org.
geo.freebsd.org nameserver = gns0.freebsd.org.
geo.freebsd.org nameserver = gns1.freebsd.org.
gns0.freebsd.org        internet address = 8.8.178.30
gns1.freebsd.org        internet address = 96.47.72.24
gns2.freebsd.org        internet address = 213.138.116.75
> server gns2.freebsd.org.
Default server: gns2.freebsd.org.
Address: 213.138.116.75#53
> pkgmir.geo.freebsd.org.
Server:         gns2.freebsd.org.
Address:        213.138.116.75#53

*** Can't find pkgmir.geo.freebsd.org.: No answer

More information about the freebsd-questions mailing list