{"id":818,"date":"2009-09-28T21:31:54","date_gmt":"2009-09-28T18:31:54","guid":{"rendered":"http:\/\/www.void.gr\/kargig\/blog\/?p=818"},"modified":"2009-09-28T21:32:22","modified_gmt":"2009-09-28T18:32:22","slug":"resolv-conf-options-rotate-and-discovery-of-isp-dns-issue","status":"publish","type":"post","link":"https:\/\/www.void.gr\/kargig\/blog\/2009\/09\/28\/resolv-conf-options-rotate-and-discovery-of-isp-dns-issue\/","title":{"rendered":"resolv.conf options rotate and discovery of ISP DNS issue"},"content":{"rendered":"

Lately I somehow bumped on the manpage of resolv.conf. While reading it I saw the following really nice option:<\/p>\n

rotate               sets  RES_ROTATE  in _res.options, which causes round robin selection of name\u2010\n                     servers from among those listed.  This has the effect of spreading  the  query\n                     load  among  all  listed servers, rather than having all clients try the first\n                     listed server first every time.<\/pre2><\/pre><\/p>\n
Since then my \/etc\/resolv.conf on both Gentoo and Debian looks like that:
\nnameserver 194.177.210.10
\nnameserver 194.177.210.210
\nnameserver 194.177.210.211
\noptions rotate
\n<\/code><\/p>\n
(I prefer using GrNET<\/a>‘s DNS servers than any others in Greece, especially for my laptop configuration. Since they allow recursion I can use them to avoid lousy DNS services provided by lousy DSL routers regardless of the ISP I am currently using, when I am “mobile” with my laptop.)<\/p>\n
While using the following config I issued a ping command on a teminal and a tcpdump command on another to see what was actually happening. The result looked like this:
\nroot@lola:~# tcpdump -ni eth1 port 53
\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode
\nlistening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
\n11:20:46.405694 IP 192.168.1.65.55154 > 194.177.210.210.53: 39212+ A? ntua.gr. (25)
\n11:20:46.444266 IP 194.177.210.210.53 > 192.168.1.65.55154: 39212* 1\/5\/8 A 147.102.222.210 (319)
\n11:20:46.484490 IP 192.168.1.65.56152 > 194.177.210.211.53: 50452+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:46.584171 IP 194.177.210.211.53 > 192.168.1.65.56152: 50452 ServFail 0\/0\/0 (46)
\n11:20:46.584449 IP 192.168.1.65.58597 > 194.177.210.10.53: 50452+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:46.624179 IP 194.177.210.10.53 > 192.168.1.65.58597: 50452 1\/7\/6 (357)
\n11:20:47.484420 IP 192.168.1.65.32818 > 194.177.210.10.53: 33179+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:47.524176 IP 194.177.210.10.53 > 192.168.1.65.32818: 33179 1\/7\/6 (357)
\n11:20:48.484483 IP 192.168.1.65.57670 > 194.177.210.210.53: 21949+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:48.524184 IP 194.177.210.210.53 > 192.168.1.65.57670: 21949 1\/3\/6 (271)
\n11:20:49.487610 IP 192.168.1.65.48966 > 194.177.210.211.53: 8619+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:49.534204 IP 194.177.210.211.53 > 192.168.1.65.48966: 8619 ServFail 0\/0\/0 (46)
\n11:20:49.534429 IP 192.168.1.65.49421 > 194.177.210.10.53: 8619+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:49.574138 IP 194.177.210.10.53 > 192.168.1.65.49421: 8619 1\/7\/6 (357)
\n11:20:50.494537 IP 192.168.1.65.52525 > 194.177.210.10.53: 3415+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:50.534145 IP 194.177.210.10.53 > 192.168.1.65.52525: 3415 1\/7\/6 (357)
\n11:20:51.494552 IP 192.168.1.65.40400 > 194.177.210.210.53: 4504+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:51.534205 IP 194.177.210.210.53 > 192.168.1.65.40400: 4504 1\/3\/6 (271)
\n11:20:52.494554 IP 192.168.1.65.42385 > 194.177.210.211.53: 48450+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:52.544197 IP 194.177.210.211.53 > 192.168.1.65.42385: 48450 ServFail 0\/0\/0 (46)
\n11:20:52.544409 IP 192.168.1.65.43773 > 194.177.210.10.53: 48450+ PTR? 210.222.102.147.in-addr.arpa. (46)
\n11:20:52.584232 IP 194.177.210.10.53 > 192.168.1.65.43773: 48450 1\/7\/6 (357)
\n<\/code><\/p>\n
People who are used to reading tcpdump output will immediately point out the ServFail entries of the log. Server 194.177.210.211 refused to provide proper results for the PTR query of 210.222.102.147.in-addr.arpa.<\/p>\n
Further investigation of the problem:
\n
root@lola:~# dig ptr 210.222.102.147.in-addr.arpa @194.177.210.210\n;; QUESTION SECTION:\n;210.222.102.147.in-addr.arpa.  IN  PTR\n;; ANSWER SECTION:\n210.222.102.147.in-addr.arpa. 66841 IN  PTR achilles.noc.ntua.gr.\n\nroot@lola:~# dig ptr 210.222.102.147.in-addr.arpa @194.177.210.211\n;; QUESTION SECTION:\n;210.222.102.147.in-addr.arpa.  IN  PTR\n\nroot@lola:~# dig ptr 210.222.102.147.in-addr.arpa @194.177.210.10\n;; QUESTION SECTION:\n;210.222.102.147.in-addr.arpa.  IN  PTR\n;; ANSWER SECTION:\n210.222.102.147.in-addr.arpa. 86115 IN  PTR achilles.noc.ntua.gr.\n<\/code2><\/pre><\/p>\n
It was obvious that 2 out of 3 DNS servers responded as they should and the other did not.<\/p>\n
What I did was to notify a friend working as an administrator there (GrNET<\/a>) and let him know of the problem. After some investigation, he later on told me that the problem was related to dnssec<\/a> issues. Possibly a configuration error on RIPE<\/a>‘s side. As far as I know they had to temporarily disable dnssec on the 147.102 zone…I am not aware whether they fixed the problem (using dnssec) yet though.<\/p>\n
I am really glad they acted as fast as possible regarding the solution of the problem \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"
Lately I somehow bumped on the manpage of resolv.conf. While reading it I saw the following really nice option: rotate               sets  RES_ROTATE  in _res.options, which causes round robin selection of name\u2010                      servers from among those listed.  This has the effect of spreading  the  query                      load  among  all  listed servers, rather than having all clients try the first                      listed server first […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[3],"tags":[33,199,201,601,200,595,202,203],"class_list":["post-818","post","type-post","status-publish","format-standard","hentry","category-linux","tag-debian","tag-dns","tag-dnssec","tag-gentoo","tag-grnet","tag-linux","tag-resolv-conf","tag-rotate"],"aioseo_notices":[],"views":20163,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=818"}],"version-history":[{"count":13,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/818\/revisions"}],"predecessor-version":[{"id":831,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/818\/revisions\/831"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}