DNS Resolver returns SERVFAIL for a valid domain

jofrep · Mar 25, 2019, 8:24 PM

No, but I should!

Thanks, my problem is certainly accesing the NS ns1.servotic.net (or any other of the NS) from that location. If I ssh to another server in a different network I can query it without problems.

Thanks for the help.

johnpoz · Mar 25, 2019, 8:31 PM

ns1.servotic.net 82.223.244.165
ns2.servotic.net 195.190.78.1
ns3.servotic.net 195.21.32.43
ns4.servotic.net 192.83.254.181

You can not reach any of those? Where does your trace die, later on or right away just into your isp network?

jofrep · Mar 25, 2019, 8:38 PM

@johnpoz later. I can trace the exit and it dies at hop 10 to 15. If I query the server directly for the name I get no response, but if I do it from another network it works.

johnpoz · Mar 26, 2019, 7:34 AM

for all 4 of those IPs?

jofrep · Mar 26, 2019, 7:34 AM

@johnpoz Yes :-S

The same result for the 4 IPs:

The DNS request are ignored.
Ping works
Traceroute dies what looks like close to the destination

see and example below

 7  145.254.2.179 (145.254.2.179)  9.291 ms  9.670 ms
    145.254.2.195 (145.254.2.195)  9.125 ms
 8  decix.bb-a.fra3.fra.de.oneandone.net (80.81.192.123)  10.427 ms  10.224 ms  9.675 ms
 9  ae-10-0.bb-a.bap.rhr.de.oneandone.net (212.227.120.147)  15.933 ms  17.048 ms  15.870 ms
10  ae-1-0.bb-a.bv.crb.fr.oneandone.net (212.227.120.41)  23.707 ms  23.173 ms  23.215 ms
11  irb-66.bb-a.mad2.mad.es.oneandone.net (212.227.120.17)  40.407 ms  42.199 ms  40.061 ms
12  lpwro09.xe-1-0-0.arsys.es (82.223.200.41)  43.407 ms  43.624 ms  43.807 ms
13  * * *
14  82.223.244.165 (82.223.244.165)  44.600 ms  44.419 ms  44.244 ms
15  * * *
16  * * *
17  * * *

johnpoz · Mar 26, 2019, 9:18 AM

But you can ping them? Well if you can ping them, its not a connectivity thing.. But they don't answer your query???

jofrep · Mar 26, 2019, 10:05 AM

@johnpoz yes, nothing. Like if they dropped the request.

johnpoz · Mar 26, 2019, 10:25 AM

Odd... both udp and tcp queries? Even for their own SOA?

Or just that one record?

; <<>> DiG 9.12.3-P1 <<>> @ns2.servotic.net servotic.net SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21175
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;servotic.net.                  IN      SOA

;; ANSWER SECTION:
servotic.net.           300     IN      SOA     ns1.servotic.net. hostmaster.servotic.com. 2018111730 10800 900 604800 86400

;; AUTHORITY SECTION:
servotic.net.           300     IN      NS      ns2.servotic.net.
servotic.net.           300     IN      NS      ns4.servotic.net.
servotic.net.           300     IN      NS      ns3.servotic.net.
servotic.net.           300     IN      NS      ns1.servotic.net.

;; ADDITIONAL SECTION:
ns1.servotic.net.       300     IN      A       82.223.244.165
ns2.servotic.net.       300     IN      A       195.190.78.1
ns3.servotic.net.       300     IN      A       195.21.32.43
ns4.servotic.net.       300     IN      A       192.83.254.181

;; Query time: 29 msec
;; SERVER: 195.190.78.1#53(195.190.78.1)
;; WHEN: Tue Mar 26 05:22:53 Central Daylight Time 2019
;; MSG SIZE  rcvd: 236

jofrep · Mar 26, 2019, 10:54 AM

@johnpoz UDP are ignored, TCP looks like reset:

[2.4.4-RELEASE][admin@fw.xxxx.com]/root: dig @82.223.244.165 +tcp caching.ara.edge2befaster.com
;; communications error to 82.223.244.165#53: connection reset

and the dump:

[2.4.4-RELEASE][admin@fw.xxxx.com]/root: tcpdump -n port 53 -i igb0 -Xs0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes


11:46:47.177332 IP 192.168.0.139.27293 > 82.223.244.165.53: Flags [S], seq 1933958727, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 265315576 ecr 0], length 0
	0x0000:  4500 003c 0000 4000 4006 3204 c0a8 008b  E..<..@.@.2.....
	0x0010:  52df f4a5 6a9d 0035 7345 de47 0000 0000  R...j..5sE.G....
	0x0020:  a002 fecc 08e7 0000 0204 05b4 0103 0307  ................
	0x0030:  0402 080a 0fd0 64f8 0000 0000            ......d.....
11:46:47.221421 IP 82.223.244.165.53 > 192.168.0.139.27293: Flags [S.], seq 2916622363, ack 1933958728, win 14480, options [mss 1452,sackOK,TS val 3687093890 ecr 265315576,nop,wscale 6], length 0
	0x0000:  4500 003c 0000 4000 3506 3d04 52df f4a5  E..<..@.5.=.R...
	0x0010:  c0a8 008b 0035 6a9d add8 201b 7345 de48  .....5j.....sE.H
	0x0020:  a012 3890 954c 0000 0204 05ac 0402 080a  ..8..L..........
	0x0030:  dbc4 9682 0fd0 64f8 0103 0306            ......d.....
11:46:47.221573 IP 192.168.0.139.27293 > 82.223.244.165.53: Flags [.], ack 1, win 510, options [nop,nop,TS val 265315620 ecr 3687093890], length 0
	0x0000:  4500 0034 0000 4000 4006 320c c0a8 008b  E..4..@.@.2.....
	0x0010:  52df f4a5 6a9d 0035 7345 de48 add8 201c  R...j..5sE.H....
	0x0020:  8010 01fe 08df 0000 0101 080a 0fd0 6524  ..............e$
	0x0030:  dbc4 9682                                ....
11:46:47.221918 IP 192.168.0.139.27293 > 82.223.244.165.53: Flags [P.], seq 1:73, ack 1, win 510, options [nop,nop,TS val 265315621 ecr 3687093890], length 725072+ [1au] A? caching.ara.edge2befaster.com. (70)
	0x0000:  4500 007c 0000 4000 4006 31c4 c0a8 008b  E..|..@.@.1.....
	0x0010:  52df f4a5 6a9d 0035 7345 de48 add8 201c  R...j..5sE.H....
	0x0020:  8018 01fe 0927 0000 0101 080a 0fd0 6525  .....'........e%
	0x0030:  dbc4 9682 0046 13d0 0120 0001 0000 0000  .....F..........
	0x0040:  0001 0763 6163 6869 6e67 0361 7261 0d65  ...caching.ara.e
	0x0050:  6467 6532 6265 6661 7374 6572 0363 6f6d  dge2befaster.com
	0x0060:  0000 0100 0100 0029 1000 0000 0000 000c  .......)........
	0x0070:  000a 0008 9236 b8b5 1cf1 5c23            .....6....\#
11:46:47.266090 IP 82.223.244.165.53 > 192.168.0.139.27293: Flags [.], ack 73, win 227, options [nop,nop,TS val 3687093901 ecr 265315621], length 0
	0x0000:  4500 0034 b691 4000 3506 867a 52df f4a5  E..4..@.5..zR...
	0x0010:  c0a8 008b 0035 6a9d add8 201c 7345 de90  .....5j.....sE..
	0x0020:  8010 00e3 fb3c 0000 0101 080a dbc4 968d  .....<..........
	0x0030:  0fd0 6525                                ..e%
11:46:47.266333 IP 82.223.244.165.53 > 192.168.0.139.27293: Flags [R.], seq 1, ack 73, win 227, options [nop,nop,TS val 3687093901 ecr 265315621], length 0
	0x0000:  4500 0034 b692 4000 3506 8679 52df f4a5  E..4..@.5..yR...
	0x0010:  c0a8 008b 0035 6a9d add8 201c 7345 de90  .....5j.....sE..
	0x0020:  8014 00e3 fb38 0000 0101 080a dbc4 968d  .....8..........
	0x0030:  0fd0 6525                                ..e%
^C
6 packets captured

same result regardless of the record

johnpoz · Mar 26, 2019, 12:16 PM

Hmmmm, since firewalls don't normally send RST, nor would they normally answer a s with sa if they are blocking I have to assume your moving up the stack and something decided not to answer your query, and closed the session with R..

Possible ACL on their NS(s)...