Strange dns results from dig +trace

I have the hostname hodgins.homeip.net registered at dyndns.org.

$ dig +trace hodgins.homeip.net ANY

; <<>> DiG 9.8.0-P4 <<>> +trace hodgins.homeip.net ANY
<snip root servers>
hodgins.homeip.net. 60 IN A 192.168.10.101
homeip.net. 86400 IN NS ns3.dyndns.org.
homeip.net. 86400 IN NS ns4.dyndns.org.
homeip.net. 86400 IN NS ns1.dyndns.org.
homeip.net. 86400 IN NS ns2.dyndns.org.
homeip.net. 86400 IN NS ns5.dyndns.org.
;; Received 372 bytes from 91.198.22.75#53(ns4.dyndns.org) in 125 ms


The above tells me, that ns4.dyndns.org is returning an A record
with my lan ip.

$ host hodgins.homeip.net ns1.dyndns.org
gives the same result.

Yet, according to the dyndns website, my ip address is correctly
set to 216.240.4.31

http://www.iptools.com/dnstools.php?...eip.net&type=A
is also showing ...
hodgins.homeip.net. 60 IN A 216.240.4.31

What is going on? This doesn't make any sense to me.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

On 17.09.2011 00:37, David W. Hodgins wrote:
>
> The above tells me, that ns4.dyndns.org is returning an A record
> with my lan ip.
>
> $ host hodgins.homeip.net ns1.dyndns.org
> gives the same result.
>
> Yet, according to the dyndns website, my ip address is correctly
> set to 216.240.4.31

Do you by any chance have a Cisco ASA or PIX firewall, with one or more
ports forwarded to your LAN IP?

On Fri, 16 Sep 2011 19:24:03 -0400, KR <(E-Mail Removed)> wrote:

> On 17.09.2011 00:37, David W. Hodgins wrote:
>>
>> The above tells me, that ns4.dyndns.org is returning an A record
>> with my lan ip.
>>
>> $ host hodgins.homeip.net ns1.dyndns.org
>> gives the same result.
>>
>> Yet, according to the dyndns website, my ip address is correctly
>> set to 216.240.4.31
>
> Do you by any chance have a Cisco ASA or PIX firewall, with one or more
> ports forwarded to your LAN IP?

No. I have a "My essentials" router. Up until a few days ago, dig
with the +trace option always showed the wan ip.

I took the router out of the setup, and connected directly to the
adsl modem, for a couple of days while I was testing openafs, but
then switched back to the router. (I'm on the Mageia QA team).

Other than having the openafs software installed, but now disabled,
I'm not aware of any changes that should affect this.

Regardless of what I have installed, shouldn't dig +trace show what
the actual nameserver is showing?

What do you see for the A record from "dig +trace hodgins.homeip.net".

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

On 17.09.2011 08:29, David W. Hodgins wrote:
>
> Regardless of what I have installed, shouldn't dig +trace show what
> the actual nameserver is showing?
>
> What do you see for the A record from "dig +trace hodgins.homeip.net".

I know that some routers, in particular the Cisco firewalls, mangle DNS
resposes that resolve to an external IP address on which port forwarding
is performed, and replaces the address with the local NATed IP address
to avoid hairpin NAT issues.

From where I sit, hodgins.homeip.net seems to resolve properly to a
public IP address:

hodgins.homeip.net. 60 IN A 216.240.4.31
homeip.net. 86400 IN NS ns1.dyndns.org.
homeip.net. 86400 IN NS ns2.dyndns.org.
homeip.net. 86400 IN NS ns3.dyndns.org.
homeip.net. 86400 IN NS ns5.dyndns.org.
homeip.net. 86400 IN NS ns4.dyndns.org.
;; Received 372 bytes from 2600:2003::75#53(ns3.dyndns.org) in 206 ms

I strongly suspect this is caused by a meddling DNS proxy service in
your router. What does tcpdump show if you do "nslookup -q=a
hodgins.homeip.net 8.8.8.8" or similar? Can you temporarily disconnect
the router and try dig/nslookup/host while directly connected to the
ADSL modem?

David W. Hodgins wrote:

> What do you see for the A record from "dig +trace hodgins.homeip.net".
>

; <<>> DiG 9.8.1 <<>> hodgins.homeip.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27057
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 7

;; QUESTION SECTION:
;hodgins.homeip.net. IN A

;; ANSWER SECTION:
hodgins.homeip.net. 60 IN A 216.240.4.31

;; AUTHORITY SECTION:
homeip.net. 86400 IN NS ns5.dyndns.org.
homeip.net. 86400 IN NS ns1.dyndns.org.
homeip.net. 86400 IN NS ns3.dyndns.org.
homeip.net. 86400 IN NS ns2.dyndns.org.
homeip.net. 86400 IN NS ns4.dyndns.org.

;; ADDITIONAL SECTION:
ns1.dyndns.org. 60 IN A 204.13.248.75
ns2.dyndns.org. 86400 IN A 204.13.249.75
ns2.dyndns.org. 86400 IN AAAA 2600:2002::75
ns3.dyndns.org. 86400 IN A 208.78.69.75
ns4.dyndns.org. 86400 IN A 91.198.22.75
ns4.dyndns.org. 86400 IN AAAA 2600:2004::75
ns5.dyndns.org. 86400 IN A 203.62.195.75

;; Query time: 436 msec
;; SERVER: 192.168.1.7#53(192.168.1.7)
;; WHEN: Sat Sep 17 07:39:18 2011
;; MSG SIZE rcvd: 288

On Sat, 17 Sep 2011 07:28:42 -0400, KR <(E-Mail Removed)> wrote:

> From where I sit, hodgins.homeip.net seems to resolve properly to a
> public IP address:
>
> hodgins.homeip.net. 60 IN A 216.240.4.31
> I strongly suspect this is caused by a meddling DNS proxy service in
> your router. What does tcpdump show if you do "nslookup -q=a

Finally figured it out. I'm also testing a package called siproxd,
which is intended to allow other systems on this lan to connect to things
like ekiga. The only other systems normally on this "lan", are under
VirtualBox, on this computer.

Seems it doesn't only mangle sip protocol packets. I'm quite amazed
that it would mangle the return from a dig +trace command. It's either
a bug in siproxd, or I really mananged to mess up the firewall settings,
when trying to get siproxd working with a vb guest.

Thanks for the answers.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)