On the surface it sounds like broken DNSSEC … My first few queries using our name servers failed and then they started returning valid responses that were cached … strange...
> On Oct 29, 2016, at 11:40 AM, Bill Prince <[email protected]> wrote: > > Not sure what you're talking about. However, I tried the same lookup using > google DNS from here and got this result: > > nslookup wletc.com 8.8.8.8 > Server: 8.8.8.8 > Address: 8.8.8.8#53 > > ** server can't find wletc.com: NXDOMAIN > I then tried it using our internal DNS server and got this: > nslookup wletc.com 69.36.***.*** > Server: 69.36.***.*** > Address: 69.36.***.***#53 > > Non-authoritative answer: > Name: wletc.com > Address: 162.212.24.50 > > > bp > <part15sbs{at}gmail{dot}com> > > On 10/28/2016 4:28 PM, David Milholen wrote: >> Ok, >> I have some happy IDS components that seem to stopping google dns from >> completing a lookup to our website. >> How can I find out what ips are being blocked from making the trip? >> I am not sure a traceroute is going to do it. I dont have an issue getting >> to google. >> google-dns is having an issue finding our dns. >> >> This is what I get with the commands I run >> nslookup wletc.com 8.8.8.8 >> Server: 8.8.8.8 >> Address: 8.8.8.8#53 >> >> ** server can't find wletc.com: SERVFAIL >> >> When I disable the firewall rule that drops the bad IPs this is what I get. >> nslookup wletc.com 8.8.8.8 >> Server: 8.8.8.8 >> Address: 8.8.8.8#53 >> >> Non-authoritative answer: >> Name: wletc.com >> Address: 162.212.24.50 >> >> What ip addresses are causing the lookup to fail?? >> >> -- >> <Mail Attachment.jpeg> >
