Re: Question regarding different responses that I am getting for a lookup.

2018-08-06 Thread Lee 
On 8/6/18, Bhangui, Sandeep - BLS CTR  wrote:
> Hello
>
> Not sure why I am getting different responses when I perform a dig on
> sso.dol.gov.
>
> Dig is performed from a server which is capable of querying the root
> servers….what could be the issue.

Probably because the bls.gov server gets a different answer than a
server outside the bls.gov (or .gov?) domain.

> sso.gslb.dol.gov.   15  IN  A   10.49.1.80
you can't get there from here if >>here<< is on the internet

Regards,
Lee



>   Both dig commands below are run from the
> same server which acts as DNS server capable of performing DNS queries on
> the internet.
>
> The dig +trace +all output is the same when I query my local server as well
> as when I query the VZ NS.
>
> Any guidance/pointers would be appreciated.
>
> Running Bind 9.11.3 on RHEL 6.x is that is of any relevance.
>
> I have a feeling that the external DNS entry presented  for sso.dol.gov is
> messed up…
>
> Thanks
> Sandeep
>
>
>
> sh-4.1# dig sso.dol.gov
>
> ; <<>> DiG 9.11.3 <<>> sso.dol.gov
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12647
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 191369419bc6df077b8f30ce5b688c9e77211f348bb29b35 (good)
> ;; QUESTION SECTION:
> ;sso.dol.gov.   IN  A
>
> ;; ANSWER SECTION:
> sso.dol.gov.77266   IN  CNAME   sso.gslb.dol.gov.
> sso.gslb.dol.gov.   15  IN  A   10.49.1.80
>
> ;; AUTHORITY SECTION:
> gslb.dol.gov.   77266   IN  NS  silprodgslb.dol.gov.
> gslb.dol.gov.   77266   IN  NS  stldrpgslb.dol.gov.
>
> ;; Query time: 27 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Aug 06 13:59:58 EDT 2018
> ;; MSG SIZE  rcvd: 158
>
>
> sh-4.1# dig @198.6.1.1 sso.dol.gov
>
> ; <<>> DiG 9.11.3 <<>> @198.6.1.1 sso.dol.gov
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25189
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4000
> ;; QUESTION SECTION:
> ;sso.dol.gov.   IN  A
>
> ;; ANSWER SECTION:
> sso.dol.gov.86378   IN  CNAME   sso.gslb.dol.gov.
> sso.gslb.dol.gov.   15  IN  A   152.180.20.21
>
> ;; Query time: 93 msec
> ;; SERVER: 198.6.1.1#53(198.6.1.1)
> ;; WHEN: Mon Aug 06 14:01:42 EDT 2018
> ;; MSG SIZE  rcvd: 79
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question regarding different responses that I am getting for a lookup.

2018-08-06 Thread Peter DeVries 
They are probably using a load balancer of some sort that is choosing
between multiple systems and directing you to the one closest or no under
load at the moment.   The low TTL is usually a sign of this as well.



On Mon, Aug 6, 2018 at 2:12 PM, Bhangui, Sandeep - BLS CTR <
bhangui.sand...@bls.gov> wrote:

> Hello
>
>
>
> Not sure why I am getting different responses when I perform a dig on
> sso.dol.gov.
>
>
>
> Dig is performed from a server which is capable of querying the root
> servers….what could be the issue.   Both dig commands below are run from
> the same server which acts as DNS server capable of performing DNS queries
> on the internet.
>
>
>
> The dig +trace +all output is the same when I query my local server as
> well as when I query the VZ NS.
>
>
>
> Any guidance/pointers would be appreciated.
>
>
>
> Running Bind 9.11.3 on RHEL 6.x is that is of any relevance.
>
>
>
> I have a feeling that the external DNS entry presented  for sso.dol.gov
> is messed up…
>
>
>
> Thanks
>
> Sandeep
>
>
>
>
>
>
>
> sh-4.1# dig *sso.dol.gov *
>
>
>
> ; <<>> DiG 9.11.3 <<>> sso.dol.gov
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12647
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
>
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 4096
>
> ; COOKIE: 191369419bc6df077b8f30ce5b688c9e77211f348bb29b35 (good)
>
> ;; QUESTION SECTION:
>
> ;sso.dol.gov.   IN  A
>
>
>
> ;; ANSWER SECTION:
>
> sso.dol.gov.77266   IN  CNAME   sso.gslb.dol.gov.
>
> sso.gslb.dol.gov.   15  IN  A   *10.49.1.80*
>
>
>
> ;; AUTHORITY SECTION:
>
> gslb.dol.gov.   77266   IN  NS  silprodgslb.dol.gov.
>
> gslb.dol.gov.   77266   IN  NS  stldrpgslb.dol.gov.
>
>
>
> ;; Query time: 27 msec
>
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>
> ;; WHEN: Mon Aug 06 13:59:58 EDT 2018
>
> ;; MSG SIZE  rcvd: 158
>
>
>
>
>
> sh-4.1# dig *@198.6.1.1 * *sso.dol.gov
> *
>
>
>
> ; <<>> DiG 9.11.3 <<>> @198.6.1.1 sso.dol.gov
>
> ; (1 server found)
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25189
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 4000
>
> ;; QUESTION SECTION:
>
> ;sso.dol.gov.   IN  A
>
>
>
> ;; ANSWER SECTION:
>
> sso.dol.gov.86378   IN  CNAME   sso.gslb.dol.gov.
>
> sso.gslb.dol.gov.   15  IN  A   *152.180.20.21*
>
>
>
> ;; Query time: 93 msec
>
> ;; SERVER: 198.6.1.1#53(198.6.1.1)
>
> ;; WHEN: Mon Aug 06 14:01:42 EDT 2018
>
> ;; MSG SIZE  rcvd: 79
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Question regarding different responses that I am getting for a lookup.

2018-08-06 Thread Bhangui, Sandeep - BLS CTR 
Hello

Not sure why I am getting different responses when I perform a dig on 
sso.dol.gov.

Dig is performed from a server which is capable of querying the root 
servers….what could be the issue.   Both dig commands below are run from the 
same server which acts as DNS server capable of performing DNS queries on the 
internet.

The dig +trace +all output is the same when I query my local server as well as 
when I query the VZ NS.

Any guidance/pointers would be appreciated.

Running Bind 9.11.3 on RHEL 6.x is that is of any relevance.

I have a feeling that the external DNS entry presented  for sso.dol.gov is 
messed up…

Thanks
Sandeep



sh-4.1# dig sso.dol.gov

; <<>> DiG 9.11.3 <<>> sso.dol.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12647
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 191369419bc6df077b8f30ce5b688c9e77211f348bb29b35 (good)
;; QUESTION SECTION:
;sso.dol.gov.   IN  A

;; ANSWER SECTION:
sso.dol.gov.77266   IN  CNAME   sso.gslb.dol.gov.
sso.gslb.dol.gov.   15  IN  A   10.49.1.80

;; AUTHORITY SECTION:
gslb.dol.gov.   77266   IN  NS  silprodgslb.dol.gov.
gslb.dol.gov.   77266   IN  NS  stldrpgslb.dol.gov.

;; Query time: 27 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 06 13:59:58 EDT 2018
;; MSG SIZE  rcvd: 158


sh-4.1# dig @198.6.1.1 sso.dol.gov

; <<>> DiG 9.11.3 <<>> @198.6.1.1 sso.dol.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25189
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;sso.dol.gov.   IN  A

;; ANSWER SECTION:
sso.dol.gov.86378   IN  CNAME   sso.gslb.dol.gov.
sso.gslb.dol.gov.   15  IN  A   152.180.20.21

;; Query time: 93 msec
;; SERVER: 198.6.1.1#53(198.6.1.1)
;; WHEN: Mon Aug 06 14:01:42 EDT 2018
;; MSG SIZE  rcvd: 79

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users