Re: [c-nsp] Strange corrupt DNS Cache in IOS
> On Aug 15, 2014, at 3:55 AM, Sascha E. Pollok wrote: > > Hello networking fellows! > > We are trying to find the cause of a corrupt local DNS cache of a Cisco 1803 > running 15.1(4)M8 (also appeared on 12.4something - 15.1 ist just a desperate > attempt of solving). > > The router acts as a local DNS resolver for locally connected clients using > "ip dns server". > > Every now and then it seems to break locally cached IPv4 A-RRs like this: > > Router#show hosts > test.fqdn.fqdn None (temp, OK) 0 IP0.0.0.5 <--- > > This seems to happen for hosts that also have an RR. To us it looks like > it mixes and A records as the IPv6 address for this host is [...]::5. > This happens with other hosts too. > > The host is sometimes first seen correctly with an "IP" and "IPv6" entry in > the cache but then changes to the broken "IP" RR while sometimes even keeping > the correct IPv6 entry. It never happens to the IPv6 address. > > Debugging "debugging domain" and "debugging domain replies" didnt give a clue. Sascha, This looks like the symptoms of bug CSCub00466, where IPv4 entries are corrupt when an IPv6 PTR query takes place. Can you please open a case with us (Cisco TAC) so we can track this down? Javier Henderson jav...@cisco.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange corrupt DNS Cache in IOS
True. But each has it's own place :) -- ./ > On 15 Aug 2014, at 23:23, Jared Mauch wrote: > > Can get more luck with voodoo dolls some days. > > Jared Mauch > >> On Aug 15, 2014, at 4:12 PM, Łukasz Bromirski wrote: >> >> Open a case with TAC. That's what they are for, right? >> >> -- >> ./ >> >>> On 15 Aug 2014, at 18:05, Sascha E. Pollok wrote: >>> >>> Frank, Jared, >>> >>> I understand your point and I even share it. Sometimes there are setups >>> that do not make much sense any other way (this box with DNS server >>> mainly serves one single device and no other DNS server around that is >>> suitable for the job). >>> >>> And before I go ahead and try to deploy some other device for that >>> purpose I simply wanted to see if I can make it work with what there is. >>> >>> Thanks >>> Sascha >>> >>> Am 15.08.2014 16:46, schrieb Frank Bulk: >>>> Right, but that's all non-Cisco. My comments were intended to be >>>> constrained to Cisco. >>>> >>>> Frank >>>> >>>> -Original Message- >>>> From: Jared Mauch [mailto:ja...@puck.nether.net] >>>> Sent: Friday, August 15, 2014 9:42 AM >>>> To: Frank Bulk >>>> Cc: Sascha E. Pollok; cisco-nsp@puck.nether.net >>>> Subject: Re: [c-nsp] Strange corrupt DNS Cache in IOS >>>> >>>> >>>>> On Aug 15, 2014, at 10:34 AM, Frank Bulk wrote: >>>>> >>>>> Don't use a router as a DNS resolver for customers. Just don't. >>>> >>>> Or if you are, use something that is properly designed for that function. >>>> Check out the UBNT EdgeRouter stuff, cheap, vyatta (JunOS-like), and gives >>>> you shell access to do other more advanced stuff. Basically, you can't >>>> lose >>>> at the unit cost, etc. >>>> >>>> - Jared >>> ___ >>> cisco-nsp mailing list cisco-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-nsp >>> archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange corrupt DNS Cache in IOS
Can get more luck with voodoo dolls some days. Jared Mauch > On Aug 15, 2014, at 4:12 PM, Łukasz Bromirski wrote: > > Open a case with TAC. That's what they are for, right? > > -- > ./ > >> On 15 Aug 2014, at 18:05, Sascha E. Pollok wrote: >> >> Frank, Jared, >> >> I understand your point and I even share it. Sometimes there are setups >> that do not make much sense any other way (this box with DNS server >> mainly serves one single device and no other DNS server around that is >> suitable for the job). >> >> And before I go ahead and try to deploy some other device for that >> purpose I simply wanted to see if I can make it work with what there is. >> >> Thanks >> Sascha >> >> Am 15.08.2014 16:46, schrieb Frank Bulk: >>> Right, but that's all non-Cisco. My comments were intended to be >>> constrained to Cisco. >>> >>> Frank >>> >>> -Original Message- >>> From: Jared Mauch [mailto:ja...@puck.nether.net] >>> Sent: Friday, August 15, 2014 9:42 AM >>> To: Frank Bulk >>> Cc: Sascha E. Pollok; cisco-nsp@puck.nether.net >>> Subject: Re: [c-nsp] Strange corrupt DNS Cache in IOS >>> >>> >>>> On Aug 15, 2014, at 10:34 AM, Frank Bulk wrote: >>>> >>>> Don't use a router as a DNS resolver for customers. Just don't. >>> >>> Or if you are, use something that is properly designed for that function. >>> Check out the UBNT EdgeRouter stuff, cheap, vyatta (JunOS-like), and gives >>> you shell access to do other more advanced stuff. Basically, you can't lose >>> at the unit cost, etc. >>> >>> - Jared >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange corrupt DNS Cache in IOS
Open a case with TAC. That's what they are for, right? -- ./ > On 15 Aug 2014, at 18:05, Sascha E. Pollok wrote: > > Frank, Jared, > > I understand your point and I even share it. Sometimes there are setups > that do not make much sense any other way (this box with DNS server > mainly serves one single device and no other DNS server around that is > suitable for the job). > > And before I go ahead and try to deploy some other device for that > purpose I simply wanted to see if I can make it work with what there is. > > Thanks > Sascha > > Am 15.08.2014 16:46, schrieb Frank Bulk: >> Right, but that's all non-Cisco. My comments were intended to be >> constrained to Cisco. >> >> Frank >> >> -Original Message- >> From: Jared Mauch [mailto:ja...@puck.nether.net] >> Sent: Friday, August 15, 2014 9:42 AM >> To: Frank Bulk >> Cc: Sascha E. Pollok; cisco-nsp@puck.nether.net >> Subject: Re: [c-nsp] Strange corrupt DNS Cache in IOS >> >> >>> On Aug 15, 2014, at 10:34 AM, Frank Bulk wrote: >>> >>> Don't use a router as a DNS resolver for customers. Just don't. >> >> Or if you are, use something that is properly designed for that function. >> Check out the UBNT EdgeRouter stuff, cheap, vyatta (JunOS-like), and gives >> you shell access to do other more advanced stuff. Basically, you can't lose >> at the unit cost, etc. >> >> - Jared > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange corrupt DNS Cache in IOS
Frank, Jared, I understand your point and I even share it. Sometimes there are setups that do not make much sense any other way (this box with DNS server mainly serves one single device and no other DNS server around that is suitable for the job). And before I go ahead and try to deploy some other device for that purpose I simply wanted to see if I can make it work with what there is. Thanks Sascha Am 15.08.2014 16:46, schrieb Frank Bulk: > Right, but that's all non-Cisco. My comments were intended to be > constrained to Cisco. > > Frank > > -Original Message- > From: Jared Mauch [mailto:ja...@puck.nether.net] > Sent: Friday, August 15, 2014 9:42 AM > To: Frank Bulk > Cc: Sascha E. Pollok; cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] Strange corrupt DNS Cache in IOS > > >> On Aug 15, 2014, at 10:34 AM, Frank Bulk wrote: >> >> Don't use a router as a DNS resolver for customers. Just don't. >> > > Or if you are, use something that is properly designed for that function. > Check out the UBNT EdgeRouter stuff, cheap, vyatta (JunOS-like), and gives > you shell access to do other more advanced stuff. Basically, you can't lose > at the unit cost, etc. > > - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange corrupt DNS Cache in IOS
Right, but that's all non-Cisco. My comments were intended to be constrained to Cisco. Frank -Original Message- From: Jared Mauch [mailto:ja...@puck.nether.net] Sent: Friday, August 15, 2014 9:42 AM To: Frank Bulk Cc: Sascha E. Pollok; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Strange corrupt DNS Cache in IOS > On Aug 15, 2014, at 10:34 AM, Frank Bulk wrote: > > Don't use a router as a DNS resolver for customers. Just don't. > Or if you are, use something that is properly designed for that function. Check out the UBNT EdgeRouter stuff, cheap, vyatta (JunOS-like), and gives you shell access to do other more advanced stuff. Basically, you can't lose at the unit cost, etc. - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange corrupt DNS Cache in IOS
> On Aug 15, 2014, at 10:34 AM, Frank Bulk wrote: > > Don't use a router as a DNS resolver for customers. Just don't. > Or if you are, use something that is properly designed for that function. Check out the UBNT EdgeRouter stuff, cheap, vyatta (JunOS-like), and gives you shell access to do other more advanced stuff. Basically, you can't lose at the unit cost, etc. - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange corrupt DNS Cache in IOS
Don't use a router as a DNS resolver for customers. Just don't. Frank -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Sascha E. Pollok Sent: Friday, August 15, 2014 5:56 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Strange corrupt DNS Cache in IOS Hello networking fellows! We are trying to find the cause of a corrupt local DNS cache of a Cisco 1803 running 15.1(4)M8 (also appeared on 12.4something - 15.1 ist just a desperate attempt of solving). The router acts as a local DNS resolver for locally connected clients using "ip dns server". Every now and then it seems to break locally cached IPv4 A-RRs like this: Router#show hosts test.fqdn.fqdn None (temp, OK) 0 IP0.0.0.5 <--- This seems to happen for hosts that also have an RR. To us it looks like it mixes and A records as the IPv6 address for this host is [...]::5. This happens with other hosts too. The host is sometimes first seen correctly with an "IP" and "IPv6" entry in the cache but then changes to the broken "IP" RR while sometimes even keeping the correct IPv6 entry. It never happens to the IPv6 address. Debugging "debugging domain" and "debugging domain replies" didnt give a clue. Thanks for any hints! Sascha ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange corrupt DNS Cache in IOS
Hello networking fellows! We are trying to find the cause of a corrupt local DNS cache of a Cisco 1803 running 15.1(4)M8 (also appeared on 12.4something - 15.1 ist just a desperate attempt of solving). The router acts as a local DNS resolver for locally connected clients using "ip dns server". Every now and then it seems to break locally cached IPv4 A-RRs like this: Router#show hosts test.fqdn.fqdn None (temp, OK) 0 IP0.0.0.5 <--- This seems to happen for hosts that also have an RR. To us it looks like it mixes and A records as the IPv6 address for this host is [...]::5. This happens with other hosts too. The host is sometimes first seen correctly with an "IP" and "IPv6" entry in the cache but then changes to the broken "IP" RR while sometimes even keeping the correct IPv6 entry. It never happens to the IPv6 address. Debugging "debugging domain" and "debugging domain replies" didnt give a clue. Thanks for any hints! Sascha ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
