www.heroesonline.com unresolvable via local unbound instance?

Todd Blake tbblake at gmail.com
Thu May 2 13:34:40 CEST 2019


Tom, This doesn't explain the behavior of the other two though.  To test, I
ran dig's from my workplace.  I get the REFUSED as you do to
ns21.kpmedia.org from work and home, but from my workplace, dig's to the
other two work just fine.  a dig from home times out.  See below.  I'm
wondering if they're just not answering queries from known cable internet
user space...

*Home:*
[root at topo ~]# host ns19.kpmedia.org. 8.8.8.8 | grep has
ns19.kpmedia.org has address 192.64.118.171
[root at topo ~]# host ns20.kpmedia.org. 8.8.8.8 | grep has
ns20.kpmedia.org has address 162.213.254.70
[root at topo ~]# host ns21.kpmedia.org. 8.8.8.8 | grep has
ns21.kpmedia.org has address 37.61.235.107
[root at topo ~]# dig www.heroesonline.com @192.64.118.171

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.heroesonline.com @
192.64.118.171
;; global options: +cmd
;; connection timed out; no servers could be reached
[root at topo ~]# dig www.heroesonline.com @162.213.254.70

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.heroesonline.com @
162.213.254.70
;; global options: +cmd
;; connection timed out; no servers could be reached
[root at topo ~]# dig www.heroesonline.com @37.61.235.107

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.heroesonline.com @
37.61.235.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 23571
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.heroesonline.com.          IN      A

;; Query time: 106 msec
;; SERVER: 37.61.235.107#53(37.61.235.107)
;; WHEN: Thu May 02 07:31:52 EDT 2019
;; MSG SIZE  rcvd: 49





*Work:*
[blaket at topo2 ~]$ host www.heroesonline.com
www.heroesonline.com has address 162.213.254.70
[blaket at topo2 ~]$ host -t NS heroesonline.com
heroesonline.com name server ns21.kpmedia.org.
heroesonline.com name server ns20.kpmedia.org.
heroesonline.com name server ns19.kpmedia.org.
[blaket at topo2 ~]$ dig www.heroesonline.com @ns19.kpmedia.org.

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> www.heroesonline.com
@ns19.kpmedia.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40206
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.heroesonline.com.          IN      A

;; ANSWER SECTION:
www.heroesonline.com.   3600    IN      A       162.213.254.70

;; AUTHORITY SECTION:
heroesonline.com.       86400   IN      NS      ns19.kpmedia.org.
heroesonline.com.       86400   IN      NS      ns20.kpmedia.org.
heroesonline.com.       86400   IN      NS      ns21.kpmedia.org.

;; Query time: 28 msec
;; SERVER: 192.64.118.171#53(192.64.118.171)
;; WHEN: Thu May  2 11:28:01 2019
;; MSG SIZE  rcvd: 122

[blaket at topo2 ~]$ dig www.heroesonline.com @ns20.kpmedia.org.

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> www.heroesonline.com
@ns20.kpmedia.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54332
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.heroesonline.com.          IN      A

;; ANSWER SECTION:
www.heroesonline.com.   3600    IN      A       162.213.254.70

;; AUTHORITY SECTION:
heroesonline.com.       86400   IN      NS      ns21.kpmedia.org.
heroesonline.com.       86400   IN      NS      ns19.kpmedia.org.
heroesonline.com.       86400   IN      NS      ns20.kpmedia.org.

;; Query time: 18 msec
;; SERVER: 162.213.254.70#53(162.213.254.70)
;; WHEN: Thu May  2 11:28:06 2019
;; MSG SIZE  rcvd: 122

[blaket at topo2 ~]$ dig www.heroesonline.com @ns21.kpmedia.org.

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> www.heroesonline.com
@ns21.kpmedia.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 18346
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.heroesonline.com.          IN      A

;; Query time: 140 msec
;; SERVER: 37.61.235.107#53(37.61.235.107)
;; WHEN: Thu May  2 11:28:09 2019
;; MSG SIZE  rcvd: 38

[blaket at topo2 ~]$





On Wed, May 1, 2019 at 11:44 PM Tom Samplonius <tom at samplonius.org> wrote:

>
>   Of the three authoritative servers, ns21.kpmedia.org is responding with
> a REFUSED response.
>
> $ dig www.heroesonline.com  @ns21.kpmedia.org
>
> ; <<>> DiG 9.10.6 <<>> www.heroesonline.com @ns21.kpmedia.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 506
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.heroesonline.com. IN A
>
> ;; Query time: 348 msec
> ;; SERVER: 37.61.235.107#53(37.61.235.107)
> ;; WHEN: Wed May 01 20:40:38 PDT 2019
> ;; MSG SIZE  rcvd: 49
>
>
>
>   So 33% of lookups will fail.  It is possible that Google retries
> different NS servers, if a REFUSED is received.  Or perhaps they hit the
> two working servers, and are just returning the cached result.
>
>   Either way, this is not specifically an Unbound issue, as the REFUSED
> behaviour can be seen anywhere on the Internet.
>
>
>
>
> On May 1, 2019, at 1:14 PM, Todd Blake via Unbound-users <
> unbound-users at nlnetlabs.nl> wrote:
>
>     heroesonline.com name server ns21.kpmedia.org.
>     heroesonline.com name server ns19.kpmedia.org.
>     heroesonline.com name server ns20.kpmedia.org.
>     root at stretch:~# host ns21.kpmedia.org. 8.8.8.8
>     Using domain server:
>     Name: 8.8.8.8
>     Address: 8.8.8.8#53
>     Aliases:
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://nlnetlabs.nl/pipermail/unbound-users/attachments/20190502/5d84621f/attachment-0001.html>


More information about the Unbound-users mailing list