| Michael F. Robbins on Thu, 12 Jun 2003 03:08:12 -0400 |
|
I run an authoritative nameserver for my domains. When I use standard DNS tools to query the nameserver *while ssh'd into the nameserver box*, everything looks fine. However, when I use the same tools to query the nameserver from another computer remotely, passing through more than a dozen other hops, the packet comes back differently. The packet is no longer authoritative, and the actual size of the packet and cache times are different! It is as though my query went through some ISP's caching nameserver first. Also supporting this theory is that when I query for other domains, like yahoo.com, on my nameserver, I should expect to get no response. When doing the query from the NS box, I corrrectly get no response. However, when doing the query from my remote workstation, the yahoo.com data is actually returned. Furthermore, the nameserver logs seem to support this. None of my "yahoo.com" style queries are even sent to my server, while all of my successful (those that should be authoritative) queries appear to come from a Class C block of IPs that appears to represent a third party. I did manage to find this document: "Optimizing ISP Networks and Services with DNS Redirection" http://www.nortelnetworks.com/products/library/collateral/intel_int/dns_wp.pdf Google PDF->HTML: http://216.239.39.100/search?q=cache:LUOHoIYtTegJ:www.nortelnetworks.com/products/library/collateral/intel_int/dns_wp.pdf+DNS+packet+redirected+ISP&hl=en&ie=UTF-8 Are my conclusions on the right track? Is this a common practice in the ISP industry? Of all the other hops between my workstation and the server, where might this rewriting be occuring? Michael F. Robbins mike@gamerack.com Attachment:
signature.asc
|
|