I hate to reply to myself, but... (and I'm sure this isn't the only
other example) what the heck is ETrade's LB doing here?
(who is NS for etrade.com)
;etrade.com. IN NS
;; ANSWER SECTION:
etrade.com. 3212 IN NS dnsauth2.sys.gtei.net.
etrade.com. 3212 IN NS dnsauth1.sys.gtei.net.
etrade.com. 3212 IN NS ns1m7.etrade.com.
etrade.com. 3212 IN NS ns2m7.etrade.com.
etrade.com. 3212 IN NS auth40.ns.uu.net.
etrade.com. 3212 IN NS ns1m4.etrade.com.
etrade.com. 3212 IN NS ns2m3.etrade.com.
(what's A for www.etrade.com @ns1m4.etrade.com)
;; QUESTION SECTION:
;www.etrade.com. IN A
;; AUTHORITY SECTION:
www.etrade.com. 3600 IN NS gsched8.etrade.com.
www.etrade.com. 3600 IN NS gsched4.etrade.com.
www.etrade.com. 3600 IN NS gsched5.etrade.com.
www.etrade.com. 3600 IN NS gsched7.etrade.com.
sweet, now who is AAAA for www.etrade.com?
; <<>> DiG 9.4.0 <<>> AAAA @gsched5.etrade.com. www.etrade.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29630
;; flags: qr aa rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; WARNING: Messages has 20 extra bytes at end
;; Query time: 28 msec
;; SERVER: 198.93.34.30#53(198.93.34.30)
;; WHEN: Sat Sep 27 02:42:27 2008
(or without recursion in the request:
; <<>> DiG 9.4.0 <<>> AAAA @gsched5.etrade.com. www.etrade.com +norecurse
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3362
;; flags: qr aa; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: Messages has 20 extra bytes at end
;; Query time: 26 msec
;; SERVER: 198.93.34.30#53(198.93.34.30)
;; WHEN: Sat Sep 27 02:58:35 2008
)
what?? maybe the packet trace would help?
Frame 1 (74 bytes on wire, 74 bytes captured)
Arrival Time: Sep 27, 2008 03:02:52.198866000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 74 bytes
Capture Length: 74 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
Ethernet II, Src: Intel_5c:b0:00 (00:0e:0c:5c:b0:00), Dst:
Unispher_a0:3d:a5 (00:90:1a:a0:3d:a5)
Destination: Unispher_a0:3d:a5 (00:90:1a:a0:3d:a5)
Address: Unispher_a0:3d:a5 (00:90:1a:a0:3d:a5)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique
address (factory default)
Source: Intel_5c:b0:00 (00:0e:0c:5c:b0:00)
Address: Intel_5c:b0:00 (00:0e:0c:5c:b0:00)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique
address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 1.1.1.1 (1.1.1.1), Dst: 198.93.34.30 (198.93.34.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x23c3 [correct]
[Good: True]
[Bad : False]
Source: 1.1.1.1 (1.1.1.1)
Destination: 198.93.34.30 (198.93.34.30)
User Datagram Protocol, Src Port: 22479 (22479), Dst Port: domain (53)
Source port: 22479 (22479)
Destination port: domain (53)
Length: 40
Checksum: 0x1728 [incorrect, should be 0x06ba (maybe caused by
"UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
Transaction ID: 0xfd35
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK:
Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
www.etrade.com: type AAAA, class IN
Name: www.etrade.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Frame 2 (74 bytes on wire, 74 bytes captured)
Arrival Time: Sep 27, 2008 03:02:52.226523000
[Time delta from previous captured frame: 0.027657000 seconds]
[Time delta from previous displayed frame: 0.027657000 seconds]
[Time since reference or first frame: 0.027657000 seconds]
Frame Number: 2
Frame Length: 74 bytes
Capture Length: 74 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
Ethernet II, Src: Unispher_a0:3d:a5 (00:90:1a:a0:3d:a5), Dst:
Intel_5c:b0:00 (00:0e:0c:5c:b0:00)
Destination: Intel_5c:b0:00 (00:0e:0c:5c:b0:00)
Address: Intel_5c:b0:00 (00:0e:0c:5c:b0:00)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique
address (factory default)
Source: Unispher_a0:3d:a5 (00:90:1a:a0:3d:a5)
Address: Unispher_a0:3d:a5 (00:90:1a:a0:3d:a5)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique
address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 198.93.34.30 (198.93.34.30), Dst:1.1.1.1 (1.1.1.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x9fb6 (40886)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 253
Protocol: UDP (0x11)
Header checksum: 0xc70b [correct]
[Good: True]
[Bad : False]
Source: 198.93.34.30 (198.93.34.30)
Destination: 1.1.1.1 (1.1.1.1)
User Datagram Protocol, Src Port: domain (53), Dst Port: 22479 (22479)
Source port: domain (53)
Destination port: 22479 (22479)
Length: 40
Checksum: 0x82ba [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 1]
[Time: 0.027657000 seconds]
Transaction ID: 0xfd35
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do
recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority
portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 0
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
2 packets captured
It's interesting as an aside that the LB here pushes out a TTL255
packet... Maybe the ETrade folks are also listening and could comment
public/private or just fix this?
It'd be good to see what kind of
LB this is, and what version of software it is running.
-Chris