[Dnsmasq-discuss] I am getting some strange "reply login.gslb2.salesforce.com is NODATA-IPv4" errors

Kasper Grubbe kawsper at gmail.com
Mon Aug 15 16:40:02 BST 2016


One of my users is getting some errors talking to Salesforce, as a
replication step she has provided me with the following piece of Python
code:

    import socket
    print(socket.gethostbyname('localhost'))
    print(socket.gethostbyname('google.com'))
    print(socket.gethostbyname('login.salesforce.com'))

And it prints the following:

    127.0.0.1
    216.58.211.14
    Traceback (most recent call last):
      File "dns.py", line 4, in <module>
        print(socket.gethostbyname('login.salesforce.com'))
    socket.gaierror: [Errno 8] nodename nor servname provided, or not known

In my logs I see the following:

    Aug 15 14:54:32 dnsmasq[28405]: query[A] login.gslb2.salesforce.com
from 10.8.0.3
    Aug 15 14:54:32 dnsmasq[28405]: forwarded login.gslb2.salesforce.com to
8.8.8.8
    Aug 15 14:54:32 dnsmasq[28405]: forwarded login.gslb2.salesforce.com to
8.8.4.4
    Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DS] com to 8.8.8.8
    Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DNSKEY] . to 8.8.8.8
    Aug 15 14:54:32 dnsmasq[28405]: reply . is DNSKEY keytag 46551
    Aug 15 14:54:32 dnsmasq[28405]: reply . is DNSKEY keytag 19036
    Aug 15 14:54:32 dnsmasq[28405]: reply com is DS keytag 30909
    Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DS] salesforce.com to
8.8.8.8
    Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DNSKEY] com to 8.8.8.8
    Aug 15 14:54:32 dnsmasq[28405]: reply com is DNSKEY keytag 27452
    Aug 15 14:54:32 dnsmasq[28405]: reply com is DNSKEY keytag 30909
    Aug 15 14:54:32 dnsmasq[28405]: reply salesforce.com is no DS
    Aug 15 14:54:32 dnsmasq[28405]: validation result is INSECURE
    Aug 15 14:54:32 dnsmasq[28405]: reply login.gslb2.salesforce.com is
NODATA-IPv4

My Dnsmasq is configured like this:

    dnssec

trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
    dnssec-check-unsigned

    interface=tun0
    local-ttl=360

    log-queries
    log-facility=/var/log/dnsmasq.log
    log-async=20

    resolv-file=/etc/dnsmasq-resolv.conf

And dnsmasq-resolv.conf contains this:

    nameserver 8.8.8.8
    nameserver 8.8.4.4

Any ideas why this is?

Br.
--
Kasper Grubbe

Phone: (+45) 42 42 42 74
Skype: kasper.grubbe
Mail: kaspergrubbe at gmail.com
Web: http://kaspergrubbe.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160815/7c3f062e/attachment.html>


More information about the Dnsmasq-discuss mailing list