[Dnsmasq-discuss] I am getting some strange "reply login.gslb2.salesforce.com is NODATA-IPv4" errors
Simon Kelley
simon at thekelleys.org.uk
Wed Aug 17 20:27:45 BST 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
I just rand the same query and got this answer
srk at julia:~$ dig @127.0.0.1 -p 10000 login.salesforce.com
; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @127.0.0.1 -p 10000
login.salesforce.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2237
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;login.salesforce.com. IN A
;; ANSWER SECTION:
login.salesforce.com. 3577 IN CNAME login.gslb2.salesforce.com.
login.gslb2.salesforce.com. 100 IN A 85.222.132.2
;; Query time: 418 msec
;; SERVER: 127.0.0.1#10000(127.0.0.1)
;; WHEN: Wed Aug 17 20:24:51 BST 2016
;; MSG SIZE rcvd: 91
So login.salesforce.com. is a CNAME for login.gslb2.salesforce.com.
and there's a IP address at login.gslb2.salesforce.com
My guess is that this was a transient fault where the A record for
login.gslb2.salesforce.com was missing. It certainly doesn't look like
a dnsmasq bug.
Cheers,
Simon.
On 15/08/16 16:40, Kasper Grubbe wrote:
> One of my users is getting some errors talking to Salesforce, as a
> replication step she has provided me with the following piece of
> Python code:
>
> import socket print(socket.gethostbyname('localhost'))
> print(socket.gethostbyname('google.com'))
> print(socket.gethostbyname('login.salesforce.com'))
>
> And it prints the following:
>
> 127.0.0.1 216.58.211.14 Traceback (most recent call last): File
> "dns.py", line 4, in <module>
> print(socket.gethostbyname('login.salesforce.com'))
> socket.gaierror: [Errno 8] nodename nor servname provided, or not
> known
>
> In my logs I see the following:
>
> Aug 15 14:54:32 dnsmasq[28405]: query[A]
> login.gslb2.salesforce.com from 10.8.0.3 Aug 15 14:54:32
> dnsmasq[28405]: forwarded login.gslb2.salesforce.com to 8.8.8.8 Aug
> 15 14:54:32 dnsmasq[28405]: forwarded login.gslb2.salesforce.com
> to 8.8.4.4 Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DS] com to
> 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DNSKEY] . to
> 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: reply . is DNSKEY keytag
> 46551 Aug 15 14:54:32 dnsmasq[28405]: reply . is DNSKEY keytag
> 19036 Aug 15 14:54:32 dnsmasq[28405]: reply com is DS keytag 30909
> Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DS] salesforce.com to
> 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DNSKEY] com to
> 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: reply com is DNSKEY keytag
> 27452 Aug 15 14:54:32 dnsmasq[28405]: reply com is DNSKEY keytag
> 30909 Aug 15 14:54:32 dnsmasq[28405]: reply salesforce.com is no
> DS Aug 15 14:54:32 dnsmasq[28405]: validation result is INSECURE
> Aug 15 14:54:32 dnsmasq[28405]: reply login.gslb2.salesforce.com
> is NODATA-IPv4
>
> My Dnsmasq is configured like this:
>
> dnssec
>
> trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200F
D2CE1CDDE32F24E8FB5
>
>
dnssec-check-unsigned
>
> interface=tun0 local-ttl=360
>
> log-queries log-facility=/var/log/dnsmasq.log log-async=20
>
> resolv-file=/etc/dnsmasq-resolv.conf
>
> And dnsmasq-resolv.conf contains this:
>
> nameserver 8.8.8.8 nameserver 8.8.4.4
>
> Any ideas why this is?
>
> Br. -- Kasper Grubbe
>
> Phone: (+45) 42 42 42 74 Skype: kasper.grubbe Mail:
> kaspergrubbe at gmail.com Web: http://kaspergrubbe.com
>
>
>
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJXtLqxAAoJEBXN2mrhkTWiRGoP/RWGIeYrZNBHKdMrGHoHLUmn
waeLBojUuk0dpuIMqJss0K7gjIeeNHe8xWfJxYf7Q5rYxiEEYZMGhzlIDEO31wSl
09rTFLqnz4jVdWvbJYnQ0dx9RCGgrZhE3SJJR4Nyq1eAyQ6x7OdTilpcGvrjmvk2
yA98w+O6zvAeusCJ9XUPHp//O3x2RBYJIJPZ5WB99KPpqq9jN1h/jk0qqkmhved2
jYk6oh5oW3Va1lNK2iFgLM/jEvYBKlJUl/uGBXdGo6KXD9D19UBElgsztXeE0yXk
2xrmaVljs24KMozjytesKSqEk0hYLcvFxCFabRyo4RybOq0+44YnrpeR+SXui5E8
6ZDZj4Ub9NHtXHUcTyzNISl/J3Xfy/kOm2AGaSAJIzRPczG99zfze7C3uzprfe7A
H0YWNzh12XhZEI9LBvlOTaHdnI3Nkz/qG82NU638vYr2WoiS+OZZjeTNmUfmmis8
pVh1Wp+tftNpGQxV68OagnWj/4xZL96wdEBouznx0LzfYjDZhhKWjtTD7Mv/LJUZ
+3iIIcmf2gCNBnmEDeqW4imMkSBTmun3pd3nkInAc5bnLqU26VQQXN2FE3G80ge7
GeVVkxDu9PBHZ79JfzfCxT+ygzEmbRiQtw+QfIdMlGGfs1ugtLxy0pcSZdEtzPmn
4oHeXXbcUxO+8A39tZHS
=QgWx
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list