[Dnsmasq-discuss] I am getting some strange "reply login.gslb2.salesforce.com is NODATA-IPv4" errors

Kasper Grubbe kawsper at gmail.com
Sun Aug 21 23:22:52 BST 2016 

Hi Simon, thank you so much for getting back to me.

I continued to see errors, but I tried switching away from Google DNS, and
instead I used http://www.censurfridns.dk/ (censorship free dns), and the
error have been resolved. I don't know if it is an issue with their
service, or an issue between my hosting (Linode) and Googles service, but I
haven't seen any issues since the change.


Thanks again.
--
Kasper Grubbe

Phone: (+45) 42 42 42 74
Skype: kasper.grubbe
Mail: kaspergrubbe at gmail.com
Web: http://kaspergrubbe.com

On Wed, Aug 17, 2016 at 8:27 PM, Simon Kelley <simon at thekelleys.org.uk>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi,
>
> I just rand the same query and got this answer
>
> srk at julia:~$ dig @127.0.0.1 -p 10000 login.salesforce.com
>
> ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @127.0.0.1 -p 10000
> login.salesforce.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2237
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;login.salesforce.com.          IN      A
>
> ;; ANSWER SECTION:
> login.salesforce.com.   3577    IN      CNAME   login.gslb2.salesforce.com
> .
> login.gslb2.salesforce.com. 100 IN      A       85.222.132.2
>
> ;; Query time: 418 msec
> ;; SERVER: 127.0.0.1#10000(127.0.0.1)
> ;; WHEN: Wed Aug 17 20:24:51 BST 2016
> ;; MSG SIZE  rcvd: 91
>
>
>
>
> So login.salesforce.com. is a CNAME for login.gslb2.salesforce.com.
> and there's a IP address at login.gslb2.salesforce.com
>
> My guess is that this was a transient fault where the A record for
> login.gslb2.salesforce.com was missing. It certainly doesn't look like
> a dnsmasq bug.
>
> Cheers,
>
> Simon.
>
>
> On 15/08/16 16:40, Kasper Grubbe wrote:
> > One of my users is getting some errors talking to Salesforce, as a
> > replication step she has provided me with the following piece of
> > Python code:
> >
> > import socket print(socket.gethostbyname('localhost'))
> > print(socket.gethostbyname('google.com'))
> > print(socket.gethostbyname('login.salesforce.com'))
> >
> > And it prints the following:
> >
> > 127.0.0.1 216.58.211.14 Traceback (most recent call last): File
> > "dns.py", line 4, in <module>
> > print(socket.gethostbyname('login.salesforce.com'))
> > socket.gaierror: [Errno 8] nodename nor servname provided, or not
> > known
> >
> > In my logs I see the following:
> >
> > Aug 15 14:54:32 dnsmasq[28405]: query[A]
> > login.gslb2.salesforce.com from 10.8.0.3 Aug 15 14:54:32
> > dnsmasq[28405]: forwarded login.gslb2.salesforce.com to 8.8.8.8 Aug
> > 15 14:54:32 dnsmasq[28405]: forwarded login.gslb2.salesforce.com
> > to 8.8.4.4 Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DS] com to
> > 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DNSKEY] . to
> > 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: reply . is DNSKEY keytag
> > 46551 Aug 15 14:54:32 dnsmasq[28405]: reply . is DNSKEY keytag
> > 19036 Aug 15 14:54:32 dnsmasq[28405]: reply com is DS keytag 30909
> > Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DS] salesforce.com to
> > 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DNSKEY] com to
> > 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: reply com is DNSKEY keytag
> > 27452 Aug 15 14:54:32 dnsmasq[28405]: reply com is DNSKEY keytag
> > 30909 Aug 15 14:54:32 dnsmasq[28405]: reply salesforce.com is no
> > DS Aug 15 14:54:32 dnsmasq[28405]: validation result is INSECURE
> > Aug 15 14:54:32 dnsmasq[28405]: reply login.gslb2.salesforce.com
> > is NODATA-IPv4
> >
> > My Dnsmasq is configured like this:
> >
> > dnssec
> >
> > trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200F
> D2CE1CDDE32F24E8FB5
> >
> >
> dnssec-check-unsigned
> >
> > interface=tun0 local-ttl=360
> >
> > log-queries log-facility=/var/log/dnsmasq.log log-async=20
> >
> > resolv-file=/etc/dnsmasq-resolv.conf
> >
> > And dnsmasq-resolv.conf contains this:
> >
> > nameserver 8.8.8.8 nameserver 8.8.4.4
> >
> > Any ideas why this is?
> >
> > Br. -- Kasper Grubbe
> >
> > Phone: (+45) 42 42 42 74 Skype: kasper.grubbe Mail:
> > kaspergrubbe at gmail.com Web: http://kaspergrubbe.com
> >
> >
> >
> > _______________________________________________ Dnsmasq-discuss
> > mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBCAAGBQJXtLqxAAoJEBXN2mrhkTWiRGoP/RWGIeYrZNBHKdMrGHoHLUmn
> waeLBojUuk0dpuIMqJss0K7gjIeeNHe8xWfJxYf7Q5rYxiEEYZMGhzlIDEO31wSl
> 09rTFLqnz4jVdWvbJYnQ0dx9RCGgrZhE3SJJR4Nyq1eAyQ6x7OdTilpcGvrjmvk2
> yA98w+O6zvAeusCJ9XUPHp//O3x2RBYJIJPZ5WB99KPpqq9jN1h/jk0qqkmhved2
> jYk6oh5oW3Va1lNK2iFgLM/jEvYBKlJUl/uGBXdGo6KXD9D19UBElgsztXeE0yXk
> 2xrmaVljs24KMozjytesKSqEk0hYLcvFxCFabRyo4RybOq0+44YnrpeR+SXui5E8
> 6ZDZj4Ub9NHtXHUcTyzNISl/J3Xfy/kOm2AGaSAJIzRPczG99zfze7C3uzprfe7A
> H0YWNzh12XhZEI9LBvlOTaHdnI3Nkz/qG82NU638vYr2WoiS+OZZjeTNmUfmmis8
> pVh1Wp+tftNpGQxV68OagnWj/4xZL96wdEBouznx0LzfYjDZhhKWjtTD7Mv/LJUZ
> +3iIIcmf2gCNBnmEDeqW4imMkSBTmun3pd3nkInAc5bnLqU26VQQXN2FE3G80ge7
> GeVVkxDu9PBHZ79JfzfCxT+ygzEmbRiQtw+QfIdMlGGfs1ugtLxy0pcSZdEtzPmn
> 4oHeXXbcUxO+8A39tZHS
> =QgWx
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160821/f33adfe3/attachment.html>

More information about the Dnsmasq-discuss mailing list