<br><br><div class="gmail_quote">On Thu, Apr 16, 2009 at 10:55 AM, Chris G <span dir="ltr"><<a href="mailto:cl@isbd.net">cl@isbd.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">On Thu, Apr 16, 2009 at 09:42:00AM -0500, Jon Nelson wrote:<br>
> I ran into a wacky problem today, and it *seems* to be dnsmasq's fault.<br>
><br>
> Assume (at least) 2 machines: a firewall (running dnsmasq) and any other<br>
> machine in the network (pointed at the firewall for name resolution).<br>
><br>
> On the firewall, 'host -v <a href="http://irc.freenode.org" target="_blank">irc.freenode.org</a>' results thusly:<br>
><br>
</div>[snip result data from two machines]<br>
<br>
I just tried the same here on the machine that runs dnsmasq and then<br>
on another machine that uses the first machine as its DNS server.<br>
Both machines gave the same (correct) result.</blockquote><div><br>Some more details:<br><br>a tcpdump on the inside shows the following (from wireshark's text output):<br><br>Domain Name System (response)<br> [Request In: 18]<br>
[Time: 0.065557000 seconds]<br> Length: 34<br> Transaction ID: 0xda14<br> Flags: 0x8185 (Standard query response, Refused)<br> 1... .... .... .... = Response: Message is a response<br> .000 0... .... .... = Opcode: Standard query (0)<br>
.... .0.. .... .... = Authoritative: Server is not an authority for domain<br> .... ..0. .... .... = Truncated: Message is not truncated<br> .... ...1 .... .... = Recursion desired: Do query recursively<br>
.... .... 1... .... = Recursion available: Server can do recursive queries<br> .... .... .0.. .... = Z: reserved (0)<br> .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server<br>
.... .... .... 0101 = Reply code: Refused (5)<br> Questions: 1<br> Answer RRs: 0<br> Authority RRs: 0<br> Additional RRs: 0<br> Queries<br> <a href="http://irc.freenode.org">irc.freenode.org</a>: type A, class IN<br>
Name: <a href="http://irc.freenode.org">irc.freenode.org</a><br> Type: A (Host address)<br> Class: IN (0x0001)<br><br><br><br>Why was it refused?<br>I have not generally had trouble resolving <a href="http://irc.freenode.org">irc.freenode.org</a> in the past, except for yesterday and today.<br>
<br></div></div><br>-- <br>Jon<br>