[Dnsmasq-discuss] I am getting some strange "reply login.gslb2.salesforce.com is NODATA-IPv4" errors

Simon Kelley simon at thekelleys.org.uk
Wed Aug 17 20:27:45 BST 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I just rand the same query and got this answer

srk at julia:~$ dig @127.0.0.1 -p 10000 login.salesforce.com

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @127.0.0.1 -p 10000
login.salesforce.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2237
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;login.salesforce.com.		IN	A

;; ANSWER SECTION:
login.salesforce.com.	3577	IN	CNAME	login.gslb2.salesforce.com.
login.gslb2.salesforce.com. 100	IN	A	85.222.132.2

;; Query time: 418 msec
;; SERVER: 127.0.0.1#10000(127.0.0.1)
;; WHEN: Wed Aug 17 20:24:51 BST 2016
;; MSG SIZE  rcvd: 91




So login.salesforce.com. is a CNAME for login.gslb2.salesforce.com.
and there's a IP address at login.gslb2.salesforce.com

My guess is that this was a transient fault where the A record for
login.gslb2.salesforce.com was missing. It certainly doesn't look like
a dnsmasq bug.

Cheers,

Simon.


On 15/08/16 16:40, Kasper Grubbe wrote:
> One of my users is getting some errors talking to Salesforce, as a 
> replication step she has provided me with the following piece of
> Python code:
> 
> import socket print(socket.gethostbyname('localhost')) 
> print(socket.gethostbyname('google.com')) 
> print(socket.gethostbyname('login.salesforce.com'))
> 
> And it prints the following:
> 
> 127.0.0.1 216.58.211.14 Traceback (most recent call last): File
> "dns.py", line 4, in <module> 
> print(socket.gethostbyname('login.salesforce.com')) 
> socket.gaierror: [Errno 8] nodename nor servname provided, or not
> known
> 
> In my logs I see the following:
> 
> Aug 15 14:54:32 dnsmasq[28405]: query[A]
> login.gslb2.salesforce.com from 10.8.0.3 Aug 15 14:54:32
> dnsmasq[28405]: forwarded login.gslb2.salesforce.com to 8.8.8.8 Aug
> 15 14:54:32 dnsmasq[28405]: forwarded login.gslb2.salesforce.com
> to 8.8.4.4 Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DS] com to
> 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DNSKEY] . to
> 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: reply . is DNSKEY keytag
> 46551 Aug 15 14:54:32 dnsmasq[28405]: reply . is DNSKEY keytag
> 19036 Aug 15 14:54:32 dnsmasq[28405]: reply com is DS keytag 30909 
> Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DS] salesforce.com to 
> 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: dnssec-query[DNSKEY] com to
> 8.8.8.8 Aug 15 14:54:32 dnsmasq[28405]: reply com is DNSKEY keytag
> 27452 Aug 15 14:54:32 dnsmasq[28405]: reply com is DNSKEY keytag
> 30909 Aug 15 14:54:32 dnsmasq[28405]: reply salesforce.com is no
> DS Aug 15 14:54:32 dnsmasq[28405]: validation result is INSECURE 
> Aug 15 14:54:32 dnsmasq[28405]: reply login.gslb2.salesforce.com
> is NODATA-IPv4
> 
> My Dnsmasq is configured like this:
> 
> dnssec
> 
> trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200F
D2CE1CDDE32F24E8FB5
>
> 
dnssec-check-unsigned
> 
> interface=tun0 local-ttl=360
> 
> log-queries log-facility=/var/log/dnsmasq.log log-async=20
> 
> resolv-file=/etc/dnsmasq-resolv.conf
> 
> And dnsmasq-resolv.conf contains this:
> 
> nameserver 8.8.8.8 nameserver 8.8.4.4
> 
> Any ideas why this is?
> 
> Br. -- Kasper Grubbe
> 
> Phone: (+45) 42 42 42 74 Skype: kasper.grubbe Mail:
> kaspergrubbe at gmail.com Web: http://kaspergrubbe.com
> 
> 
> 
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJXtLqxAAoJEBXN2mrhkTWiRGoP/RWGIeYrZNBHKdMrGHoHLUmn
waeLBojUuk0dpuIMqJss0K7gjIeeNHe8xWfJxYf7Q5rYxiEEYZMGhzlIDEO31wSl
09rTFLqnz4jVdWvbJYnQ0dx9RCGgrZhE3SJJR4Nyq1eAyQ6x7OdTilpcGvrjmvk2
yA98w+O6zvAeusCJ9XUPHp//O3x2RBYJIJPZ5WB99KPpqq9jN1h/jk0qqkmhved2
jYk6oh5oW3Va1lNK2iFgLM/jEvYBKlJUl/uGBXdGo6KXD9D19UBElgsztXeE0yXk
2xrmaVljs24KMozjytesKSqEk0hYLcvFxCFabRyo4RybOq0+44YnrpeR+SXui5E8
6ZDZj4Ub9NHtXHUcTyzNISl/J3Xfy/kOm2AGaSAJIzRPczG99zfze7C3uzprfe7A
H0YWNzh12XhZEI9LBvlOTaHdnI3Nkz/qG82NU638vYr2WoiS+OZZjeTNmUfmmis8
pVh1Wp+tftNpGQxV68OagnWj/4xZL96wdEBouznx0LzfYjDZhhKWjtTD7Mv/LJUZ
+3iIIcmf2gCNBnmEDeqW4imMkSBTmun3pd3nkInAc5bnLqU26VQQXN2FE3G80ge7
GeVVkxDu9PBHZ79JfzfCxT+ygzEmbRiQtw+QfIdMlGGfs1ugtLxy0pcSZdEtzPmn
4oHeXXbcUxO+8A39tZHS
=QgWx
-----END PGP SIGNATURE-----

More information about the Dnsmasq-discuss mailing list