Carl,
The output from the tcpdumps on both machines. >From my local: 226 13.386290 172.16.1.103 72.162.32.4 DNS 107 Standard query 0x8148 PTR 3.32.162.72.in-addr.arpa OPT 227 13.405397 72.162.32.4 172.16.1.103 DNS 93 Standard query response 0x8148 Refused PTR 17.1.1.10.in-addr.arpa OPT 307 18.385705 172.16.1.103 72.162.32.4 DNS 107 Standard query 0x8148 PTR 3.32.162.72.in-addr.arpa OPT 308 18.402629 72.162.32.4 172.16.1.103 DNS 93 Standard query response 0x8148 Refused PTR 17.1.1.10.in-addr.arpa OPT 357 23.386698 172.16.1.103 72.162.32.4 DNS 107 Standard query 0x8148 PTR 3.32.162.72.in-addr.arpa OPT 358 23.404178 72.162.32.4 172.16.1.103 DNS 93 Standard query response 0x8148 Refused PTR 17.1.1.10.in-addr.arpa OPT 492 35.373711 172.16.1.103 72.162.32.4 DNS 107 Standard query 0xa388 PTR 5.32.162.72.in-addr.arpa OPT 493 35.391667 72.162.32.4 172.16.1.103 DNS 149 Standard query response 0xa388 No such name PTR 5.32.162.72.in-addr.arpa SOA ns.iotis.org OPT 541 44.408527 172.16.1.103 72.162.32.4 DNS 107 Standard query 0x2e67 PTR 6.32.162.72.in-addr.arpa OPT 542 44.426670 72.162.32.4 172.16.1.103 DNS 92 Standard query response 0x2e67 Refused PTR 6.1.1.10.in-addr.arpa OPT 634 49.408293 172.16.1.103 72.162.32.4 DNS 107 Standard query 0x2e67 PTR 6.32.162.72.in-addr.arpa OPT 635 49.427719 72.162.32.4 172.16.1.103 DNS 92 Standard query response 0x2e67 Refused PTR 6.1.1.10.in-addr.arpa OPT 689 54.408297 172.16.1.103 72.162.32.4 DNS 107 Standard query 0x2e67 PTR 6.32.162.72.in-addr.arpa OPT 690 54.425286 72.162.32.4 172.16.1.103 DNS 92 Standard query response 0x2e67 Refused PTR 6.1.1.10.in-addr.arpa OPT 755 62.891404 172.16.1.103 72.162.32.4 DNS 108 Standard query 0xd77a PTR 18.32.162.72.in-addr.arpa OPT 756 62.908737 72.162.32.4 172.16.1.103 DNS 192 Standard query response 0xd77a PTR 18.32.162.72.in-addr.arpa PTR badmx.iotis.org NS ns2.iotis.org NS ns.iotis.org A 72.162.32.3 A 72.162.32.4 OPT >From the dns server: 07:15:07.565369 IP 24.181.4.204.22196 > 10.1.1.25.53: 33096 [1au] PTR? 17.1.1.10.in-addr.arpa. (63) 07:15:07.565984 IP 10.1.1.25.53 > 24.181.4.204.22196: 33096 Refused- 0/0/1 (51) 07:15:12.562543 IP 24.181.4.204.22196 > 10.1.1.25.53: 33096 [1au] PTR? 17.1.1.10.in-addr.arpa. (63) 07:15:12.563134 IP 10.1.1.25.53 > 24.181.4.204.22196: 33096 Refused- 0/0/1 (51) 07:15:17.563820 IP 24.181.4.204.22196 > 10.1.1.25.53: 33096 [1au] PTR? 17.1.1.10.in-addr.arpa. (63) 07:15:17.564464 IP 10.1.1.25.53 > 24.181.4.204.22196: 33096 Refused- 0/0/1 (51) 07:15:29.551545 IP 24.181.4.204.10307 > 10.1.1.25.53: 41864 [1au] PTR? 5.32.162.72.in-addr.arpa. (65) 07:15:29.552158 IP 10.1.1.25.53 > 24.181.4.204.10307: 41864 NXDomain*- 0/1/1 (107) 07:15:38.586430 IP 24.181.4.204.44420 > 10.1.1.25.53: 11879 [1au] PTR? 6.1.1.10.in-addr.arpa. (62) 07:15:38.586935 IP 10.1.1.25.53 > 24.181.4.204.44420: 11879 Refused- 0/0/1 (50) 07:15:43.587602 IP 24.181.4.204.44420 > 10.1.1.25.53: 11879 [1au] PTR? 6.1.1.10.in-addr.arpa. (62) 07:15:43.588026 IP 10.1.1.25.53 > 24.181.4.204.44420: 11879 Refused- 0/0/1 (50) 07:15:48.584994 IP 24.181.4.204.44420 > 10.1.1.25.53: 11879 [1au] PTR? 6.1.1.10.in-addr.arpa. (62) 07:15:48.585537 IP 10.1.1.25.53 > 24.181.4.204.44420: 11879 Refused- 0/0/1 (50) 07:15:57.068551 IP 24.181.4.204.44089 > 10.1.1.25.53: 55162 [1au] PTR? 18.32.162.72.in-addr.arpa. (66) 07:15:57.069188 IP 10.1.1.25.53 > 24.181.4.204.44089: 55162*- 1/2/3 PTR badmx.iotis.org. (150) I'm sending the above to our cisco guy, I had already assumed it is the nat as I had noticed yesterday that it was only affecting actual nated hosts. John > -----Original Message----- > From: bind-users [mailto:[email protected]] On Behalf Of Carl > Byington via bind-users > Sent: Tuesday, April 21, 2020 6:17 PM > To: [email protected] > Subject: RE: NAT and Question Section Mismatch > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On Tue, 2020-04-21 at 14:08 -0400, John Wiles wrote: > ;; ;; Question section mismatch: got 17.1.1.10.in-addr.arpa/PTR/IN > > tcpdump is your friend. > > Dump the outgoing packets from your home connection to see exactly what > you are sending for: > > dig 3.32.162.72.in-addr.arpa ptr @72.162.32.4 +nodnssec +norecur > > Dump the incoming packets at your dns server to see what it is receiving for > that command. Any differences are probably generated by the cisco. > Dump the outgoing packets from your dns server, and the incoming packets > at your home connection also. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > > iEYEAREKAAYFAl6fcKwACgkQL6j7milTFsHWLACffvw6WJlQecTYmUWQ0al6szX > u > GncAn05uTakguddRQfrb3QlhMdhVl2gB > =hUGI > -----END PGP SIGNATURE----- > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
