Re: Odd name lookup behavior

Wed, 18 Nov 2009 15:55:13 -0800 

On Wed, Nov 18, 2009 at 11:21:41PM +0100, Robert wrote:
> On Wed, 18 Nov 2009 15:06:28 -0500
> stan <[email protected]> wrote:
> 
> > Can anyone xplain this behavior to me?
> > 
> > Given the following resolv.conf file:
> > 
> > r...@pm3fw:root# cat /etc/resolv.conf
> > lookup file bind
> > search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com
> > nameserver 127.0.0.1 
> > nameserver 10.209.128.20
> > nameserver 10.209.128.26
> > nameserver 10.209.142.158
> > 
> > And:
> > 
> > r...@pm3fw:root# nslookup
> > > cvsup
> > Server:         127.0.0.1
> > Address:        127.0.0.1#53
> > 
> > Non-authoritative answer:
> > Name:   cvsup.mcn.chs
> > Address: 10.209.142.151
> > > 10.209.142.151
> > Server:         127.0.0.1
> > Address:        127.0.0.1#53
> > 
> > 151.142.209.10.in-addr.arpa     name = cvsup.meadwestvaco.com.
> > > exit
> > 
> > Why does this happen ? And how?
> > 
> > r...@pm3fw:root# nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389
> > cvsup 
> > 
> > Starting Nmap 4.76 ( http://nmap.org ) at 2009-11-18 15:05 EST
> > Initiating Ping Scan at 15:05
> > Scanning 10.209.142.151 [8 ports]
> > Completed Ping Scan at 15:05, 0.20s elapsed (1 total hosts)
> > Initiating Parallel DNS resolution of 1 host. at 15:05
> > Completed Parallel DNS resolution of 1 host. at 15:05, 0.00s elapsed
> > Initiating SYN Stealth Scan at 15:05
> > Scanning cvsup.meadwestvaco.com (10.209.142.151) [1000 ports]
> > 
> > Is nmap not using the resolver libraries?
> > 
> > 
> 
> Your dns at 127.0.0.1 does not resolve 151.142.209.10.in-addr.arpa?
> 127.0.0.1:53 allows recursiv querys so it looks elsewhere and serves
> the "real" hostname?

OK here are the servers that the local nameserver recurses to:

forwarders {
        10.209.142.158;
                10.209.144.150;
                10.209.142.154;
        };

And if I use nslookup and set it to each of them in turn, i still get the
mcn.chs name:

s...@pm3fw:stan$ nslookup
> cvsup
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   cvsup.mcn.chs
Address: 10.209.142.151
> 10.209.142.151
Server:         127.0.0.1
Address:        127.0.0.1#53

151.142.209.10.in-addr.arpa     name = cvsup.meadwestvaco.com.
> server 10.209.142.158
Default server: 10.209.142.158
Address: 10.209.142.158#53
> cvsup
Server:         10.209.142.158
Address:        10.209.142.158#53

Non-authoritative answer:
Name:   cvsup.mcn.chs
Address: 10.209.142.151
> server 10.209.144.150
Default server: 10.209.144.150
Address: 10.209.144.150#53
> cvsup
Server:         10.209.144.150
Address:        10.209.144.150#53

Non-authoritative answer:
Name:   cvsup.mcn.chs
Address: 10.209.142.151
> server 10.209.142.154
Default server: 10.209.142.154
Address: 10.209.142.154#53
> cvsup
Server:         10.209.142.154
Address:        10.209.142.154#53

Non-authoritative answer:
Name:   cvsup.mcn.chs
Address: 10.209.142.151

Of course, I do see the "Non-authoritative answer:" clause in each of
these. Would that mean that a program could request an authoritative
answer? If so, how?

-- 
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Reply via email to