Re: [m0n0wall] DNS forwarder problem (still)

From:	sylikc <sylikc at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] DNS forwarder problem (still)
Date:	Fri, 18 Jul 2008 20:44:23 -0700
All,

I'm not sure if this is related to Harbert's problem, but I'm having some
sort of DNS resolution issues.

Actually, so far I can only ascertain that it affects "www.google.com".  I
can resolve "news.google.com" and "www.yahoo.com" and any other domains I
can think of.

This happens maybe within 24 hours of rebooting m0n0wall, and it's happened
3 days in a row now, so it should be easy to get debugging information if
someone needs it.  I tried to see if I could get anything in status.php but
I don't know where to look.


Now, the symptoms are...

m0n0wall's PING page shows that from the WAN interface, I can ping
www.google.com just fine.  it resolves, and everything's happy.

The problem is the clients cannot resolve www.google.com .  DNS forwarder is
on and m0n0wall sends requests to the DNS server, while handing out its own
IP as the DNS in the DHCP lease.  I ran DIG on one of the clients and got
such (m0n0wall internal IP is 10.10.10.10):


---- resolv.conf is configured to m0n0wall IP address 10.10.10.10 ----
>>> dig www.yahoo.com


>  ; <<>> DiG 9.3.2 <<>> www.yahoo.com
>  ;; global options:  printcmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1044
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>
>  ;; QUESTION SECTION:
>  ;www.yahoo.com.                 IN      A
>
>  ;; ANSWER SECTION:
>  www.yahoo.com.          171     IN      CNAME   www.yahoo-ht3.akadns.net.
>  www.yahoo-ht3.akadns.net. 26    IN      A       209.131.36.158
>
>  ;; Query time: 15 msec
>  ;; SERVER: 10.10.10.10#53(10.10.10.10)
>  ;; WHEN: Fri Jul 18 04:34:08 2008
>  ;; MSG SIZE  rcvd: 85
>


>>> dig news.google.com


>  ; <<>> DiG 9.3.2 <<>> news.google.com
>  ;; global options:  printcmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1922
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
>
>  ;; QUESTION SECTION:
>  ;news.google.com.               IN      A
>
>  ;; ANSWER SECTION:
>  news.google.com.        64754   IN      CNAME   news.l.google.com.
>  news.l.google.com.      242     IN      A       74.125.19.99
>  news.l.google.com.      242     IN      A       74.125.19.104
>  news.l.google.com.      242     IN      A       74.125.19.147
>  news.l.google.com.      242     IN      A       74.125.19.103
>
>  ;; Query time: 31 msec
>  ;; SERVER: 10.10.10.10#53(10.10.10.10)
>  ;; WHEN: Fri Jul 18 04:34:24 2008
>  ;; MSG SIZE  rcvd: 118
>


>>> dig www.google.com


>  ; <<>> DiG 9.3.2 <<>> www.google.com
>  ;; global options:  printcmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1112
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
>  ;; QUESTION SECTION:
>  ;www.google.com.                        IN      A
>
>  ;; ANSWER SECTION:
>  www.google.com.         16235   IN      CNAME   www.l.google.com.
>
>  ;; Query time: 15 msec
>  ;; SERVER: 10.10.10.10#53(10.10.10.10)
>  ;; WHEN: Fri Jul 18 04:35:04 2008
>  ;; MSG SIZE  rcvd: 62
>


>>> dig www.l.google.com


>  ; <<>> DiG 9.3.2 <<>> www.l.google.com
>  ;; global options:  printcmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 877
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>  ;; QUESTION SECTION:
>  ;www.l.google.com.              IN      A
>
>  ;; Query time: 0 msec
>  ;; SERVER: 10.10.10.10#53(10.10.10.10)
>  ;; WHEN: Fri Jul 18 04:35:13 2008
>  ;; MSG SIZE  rcvd: 34
>


----------------------------------------------



---- resolv.conf is configured to ISP IP address (while m0n0 is still in the
broken state as show above) ----
>>> dig www.l.google.com


>  ; <<>> DiG 9.3.2 <<>> www.l.google.com
>  ;; global options:  printcmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
>
>  ;; QUESTION SECTION:
>  ;www.l.google.com.              IN      A
>
>  ;; ANSWER SECTION:
>  www.l.google.com.       9       IN      A       74.125.19.147
>  www.l.google.com.       9       IN      A       74.125.19.99
>  www.l.google.com.       9       IN      A       74.125.19.103
>  www.l.google.com.       9       IN      A       74.125.19.104
>
>  ;; Query time: 15 msec
>  ;; SERVER: xx.xxx.1.14#53(xx.xxx.1.14)
>  ;; WHEN: Fri Jul 18 04:35:36 2008
>  ;; MSG SIZE  rcvd: 98
>


---------------------------------------------

---- stop and restart the DNS forwarder by unchecking, then checking the
checkbox on the DNS forwarder page ----
>>> dig www.l.google.com


>  ; <<>> DiG 9.3.2 <<>> www.l.google.com
>  ;; global options:  printcmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1278
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
>
>  ;; QUESTION SECTION:
>  ;www.l.google.com.              IN      A
>
>  ;; ANSWER SECTION:
>  www.l.google.com.       166     IN      A       74.125.19.103
>  www.l.google.com.       166     IN      A       74.125.19.99
>  www.l.google.com.       166     IN      A       74.125.19.104
>  www.l.google.com.       166     IN      A       74.125.19.147
>
>  ;; Query time: 0 msec
>  ;; SERVER: 10.10.10.10#53(10.10.10.10)
>  ;; WHEN: Fri Jul 18 04:38:00 2008
>  ;; MSG SIZE  rcvd: 98
>
>
---------------------------------------------


Any ideas for how I would debug this problem?

Thanks for any help.


/sylikc