This is a discussion on Re: Unexpected behaviour from the B root servers? Am I setup wrong? - DNS ; Stephen John Smoogen wrote: > I am only seeing this with the B systems at the moment.. and I am > trying to figure out how I should 'fix' my firewall or backbone DNS > server to deal with it. ...
Stephen John Smoogen wrote:
> I am only seeing this with the B systems at the moment.. and I am
> trying to figure out how I should 'fix' my firewall or backbone DNS
> server to deal with it.
> Our campus DNS servers will 'proxy' a request to the backbone DNS
> servers and when it talks to the B servers, we get requests back from
> different IP address from what we sent to (thus our firewall drops it
> as a bad session).
> 126.96.36.199.32768 > 188.8.131.52.domain
> 184.108.40.206.domain > 220.127.116.11.32768
> 18.104.22.168.domain > 22.214.171.124.32768
> 126.96.36.199.domain > 188.8.131.52.32768
> This really picked up on Saturday when pretty much every send to the
> 184.108.40.206 server got 1 to 2 other returns from b1.ip4.int,
> b2.ip4.int etc.
> The only other servers that the firewall seems to be dropping are some
> 'questionable' ones in Romania that showed up over the weekend.
220.127.116.11 ns1.isi.edu b.root-servers.net.old
First they featherd and tarred the .um TLD
Now they try to do the same the root
Since they moved the b.root-servers.net to its new ip,
they are living behind a load balancer.
When one of them is busy the answer might reach more
than one of them. When the sleepy one sends its answer
the load balancer does not know what to do with it
and lets it out without NATting its ip-address.
Looks like anycast - but it isn't.
Best cure would be to have a copy of b.root-servers.net
behind your firewall. Bind slave mode.
Bind will connect b.root-servers.net via tcp,
twice per day and there will go no other queries to
to the root-servers. There will come no more answers.
Peter and Karin
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
+49(6252)750-308 (VoIP: sipgate.de)