Page 1 of 1

Stuck with local IP DNS Issue

Posted: Thu Mar 12, 2015 9:19 pm
by yacsap
Hi,

I have DNS issue here:
C:\Users\yacsap.VOLT>nslookup
Default Server:  MikroTik
Address:  1.0.0.1

> some.host.name
Server:  MikroTik
Address:  1.0.0.1

Non-authoritative answer:
Name:    some.host.name
Address:  10.0.0.9

>
It keeps giving me local IP address which I set before in MikroTik's Static DNS.

But the host name is actually a public IP.

I've checked 'ip dns static print', I'm sure the local IP is not listed there.

Any idea where the local IP came from?

It's not on the public named either.

Re: DNS Issue

Posted: Fri Mar 13, 2015 4:09 am
by yacsap
*bump*

Re: DNS Issue

Posted: Fri Mar 13, 2015 2:05 pm
by ZeroByte
All I can say for sure with the information given is that the reply came from a cache or a recursive query because the answer was non-authoritative. I would suspect that your localy-configured address would generate an authoritative response....

Perhaps the host the Mikrotik is configured to use for DNS resolver has the wrong information cached as well?

Do you get the same result when querying via other DNS servers?

Re: DNS Issue

Posted: Fri Mar 13, 2015 8:18 pm
by Sob
Non-authoritative answer is correct, static addresses in ROS DNS are simple overrides, setting them does not turn router into authoritative server for them.

Check the resolvers configured in router and ask them all directly (dig, nslookup) for that record. If at least one of them gives you the wrong address too, then the problem is elsewhere. If not, then perhaps something is stuck in RouterOS. Restart might help in that case.

Re: DNS Issue

Posted: Fri Mar 13, 2015 10:59 pm
by yacsap
[yacsap@RB] > ping some.domain.name
  SEQ HOST                                     SIZE TTL TIME  STATUS           
    0 202.159.xx.xx                               56  47 318ms
    1 202.159.xx.xx                               56  47 317ms
    sent=2 received=2 packet-loss=0% min-rtt=317ms avg-rtt=317ms 
   max-rtt=318ms 

[yacsap@RB] > 
When I ping from the RB, it returns me the 'real IP'.

But if I do nslookup from computer that behind this RB, it still gives me the local IP which I configured as static DNS previously in this RB.

At the time I created this thread, I've already removed the local IP from the config and do flush DNS, so it should ask from the internet DNS which is I configured 8.8.8.8 and 8.8.4.4 in my RB.

Re: DNS Issue

Posted: Fri Mar 13, 2015 11:46 pm
by ZeroByte
At the time I created this thread, I've already removed the local IP from the config and do flush DNS, so it should ask from the internet DNS which is I configured 8.8.8.8 and 8.8.4.4 in my RB.
It's either the Mikrotik itself or else the Mikrotik is redirecting port 53 to a device that is also giving that same address.
(or option 3, the host has the wrong info in hosts file, but nslookup does not use the local resolver, so this isn't likely)

A packet capture might be required to get to the bottom of this if following the trail through iptables and IP > DNS > Static is not leading to the answer.

Re: DNS Issue

Posted: Sat Mar 14, 2015 12:11 am
by yacsap
At the time I created this thread, I've already removed the local IP from the config and do flush DNS, so it should ask from the internet DNS which is I configured 8.8.8.8 and 8.8.4.4 in my RB.
It's either the Mikrotik itself or else the Mikrotik is redirecting port 53 to a device that is also giving that same address.
(or option 3, the host has the wrong info in hosts file, but nslookup does not use the local resolver, so this isn't likely)

A packet capture might be required to get to the bottom of this if following the trail through iptables and IP > DNS > Static is not leading to the answer.
Ahh, finally clear man, I found my DNS is forwarded to my DNS filtering which I set local IP on that particular hostname :shock:

Thanks heaps man, you're the best! :lol:

*Case closed* :o

Re: Stuck with local IP DNS Issue

Posted: Sat Mar 14, 2015 3:18 am
by ZeroByte
My takeaway from this is that putting static hostnames in a proxy-resolver generates non-authoritative replies. I would've thought "it's authoritative because it's in my configuration" would be the order of the day.

Now I know.