my topology: NAT->NetGear router (192.168.1.1 + wired machines) -> TP-Link (192.168.0.1 [in NetGear LAN 192.168.1.2] with some machines wireless and some wired).
my problem is I can't get response from DNS, from Ubuntu 12.10 machine in TP-Link LAN:
dig @8.8.8.8 wp.pl
; <<>> DiG 9.9.2-P2 <<>> @8.8.8.8 wp.pl
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
however it works with +tcp option:
dig @8.8.8.8 wp.pl +tcp
; <<>> DiG 9.9.2-P2 <<>> @8.8.8.8 wp.pl +tcp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64773
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;wp.pl. IN A
;; ANSWER SECTION:
wp.pl. 1951 IN A 212.77.100.101
;; Query time: 35 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun May 5 20:27:42 2013
;; MSG SIZE rcvd: 50
my configuration is:
nm-tool | tail -n 8
Address: 192.168.0.100
Prefix: 24 (255.255.255.0)
Gateway: 192.168.0.1DNS: 8.8.8.8 DNS: 62.179.1.60
question:
is this related to udp traffic not allowed through one of routers? I disabled firewalls, made TP-Link DMZ in NetGear and my machine DMZ in TP-Link, so all security down, still +tcp works, but no way without it. So how am I able to search web? Tcp is a backdoor that browser uses? But I have sendmail and need to resolve domains.
now I set TP-Link primary DNS as 192.168.0.1 and Secondary to 192.168.1.1 and dig google.com goes well, while +tcp gives:
nm-tool | tail -n 8
Address: 192.168.0.100
Prefix: 24 (255.255.255.0)
Gateway: 192.168.0.1
DNS: 192.168.0.1
DNS: 192.168.1.1
dig google.com +tcp
;; Connection to 192.168.0.1#53(192.168.0.1) for google.com failed: connection refused.
;; Connection to 192.168.1.1#53(192.168.1.1) for google.com failed: connection refused.
; <<>> DiG 9.9.2-P2 <<>> google.com +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 30305
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 2 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun May 5 21:21:28 2013
;; MSG SIZE rcvd: 28
dig @192.168.1.1 wp.pl
; <<>> DiG 9.9.2-P2 <<>> @192.168.1.1 wp.pl
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
root@mycomp:# dig @192.168.0.1 wp.pl
; <<>> DiG 9.9.2-P2 <<>> @192.168.0.1 wp.pl
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
dig alone:
dig wp.pl
; <<>> DiG 9.9.2-P2 <<>> wp.pl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29863
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;wp.pl. IN A
;; ANSWER SECTION:
wp.pl. 2308 IN A 212.77.100.101
;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun May 5 21:48:12 2013
;; MSG SIZE rcvd: 50
UPDATE:
here I did dig cf16.eu and in terminal response was noted as from 127.0.1.1
sudo tcpdump udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
01:03:11.451045 IP ubuntuamd.local.33228 > 192.168.1.1.domain: 37219+ [1au] A? cf16.eu. (36)
01:03:11.452092 IP ubuntuamd.local.43741 > 192.168.1.1.domain: 33781+ PTR? 1.1.168.192.in-addr.arpa. (42)
01:03:11.490142 IP 192.168.1.1.domain > ubuntuamd.local.33228: 37219 1/0/1 A 89.75.41.50 (52)
01:03:11.491794 IP 192.168.1.1.domain > ubuntuamd.local.43741: 33781 NXDomain 0/0/0 (42)
01:03:11.592530 IP6 fe80::d63d:7eff:fe4b:47dc.mdns > ff02::fb.mdns: 0 PTR (QM)? 1.1.168.192.in-addr.arpa. (42)
01:03:11.592582 IP ubuntuamd.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 1.1.168.192.in-addr.arpa. (42)
here I did dig @192.168.1.1 cf16.eu and in terminal there was no response:
01:03:19.834587 IP ubuntuamd.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
01:03:20.287162 IP ubuntuamd.local.50346 > 192.168.1.1.domain: 44668+ [1au] A? cf16.eu. (36)
01:03:21.734093 IP ubuntuamd.local.56600 > 192.168.1.1.domain: 1574+ PTR? 255.1.168.192.in-addr.arpa. (44)
01:03:21.768017 IP 192.168.1.1.domain > ubuntuamd.local.56600: 1574 NXDomain 0/0/0 (44)
01:03:21.868586 IP6 fe80::d63d:7eff:fe4b:47dc.mdns > ff02::fb.mdns: 0 PTR (QM)? 255.1.168.192.in-addr.arpa. (44)
01:03:21.868662 IP ubuntuamd.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 255.1.168.192.in-addr.arpa. (44)
01:03:22.870220 IP6 fe80::d63d:7eff:fe4b:47dc.mdns > ff02::fb.mdns: 0 PTR (QM)? 255.1.168.192.in-addr.arpa. (44)
01:03:22.870299 IP ubuntuamd.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 255.1.168.192.in-addr.arpa. (44)
01:03:24.871850 IP6 fe80::d63d:7eff:fe4b:47dc.mdns > ff02::fb.mdns: 0 PTR (QM)? 255.1.168.192.in-addr.arpa. (44)
01:03:24.871930 IP ubuntuamd.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 255.1.168.192.in-addr.arpa. (44)
01:03:25.292325 IP ubuntuamd.local.50346 > 192.168.1.1.domain: 44668+ [1au] A? cf16.eu. (36)
01:03:30.292679 IP ubuntuamd.local.50346 > 192.168.1.1.domain: 44668+ [1au] A? cf16.eu. (36)
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 18134/sendmail: MTA
tcp 0 0 192.168.1.3:25 0.0.0.0:* LISTEN 18134/sendmail: MTA
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1337/mysqld
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 18134/sendmail: MTA
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1456/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1131/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 992/cupsd
tcp 0 0 192.168.1.3:53096 173.194.70.102:80 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:56894 208.117.224.54:443 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:39479 212.58.244.130:80 ESTABLISHED 2534/chrome
tcp 0 0 127.0.0.1:3306 127.0.0.1:34975 ESTABLISHED 1337/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:35189 ESTABLISHED 1337/mysqld
tcp 0 0 192.168.1.3:45269 208.117.224.114:443 ESTABLISHED 2534/chrome
tcp 1 0 192.168.1.3:41464 91.189.94.25:80 CLOSE_WAIT 2520/ubuntu-geoip-p
tcp 0 0 192.168.1.3:42429 46.28.246.119:443 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:55689 92.122.210.38:80 TIME_WAIT -
tcp 0 0 127.0.0.1:3306 127.0.0.1:35191 ESTABLISHED 1337/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:34978 ESTABLISHED 1337/mysqld
tcp 0 0 192.168.1.3:57867 173.194.70.154:443 ESTABLISHED 2534/chrome
tcp 0 0 127.0.0.1:3306 127.0.0.1:34977 ESTABLISHED 1337/mysqld
tcp 0 0 192.168.1.3:33444 198.252.206.25:80 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:55585 173.194.70.19:443 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:37296 217.119.79.24:443 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:60732 198.252.206.25:80 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:38625 192.168.0.101:445 ESTABLISHED -
tcp 0 0 127.0.0.1:3306 127.0.0.1:35188 ESTABLISHED 1337/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:34976 ESTABLISHED 1337/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:35190 ESTABLISHED 1337/mysqld
tcp 0 0 192.168.1.3:55687 92.122.210.38:80 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:60704 198.252.206.25:80 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:36650 74.125.136.125:5222 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:60176 23.61.248.91:80 ESTABLISHED 2534/chrome
tcp 0 0 192.168.1.3:58835 91.189.89.114:443 ESTABLISHED 2755/python
tcp 0 0 192.168.1.3:55688 92.122.210.38:80 TIME_WAIT -
tcpdump:
sudo tcpdump -nv src 192.168.1.1 and udp port 67 and udp port 68
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:22:50.106632 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
192.168.1.1.67 > 192.168.1.3.68: BOOTP/DHCP, Reply, length 548, xid 0x3f6fa026, Flags [none]
Your-IP 192.168.1.3
Client-Ethernet-Address d4:3d:7e:4b:47:dc
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4: 192.168.1.1
Lease-Time Option 51, length 4: 86400
Subnet-Mask Option 1, length 4: 255.255.255.0
Default-Gateway Option 3, length 4: 192.168.1.1
Domain-Name-Server Option 6, length 4: 192.168.1.1
Domain-Name Option 15, length 9: "chello.pl"
Best Answer
When you do
dig @8.8.8.8 wp.pla request is sent to Google's nameserver. Google's nameserver is not authoritative for the domain wp.pl.(whatever you may have set in your search domains); (The last bit could be a source of trouble; dodig @8.8.8.8 wp.pl.in the future to stop additional searches.), and if it doesn't have a cached record to give you, it will tell you what nameserver is authoritative for that domain; A second request will then be sent to the server Google gives you...However... For nameservers, you might want to use the nameservers DHCP assigns you; I doubt both 192.168.1.1 and 0.1 were given to you. The lone DNS server I get from DHCP corresponds to my DSL modem/router's gateway, which means having only one resolver in my local configuration is perfect: if I can't reach my gateway, or if my gateway can't talk to whatever DNS servers it gets from its provisioning DHCP server (in which I have no visibility into), then it's unlikely any manual additions I add will provide any additional utility, but likely that it will decrease the performance of DNS queries, and thus, my perceived responsiveness of my Internet activities.
When I use the following tcpdump statement to look at DHCP data:
mini-nevie:~ root# tcpdump -i en1 -nv udp port 67 and udp port 68the last packet I get from the DCHP server, an ACK(nowledgement) packet contains the configuration parameters for my host:
In the "Domain-Name-Server Option 6" field, the DHCP server provides me with 2 IP addresses; in this case, they're identical. They happen to match my gateway, 192.168.2.1. While I've looked all through my DSLmodem's config pages, I cannot see what servers it's using. In my previous service, I did PPOE right on my Mac, and IIRC, the two servers were local resolvers in my province.
My advice is to use the nameserver(s) that are provided to you via DHCP.