Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't resolve query #29

Open
ronzohan opened this issue Apr 27, 2016 · 4 comments
Open

Can't resolve query #29

ronzohan opened this issue Apr 27, 2016 · 4 comments

Comments

@ronzohan
Copy link

So my setup is that my DNS server and proxy is on the same machine

{
"socket_timeout": 20,
"host": "192.168.254.111",
"port": 53,
"tcp_dns_server": ["192.168.254.111:10053"],
"udp_dns_server": ["192.168.254.111:10053"],
"enable_server_switch": true,
"speed_test" : false,
"enable_lru_cache": false,
"lru_cache_size" : 500,
"udp_mode" : true,
"daemon_process" : false,
"internal_dns_server": ["127.0.0.1:53"],
"internal_domain":["intra"],
"private_host" : {"*google.com": "203.117.34.162"}
}

I just let my DNS server to listen on port 10053 and the proxy on 53. The issue is that it can't resolve certain queries like this kind of nslookup

nslookup -query=A mirror.webtatic.com

Is there wrong with my setup?

Any help is appreciated.
@henices
Copy link
Owner

henices commented Apr 28, 2016
edited

please enable tcp dns query in your dns server. To test if your dns server is working

dig -p 10053 +vc @192.168.254.111 mirror.webtatic.com

@ronzohan
Copy link
Author

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -p 10053 +vc @192.168.254.111 mirror.webtatic.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7008
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mirror.webtatic.com. IN A

;; ANSWER SECTION:
mirror.webtatic.com. 295 IN CNAME erph-ard-ing.lb.webtatic.com.
erph-ard-ing.lb.webtatic.com. 295 IN A 163.47.8.16

;; AUTHORITY SECTION:
. 1817 IN NS i.root-servers.net.
. 1817 IN NS e.root-servers.net.
. 1817 IN NS d.root-servers.net.
. 1817 IN NS k.root-servers.net.
. 1817 IN NS l.root-servers.net.
. 1817 IN NS h.root-servers.net.
. 1817 IN NS m.root-servers.net.
. 1817 IN NS c.root-servers.net.
. 1817 IN NS j.root-servers.net.
. 1817 IN NS b.root-servers.net.
. 1817 IN NS f.root-servers.net.
. 1817 IN NS g.root-servers.net.
. 1817 IN NS a.root-servers.net.

;; Query time: 0 msec
;; SERVER: 192.168.254.111#10053(192.168.254.111)
;; WHEN: Fri Apr 29 23:27:21 PHT 2016
;; MSG SIZE rcvd: 305

dig just returns fine but when I use the dns proxy it just can't resolve query.
I'm using bind9 on my local dns server.

@ronzohan
Copy link
Author

ronzohan commented Apr 29, 2016
edited

So the line it is failing is on here

https://github.com/henices/Tcp-DNS-proxy/blob/master/tcpdns.py#L271

both the test_ipv4 and test_ipv6 are having values of false.

Can I know what the Reply_code values mean? Because the Reply_code value of mine is 0

@henices
Copy link
Owner

henices commented May 3, 2016

see https://www.ietf.org/rfc/rfc1035.txt


RCODE           Response code - this 4 bit field is set as part of
                responses.  The values have the following
                interpretation:

                0               No error condition

                1               Format error - The name server was
                                unable to interpret the query.

                2               Server failure - The name server was
                                unable to process this query due to a
                                problem with the name server.

                3               Name Error - Meaningful only for
                                responses from an authoritative name
                                server, this code signifies that the
                                domain name referenced in the query does
                                not exist.

                4               Not Implemented - The name server does
                                not support the requested kind of query.

                5               Refused - The name server refuses to
                                perform the specified operation for
                                policy reasons.  For example, a name
                                server may not wish to provide the
                                information to the particular requester,
                                or a name server may not wish to perform
                                a particular operation (e.g., zone

reply code 0 means No error condition.

In your config file "udp_mode" : true, dns proxy will use the udp dns protocol.

Please send me pcap file (use wireshark) for more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@henices @ronzohan