Någon som är redigt bra på DNS? Detta borde intressera i så fall...minst sagt!
Någon här som är riktigt, riktigt haj på DNS? Läs då vidare.
Problemet är tidigare beskrivet lite slarvigt i forumet, men nu har jag gått till botten med detta och har FETA loggar och en kort beskrivning av vad som händer, och det ser väldigt intressant ut.
***Setup och problembeskrivning***
w2k3 DNS-server, i lokal labb-domän kallad w2k3.local.
Två interface, 192.168.0.6 utåt och 192.168.1.1 inåt.
Bägge såklart konfade att använda lokala DNS-servern.
Utan att "fuska" med forwarder så klarar den endast siter med "www" verkar det som.
www.google.com går bra, www.yahoo.se osv, men ta bort inledande "www" och det resolvar ej. Root-servers finns i konfen och används också så det är inte SÅ enkel lösning.
Nedan kommer "lite" loggar som är "ganska" långa, jag ska kortfattat beskriva vad som sker, och hur jag tolkar det lilla jag klarar att tolka.
***Förutsättningar***
DNS-cashe i servern rensad, DNS-cash också rensad med flushdns i kommandoprompten, DNS omstartad, detaljerad loggning påslagen, och ca en minut senare börjar jag köra nslookup.
kl 19:30 kör jag en lyckad nslookup på www.google.com
kl 19:31 kör jag en misslyckad nslookup på google.com
kl 19:32 kör jag en misslyckad nslookup på yahoo.se
***Mina tolkningar samt frågor***
Först något som nog inte har med problemet att göra, men jag blir nyfiken när jag ser loggarna. Varje query verkar börja med en baklänges-fråga från klienten till servern, som skickar något med 1.1.168.192.in-addr.arpa och får ett svar med samma "address".
Sedan kommer nästa fråga från klienten som då är tex www.google.com.w2k3.local, och ett svar med samma "address" till klienten.
EFTER DET kommer den riktiga frågan verkar det som, alltså www.google.com, och då skickar servern vidare denna till flera av root-servrarna, varav en ger svaret direkt.
Jag undrar varför det sker såhär. Först nåt baklänges, sen en felaktig fråga med egna domänen som suffix, och sedan den riktiga frågan som skickas vidare.
Jag undrar också hur det kommer sig att root-servern som svarar kommer med rätt svar direkt. Inget "fråga .com, dom vet", och sedan "fråga google.com, dom vet", utan jag får www.google.com svaret direkt. Jag trodde inte root-servrarna cashade sånt utan bara delegerade vidare frågor???
Det andra jag undrar är såklart varför följande två uppslag, utan www framför, falerar.
"nslookup google.com" ger som ni ser felmeddelande pga för stort paket skickas från root-servern. Det verkar sprängfullt med svar, säkerligen korrekta, men är för stort och det blir fel.
"nslookup yahoo.se" är ännu värre, där syns inte ens nåt fel, och det fullkomligen dräller in svar, och säkerligen är rätt svar med 10ggr om för det är så stor del av hela denna log som bara rör denna sista query att det är ett under att den vägrar resolva utan inom en sekund svarar "can't be found".
Here we go....tack
DNS Server log file creation at 1/4/2008 6:27:14 PM UTC
Log file wrap at 1/4/2008 7:29:11 PM
Message logging key:
Field # Information Values
------- ----------- ------
1 Remote IP
2 Xid (hex)
3 Query/Response R = Response
blank = Query
4 Opcode Q = Standard Query
N = Notify
U = Update
? = Unknown
5 [ Flags (hex)
6 Flags (char codes) A = Authoritative Answer
T = Truncated Response
D = Recursion Desired
R = Recursion Available
7 ResponseCode ]
8 Question Name
19:30:01 204 PACKET UDP Rcv 192.168.1.1 0001 Q [0001 D NOERROR] (1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)
UDP question info at 007E9B60
Socket = 372
Remote addr 192.168.1.1, port 1080
Time Query=20274, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x002a (42)
Message:
XID 0x0001
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)"
QTYPE PTR (12)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:30:01 204 PACKET UDP Snd 192.168.1.1 0001 R Q [8085 A DR NOERROR] (1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)
UDP response info at 007E9B60
Socket = 372
Remote addr 192.168.1.1, port 1080
Time Query=20274, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x004e (78)
Message:
XID 0x0001
Flags 0x8580
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 1
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)"
QTYPE PTR (12)
QCLASS 1
ANSWER SECTION:
Offset = 0x002a, RR count = 0
Name "[C00C](1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)"
TYPE PTR (12)
CLASS 1
TTL 1200
DLEN 24
DATA (11)w2k3-server(4)w2k3(5)local(0)
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:30:01 204 PACKET UDP Rcv 192.168.1.1 0002 Q [0001 D NOERROR] (3)www(6)google(3)com(4)w2k3(5)local(0)
UDP question info at 007EA5E0
Socket = 372
Remote addr 192.168.1.1, port 1081
Time Query=20274, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x002b (43)
Message:
XID 0x0002
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(3)www(6)google(3)com(4)w2k3(5)local(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:30:01 204 PACKET UDP Snd 192.168.1.1 0002 R Q [8385 A DR NXDOMAIN] (3)www(6)google(3)com(4)w2k3(5)local(0)
UDP response info at 007EA5E0
Socket = 372
Remote addr 192.168.1.1, port 1081
Time Query=20274, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0070 (112)
Message:
XID 0x0002
Flags 0x8583
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 3 (NXDOMAIN)
QCOUNT 1
ACOUNT 0
NSCOUNT 1
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(3)www(6)google(3)com(4)w2k3(5)local(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
Offset = 0x002b, RR count = 0
Name "(4)w2k3(5)local(0)"
TYPE SOA (6)
CLASS 1
TTL 3600
DLEN 47
DATA
PrimaryServer: (11)w2k3-server[C02B](4)w2k3(5)local(0)
Administrator: (10)hostmaster[C02B](4)w2k3(5)local(0)
SerialNo = 7
Refresh = 900
Retry = 600
Expire = 86400
MinimumTTL = 3600
ADDITIONAL SECTION:
empty
19:30:01 204 PACKET UDP Rcv 192.168.1.1 0003 Q [0001 D NOERROR] (3)www(6)google(3)com(0)
UDP question info at 01690050
Socket = 372
Remote addr 192.168.1.1, port 1082
Time Query=20274, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0020 (32)
Message:
XID 0x0003
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(3)www(6)google(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:30:01 204 PACKET UDP Snd 192.36.148.17 280a Q [0000 NOERROR] (0)
UDP question info at 007F49B0
Socket = 396
Remote addr 192.36.148.17, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x001c (28)
Message:
XID 0x280a
Flags 0x0000
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 1
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(0)"
QTYPE NS (2)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
Offset = 0x0011, RR count = 0
Name "(0)"
TYPE OPT (41)
CLASS 1280
TTL 0
DLEN 0
DATA (none)
19:30:01 204 PACKET UDP Snd 128.63.2.53 1814 Q [0000 NOERROR] (3)www(6)google(3)com(0)
UDP question info at 007EEF60
Socket = 396
Remote addr 128.63.2.53, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x002b (43)
Message:
XID 0x1814
Flags 0x0000
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 1
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(3)www(6)google(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
Offset = 0x0020, RR count = 0
Name "(0)"
TYPE OPT (41)
CLASS 1280
TTL 0
DLEN 0
DATA (none)
19:30:01 204 PACKET UDP Rcv 128.63.2.53 1814 R Q [8081 DR NOERROR] (3)www(6)google(3)com(0)
UDP response info at 007EDA60
Socket = 396
Remote addr 128.63.2.53, port 53
Time Query=20274, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0144 (324)
Message:
XID 0x1814
Flags 0x8180
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 1
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 4
NSCOUNT 7
ARCOUNT 7
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(3)www(6)google(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
Offset = 0x0020, RR count = 0
Name "[C00C](3)www(6)google(3)com(0)"
TYPE CNAME (5)
CLASS 1
TTL 504911
DLEN 8
DATA (3)www(1)l[C010](6)google(3)com(0)
Offset = 0x0034, RR count = 1
Name "[C02C](3)www(1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 34
DLEN 4
DATA 64.233.183.99
Offset = 0x0044, RR count = 2
Name "[C02C](3)www(1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 34
DLEN 4
DATA 64.233.183.147
Offset = 0x0054, RR count = 3
Name "[C02C](3)www(1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 34
DLEN 4
DATA 64.233.183.104
AUTHORITY SECTION:
Offset = 0x0064, RR count = 0
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)e[C030](1)l[C010](6)google(3)com(0)
Offset = 0x0074, RR count = 1
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)f[C030](1)l[C010](6)google(3)com(0)
Offset = 0x0084, RR count = 2
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)b[C030](1)l[C010](6)google(3)com(0)
Offset = 0x0094, RR count = 3
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)d[C030](1)l[C010](6)google(3)com(0)
Offset = 0x00a4, RR count = 4
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)a[C030](1)l[C010](6)google(3)com(0)
Offset = 0x00b4, RR count = 5
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)c[C030](1)l[C010](6)google(3)com(0)
Offset = 0x00c4, RR count = 6
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)g[C030](1)l[C010](6)google(3)com(0)
ADDITIONAL SECTION:
Offset = 0x00d4, RR count = 0
Name "[C0B0](1)a[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 209.85.139.9
Offset = 0x00e4, RR count = 1
Name "[C090](1)b[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 64.233.179.9
Offset = 0x00f4, RR count = 2
Name "[C0C0](1)c[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 64.233.161.9
Offset = 0x0104, RR count = 3
Name "[C0A0](1)d[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 66.249.93.9
Offset = 0x0114, RR count = 4
Name "[C070](1)e[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 209.85.137.9
Offset = 0x0124, RR count = 5
Name "[C080](1)f[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 72.14.235.9
Offset = 0x0134, RR count = 6
Name "[C0D0](1)g[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 64.233.167.9
19:30:01 204 PACKET UDP Snd 192.168.1.1 0003 R Q [8081 DR NOERROR] (3)www(6)google(3)com(0)
UDP response info at 007EDA60
Socket = 372
Remote addr 192.168.1.1, port 1082
Time Query=20274, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0144 (324)
Message:
XID 0x0003
Flags 0x8180
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 1
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 4
NSCOUNT 7
ARCOUNT 7
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(3)www(6)google(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
Offset = 0x0020, RR count = 0
Name "[C00C](3)www(6)google(3)com(0)"
TYPE CNAME (5)
CLASS 1
TTL 504911
DLEN 8
DATA (3)www(1)l[C010](6)google(3)com(0)
Offset = 0x0034, RR count = 1
Name "[C02C](3)www(1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 34
DLEN 4
DATA 64.233.183.99
Offset = 0x0044, RR count = 2
Name "[C02C](3)www(1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 34
DLEN 4
DATA 64.233.183.147
Offset = 0x0054, RR count = 3
Name "[C02C](3)www(1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 34
DLEN 4
DATA 64.233.183.104
AUTHORITY SECTION:
Offset = 0x0064, RR count = 0
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)e[C030](1)l[C010](6)google(3)com(0)
Offset = 0x0074, RR count = 1
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)f[C030](1)l[C010](6)google(3)com(0)
Offset = 0x0084, RR count = 2
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)b[C030](1)l[C010](6)google(3)com(0)
Offset = 0x0094, RR count = 3
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)d[C030](1)l[C010](6)google(3)com(0)
Offset = 0x00a4, RR count = 4
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)a[C030](1)l[C010](6)google(3)com(0)
Offset = 0x00b4, RR count = 5
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)c[C030](1)l[C010](6)google(3)com(0)
Offset = 0x00c4, RR count = 6
Name "[C030](1)l[C010](6)google(3)com(0)"
TYPE NS (2)
CLASS 1
TTL 72911
DLEN 4
DATA (1)g[C030](1)l[C010](6)google(3)com(0)
ADDITIONAL SECTION:
Offset = 0x00d4, RR count = 0
Name "[C0B0](1)a[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 209.85.139.9
Offset = 0x00e4, RR count = 1
Name "[C090](1)b[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 64.233.179.9
Offset = 0x00f4, RR count = 2
Name "[C0C0](1)c[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 64.233.161.9
Offset = 0x0104, RR count = 3
Name "[C0A0](1)d[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 66.249.93.9
Offset = 0x0114, RR count = 4
Name "[C070](1)e[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 209.85.137.9
Offset = 0x0124, RR count = 5
Name "[C080](1)f[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 72.14.235.9
Offset = 0x0134, RR count = 6
Name "[C0D0](1)g[C030](1)l[C010](6)google(3)com(0)"
TYPE A (1)
CLASS 1
TTL 72978
DLEN 4
DATA 64.233.167.9
19:30:04 4AC PACKET UDP Snd 128.9.0.107 280a Q [0000 NOERROR] (0)
UDP question info at 007F49B0
Socket = 396
Remote addr 128.9.0.107, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x001c (28)
Message:
XID 0x280a
Flags 0x0000
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 1
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(0)"
QTYPE NS (2)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
Offset = 0x0011, RR count = 0
Name "(0)"
TYPE OPT (41)
CLASS 1280
TTL 0
DLEN 0
DATA (none)
Här kommer nästa query, google.com, med för stort svarspaket
**************************************************
19:31:01 204 PACKET UDP Rcv 192.168.1.1 0001 Q [0001 D NOERROR] (1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)
UDP question info at 007E9B60
Socket = 372
Remote addr 192.168.1.1, port 1083
Time Query=20334, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x002a (42)
Message:
XID 0x0001
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)"
QTYPE PTR (12)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:31:01 204 PACKET UDP Snd 192.168.1.1 0001 R Q [8085 A DR NOERROR] (1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)
UDP response info at 007E9B60
Socket = 372
Remote addr 192.168.1.1, port 1083
Time Query=20334, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x004e (78)
Message:
XID 0x0001
Flags 0x8580
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 1
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)"
QTYPE PTR (12)
QCLASS 1
ANSWER SECTION:
Offset = 0x002a, RR count = 0
Name "[C00C](1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)"
TYPE PTR (12)
CLASS 1
TTL 1200
DLEN 24
DATA (11)w2k3-server(4)w2k3(5)local(0)
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:31:01 204 PACKET UDP Rcv 192.168.1.1 0002 Q [0001 D NOERROR] (6)google(3)com(4)w2k3(5)local(0)
UDP question info at 007EA5E0
Socket = 372
Remote addr 192.168.1.1, port 1084
Time Query=20334, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0027 (39)
Message:
XID 0x0002
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(6)google(3)com(4)w2k3(5)local(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:31:01 204 PACKET UDP Snd 192.168.1.1 0002 R Q [8385 A DR NXDOMAIN] (6)google(3)com(4)w2k3(5)local(0)
UDP response info at 007EA5E0
Socket = 372
Remote addr 192.168.1.1, port 1084
Time Query=20334, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x006c (108)
Message:
XID 0x0002
Flags 0x8583
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 3 (NXDOMAIN)
QCOUNT 1
ACOUNT 0
NSCOUNT 1
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(6)google(3)com(4)w2k3(5)local(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
Offset = 0x0027, RR count = 0
Name "(4)w2k3(5)local(0)"
TYPE SOA (6)
CLASS 1
TTL 3600
DLEN 47
DATA
PrimaryServer: (11)w2k3-server[C027](4)w2k3(5)local(0)
Administrator: (10)hostmaster[C027](4)w2k3(5)local(0)
SerialNo = 7
Refresh = 900
Retry = 600
Expire = 86400
MinimumTTL = 3600
ADDITIONAL SECTION:
empty
19:31:01 204 PACKET UDP Rcv 192.168.1.1 0003 Q [0001 D NOERROR] (6)google(3)com(0)
UDP question info at 007F3F30
Socket = 372
Remote addr 192.168.1.1, port 1085
Time Query=20334, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x001c (28)
Message:
XID 0x0003
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(6)google(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:31:01 204 PACKET UDP Snd 128.8.10.90 201c Q [0000 NOERROR] (6)google(3)com(0)
UDP question info at 007F49B0
Socket = 396
Remote addr 128.8.10.90, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0027 (39)
Message:
XID 0x201c
Flags 0x0000
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 1
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(6)google(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
Offset = 0x001c, RR count = 0
Name "(0)"
TYPE OPT (41)
CLASS 1280
TTL 0
DLEN 0
DATA (none)
19:31:01 204 PACKET UDP Rcv 128.8.10.90 201c R Q [0080 NOERROR] (6)google(3)com(0)
UDP response info at 007EE4E0
Socket = 396
Remote addr 128.8.10.90, port 53
Time Query=20334, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0200 (512)
Message:
XID 0x201c
Flags 0x8000
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 13
ARCOUNT 16
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(6)google(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
Offset = 0x001c, RR count = 0
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 20
DATA (1)E(12)GTLD-SERVERS(3)NET(0)
Offset = 0x003c, RR count = 1
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)B[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x004c, RR count = 2
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)H[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x005c, RR count = 3
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)A[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x006c, RR count = 4
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)L[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x007c, RR count = 5
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)J[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x008c, RR count = 6
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)C[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x009c, RR count = 7
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)M[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x00ac, RR count = 8
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)F[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x00bc, RR count = 9
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)G[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x00cc, RR count = 10
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)D[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x00dc, RR count = 11
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)I[C02A](12)GTLD-SERVERS(3)NET(0)
Offset = 0x00ec, RR count = 12
Name "[C013](3)com(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)K[C02A](12)GTLD-SERVERS(3)NET(0)
ADDITIONAL SECTION:
Offset = 0x00fc, RR count = 0
Name "[C068](1)A[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.5.6.30
Offset = 0x010c, RR count = 1
Name "[C068](1)A[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE AAAA (28)
CLASS 1
TTL 172800
DLEN 16
DATA 0120:0305:3ea8:0000:0000:0000:0200:3000
Offset = 0x0128, RR count = 2
Name "[C048](1)B[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.33.14.30
Offset = 0x0138, RR count = 3
Name "[C048](1)B[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE AAAA (28)
CLASS 1
TTL 172800
DLEN 16
DATA 0120:0305:1d23:0000:0000:0000:0200:3000
Offset = 0x0154, RR count = 4
Name "[C098](1)C[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.26.92.30
Offset = 0x0164, RR count = 5
Name "[C0D8](1)D[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.31.80.30
Offset = 0x0174, RR count = 6
Name "[C028](1)E(12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.12.94.30
Offset = 0x0184, RR count = 7
Name "[C0B8](1)F[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.35.51.30
Offset = 0x0194, RR count = 8
Name "[C0C8](1)G[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.42.93.30
Offset = 0x01a4, RR count = 9
Name "[C058](1)H[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.54.112.30
Offset = 0x01b4, RR count = 10
Name "[C0E8](1)I[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.43.172.30
Offset = 0x01c4, RR count = 11
Name "[C088](1)J[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.48.79.30
Offset = 0x01d4, RR count = 12
Name "[C0F8](1)K[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.52.178.30
Offset = 0x01e4, RR count = 13
Name "[C078](1)L[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.41.162.30
Offset = 0x01f4, RR count = 14
Name "[C0A8](1)M[C02A](12)GTLD-SERVERS(3)NET(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA ERROR: record at 007EEB26 extends past end of packet!
pmsg = 007EE930
pmsgEnd = 007EEB30
record end = 007EEB34
ERROR: BOGUS PACKET:
Following RR (offset 516) past packet length (512).
pchRecord = 007EEB34, pCurrent = 00000000, -8317748 bytes
19:31:01 204 EVENT The DNS server encountered a bad packet from 128.8.10.90. Packet processing leads
beyond packet length.
The event data contains the DNS packet.
19:31:17 4AC PACKET UDP Snd 192.168.1.1 0003 R Q [8281 DR SERVFAIL] (6)google(3)com(0)
UDP response info at 007F3F30
Socket = 372
Remote addr 192.168.1.1, port 1085
Time Query=20334, Queued=20335, Expire=20349
Buf length = 0x0200 (512)
Msg length = 0x001c (28)
Message:
XID 0x0003
Flags 0x8182
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 1
Z 0
RCODE 2 (SERVFAIL)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(6)google(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
Här kommer sista queryn, yahoo.se, utan synbara errors. Denna verkar blivit väldigt mycket klippt i slutet tyvärr, så jag klippte bort massa i mitten för att få med det allra sista.
*********************************************
19:32:01 204 PACKET UDP Rcv 192.168.1.1 0001 Q [0001 D NOERROR] (1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)
UDP question info at 007EA5E0
Socket = 372
Remote addr 192.168.1.1, port 1086
Time Query=20394, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x002a (42)
Message:
XID 0x0001
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)"
QTYPE PTR (12)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:32:01 204 PACKET UDP Snd 192.168.1.1 0001 R Q [8085 A DR NOERROR] (1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)
UDP response info at 007EA5E0
Socket = 372
Remote addr 192.168.1.1, port 1086
Time Query=20394, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x004e (78)
Message:
XID 0x0001
Flags 0x8580
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 1
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)"
QTYPE PTR (12)
QCLASS 1
ANSWER SECTION:
Offset = 0x002a, RR count = 0
Name "[C00C](1)1(1)1(3)168(3)192(7)in-addr(4)arpa(0)"
TYPE PTR (12)
CLASS 1
TTL 1200
DLEN 24
DATA (11)w2k3-server(4)w2k3(5)local(0)
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:32:01 204 PACKET UDP Rcv 192.168.1.1 0002 Q [0001 D NOERROR] (5)yahoo(2)se(4)w2k3(5)local(0)
UDP question info at 007E9B60
Socket = 372
Remote addr 192.168.1.1, port 1087
Time Query=20394, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0025 (37)
Message:
XID 0x0002
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(5)yahoo(2)se(4)w2k3(5)local(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:32:01 204 PACKET UDP Snd 192.168.1.1 0002 R Q [8385 A DR NXDOMAIN] (5)yahoo(2)se(4)w2k3(5)local(0)
UDP response info at 007E9B60
Socket = 372
Remote addr 192.168.1.1, port 1087
Time Query=20394, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x006a (106)
Message:
XID 0x0002
Flags 0x8583
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 3 (NXDOMAIN)
QCOUNT 1
ACOUNT 0
NSCOUNT 1
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(5)yahoo(2)se(4)w2k3(5)local(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
Offset = 0x0025, RR count = 0
Name "(4)w2k3(5)local(0)"
TYPE SOA (6)
CLASS 1
TTL 3600
DLEN 47
DATA
PrimaryServer: (11)w2k3-server[C025](4)w2k3(5)local(0)
Administrator: (10)hostmaster[C025](4)w2k3(5)local(0)
SerialNo = 7
Refresh = 900
Retry = 600
Expire = 86400
MinimumTTL = 3600
ADDITIONAL SECTION:
empty
19:32:01 204 PACKET UDP Rcv 192.168.1.1 0003 Q [0001 D NOERROR] (5)yahoo(2)se(0)
UDP question info at 007F3F30
Socket = 372
Remote addr 192.168.1.1, port 1088
Time Query=20394, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x001a (26)
Message:
XID 0x0003
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(5)yahoo(2)se(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
19:32:01 204 PACKET UDP Snd 202.12.27.33 0824 Q [0000 NOERROR] (5)yahoo(2)se(0)
UDP question info at 007F49B0
Socket = 396
Remote addr 202.12.27.33, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0025 (37)
Message:
XID 0x0824
Flags 0x0000
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 1
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(5)yahoo(2)se(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
Offset = 0x001a, RR count = 0
Name "(0)"
TYPE OPT (41)
CLASS 1280
TTL 0
DLEN 0
DATA (none)
19:32:01 204 PACKET UDP Rcv 202.12.27.33 0824 R Q [0080 NOERROR] (5)yahoo(2)se(0)
UDP response info at 007F9980
Socket = 396
Remote addr 202.12.27.33, port 53
Time Query=20394, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x019c (412)
Message:
XID 0x0824
Flags 0x8000
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 9
ARCOUNT 13
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(5)yahoo(2)se(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
Offset = 0x001a, RR count = 0
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 7
DATA (1)E(2)NS[C012](2)se(0)
Offset = 0x002d, RR count = 1
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)H[C028](2)NS[C012](2)se(0)
Offset = 0x003d, RR count = 2
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)B[C028](2)NS[C012](2)se(0)
Offset = 0x004d, RR count = 3
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)C[C028](2)NS[C012](2)se(0)
Offset = 0x005d, RR count = 4
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)D[C028](2)NS[C012](2)se(0)
Offset = 0x006d, RR count = 5
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)F[C028](2)NS[C012](2)se(0)
Offset = 0x007d, RR count = 6
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)A[C028](2)NS[C012](2)se(0)
Offset = 0x008d, RR count = 7
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)G[C028](2)NS[C012](2)se(0)
Offset = 0x009d, RR count = 8
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)I[C028](2)NS[C012](2)se(0)
ADDITIONAL SECTION:
Offset = 0x00ad, RR count = 0
Name "[C089](1)A[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.36.144.107
Offset = 0x00bd, RR count = 1
Name "[C049](1)B[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.36.133.107
Offset = 0x00cd, RR count = 2
Name "[C059](1)C[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.36.135.107
Offset = 0x00dd, RR count = 3
Name "[C069](1)D[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 81.228.8.16
Offset = 0x00ed, RR count = 4
Name "[C026](1)E(2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 81.228.10.57
Offset = 0x00fd, RR count = 5
Name "[C079](1)F[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.71.53.53
Offset = 0x010d, RR count = 6
Name "[C099](1)G[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 130.239.5.114
Offset = 0x011d, RR count = 7
Name "[C039](1)H[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 199.7.49.30
Offset = 0x012d, RR count = 8
Name "[C0A9](1)I[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 194.146.106.22
Offset = 0x013d, RR count = 9
Name "[C089](1)A[C028](2)NS[C012](2)se(0)"
TYPE AAAA (28)
CLASS 1
TTL 172800
DLEN 16
DATA 0120:9806:0900:0103:0000:0000:0000:5300
Offset = 0x0159, RR count = 10
Name "[C079](1)F[C028](2)NS[C012](2)se(0)"
TYPE AAAA (28)
CLASS 1
TTL 172800
DLEN 16
DATA 012a:8002:0100:5300:0000:0000:0000:5300
Offset = 0x0175, RR count = 11
Name "[C099](1)G[C028](2)NS[C012](2)se(0)"
TYPE AAAA (28)
CLASS 1
TTL 172800
DLEN 16
DATA 0120:b006:0e00:0300:0000:0000:0000:0100
Offset = 0x0191, RR count = 12
Name "(0)"
TYPE OPT (41)
CLASS 4096
TTL 0
DLEN 0
DATA (none)
19:32:01 204 PACKET UDP Snd 192.36.133.107 0824 Q [0000 NOERROR] (5)yahoo(2)se(0)
UDP question info at 007F49B0
Socket = 396
Remote addr 192.36.133.107, port 53
Time Query=0, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0025 (37)
.
.
.
.
.
.
.
.
***Klipper här för att få med det allra sista. Mer än hälften bortklippt***
.
.
.
.
.
.
19:32:01 204 PACKET UDP Rcv 199.7.49.30 0824 R Q [0080 NOERROR] (5)yahoo(2)se(0)
UDP response info at 007EDA60
Socket = 396
Remote addr 199.7.49.30, port 53
Time Query=20394, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x019c (412)
Message:
XID 0x0824
Flags 0x8000
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 0
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 9
ARCOUNT 13
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(5)yahoo(2)se(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
Offset = 0x001a, RR count = 0
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 7
DATA (1)E(2)NS[C012](2)se(0)
Offset = 0x002d, RR count = 1
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)H[C028](2)NS[C012](2)se(0)
Offset = 0x003d, RR count = 2
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)B[C028](2)NS[C012](2)se(0)
Offset = 0x004d, RR count = 3
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)C[C028](2)NS[C012](2)se(0)
Offset = 0x005d, RR count = 4
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)D[C028](2)NS[C012](2)se(0)
Offset = 0x006d, RR count = 5
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)F[C028](2)NS[C012](2)se(0)
Offset = 0x007d, RR count = 6
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)A[C028](2)NS[C012](2)se(0)
Offset = 0x008d, RR count = 7
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)G[C028](2)NS[C012](2)se(0)
Offset = 0x009d, RR count = 8
Name "[C012](2)se(0)"
TYPE NS (2)
CLASS 1
TTL 172800
DLEN 4
DATA (1)I[C028](2)NS[C012](2)se(0)
ADDITIONAL SECTION:
Offset = 0x00ad, RR count = 0
Name "[C089](1)A[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.36.144.107
Offset = 0x00bd, RR count = 1
Name "[C049](1)B[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.36.133.107
Offset = 0x00cd, RR count = 2
Name "[C059](1)C[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.36.135.107
Offset = 0x00dd, RR count = 3
Name "[C069](1)D[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 81.228.8.16
Offset = 0x00ed, RR count = 4
Name "[C026](1)E(2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 81.228.10.57
Offset = 0x00fd, RR count = 5
Name "[C079](1)F[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 192.71.53.53
Offset = 0x010d, RR count = 6
Name "[C099](1)G[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 130.239.5.114
Offset = 0x011d, RR count = 7
Name "[C039](1)H[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 199.7.49.30
Offset = 0x012d, RR count = 8
Name "[C0A9](1)I[C028](2)NS[C012](2)se(0)"
TYPE A (1)
CLASS 1
TTL 172800
DLEN 4
DATA 194.146.106.22
Offset = 0x013d, RR count = 9
Name "[C089](1)A[C028](2)NS[C012](2)se(0)"
TYPE AAAA (28)
CLASS 1
TTL 172800
DLEN 16
DATA 0120:9806:0900:0103:0000:0000:0000:5300
Offset = 0x0159, RR count = 10
Name "[C079](1)F[C028](2)NS[C012](2)se(0)"
TYPE AAAA (28)
CLASS 1
TTL 172800
DLEN 16
DATA 012a:8002:0100:5300:0000:0000:0000:5300
Offset = 0x0175, RR count = 11
Name "[C099](1)G[C028](2)NS[C012](2)se(0)"
TYPE AAAA (28)
CLASS 1
TTL 172800
DLEN 16
DATA 0120:b006:0e00:0300:0000:0000:0000:0100
Offset = 0x0191, RR count = 12
Name "(0)"
TYPE OPT (41)
CLASS 4096
TTL 0
DLEN 0
DATA (none)
19:32:15 754 EVENT The DNS server wrote version 7 of zone w2k3.local to file w2k3.local.dns.
MCP - MCTS - CCNA (expired)