[nSLUG] resolving bellaliant.net while on fibreop

TimJ tjllml at timweb.ca
Wed Aug 19 14:25:11 ADT 2015


On 2015-08-18 19:53, D G Teed wrote:
> Hi again,
> 
> Thanks Jack and Johann for checking your FibreOp results.
> 
> The situation is similar to several articles, like this stack exchange 
> one:
> 
> http://serverfault.com/questions/649289/bind-not-able-to-query-some-servers-domains
> 
> I've determined it isn't a bind issue, but either something wacky with
> NAT on the Asus router with merlin firmware, or like the above article
> concluded, something
> going on with IDS at Aliant.  I'm not using the Bell Aliant supplied
> ActionTec router, due to it having telnet open (common to 23% of the
> IPs in my range).
> 
> The end of the trip where it fails is talking to the DNS server at Bell 
> Aliant.
> 
> Linux client:
> 
> # host bellaliant.net 142.177.1.2
> ;; connection timed out; no servers could be reached
> 
> Windows client:
> 
>> nslookup bellaliant.net 142.177.1.2
> DNS request timed out.
>     timeout was 2 seconds.
> Server:  UnKnown
> Address:  142.177.1.2
> 
> DNS request timed out.
>     timeout was 2 seconds.
> DNS request timed out.
>     timeout was 2 seconds.
> DNS request timed out.
>     timeout was 2 seconds.
> DNS request timed out.
>     timeout was 2 seconds.
> *** Request to UnKnown timed-out
> 
> Asus router:
> 
> admin at RT-N66U:/tmp/home/root# nslookup bellaliant.net 142.177.1.2
> Server:    142.177.1.2
> Address 1: 142.177.1.2 dns-ns00.aliant.net
> 
> Name:      bellaliant.net
> Address 1: 70.33.239.144
> 
> It seems unlikely to be a NAT issue as any other lookup I test is
> fine.  But it is a possibility if there was something unusual for the
> case of bellaliant.net.
> 
> The article suggested doing a traceroute with UDP 53.
> 
> This is the result from Linux:
> 
> # traceroute -U -p 53 dns-ns00.aliant.net
> traceroute to dns-ns00.aliant.net (142.177.1.2), 30 hops max, 60 byte 
> packets
>  1  clark.localdomain.domain (192.168.0.1)  0.292 ms  0.430 ms  0.676 
> ms
>  2  loop0.6cw.ba17.hlfx.ns.aliant.net (142.176.50.10)  12.320 ms
> 12.360 ms  12.463 ms
>  3  BVI83.cr01.hlfx.ns.aliant.net (142.176.53.34)  12.923 ms  13.021
> ms irb-84.cr02.hlfx.ns.aliant.net (142.176.53.49)  12.383 ms
>  4  fwint-ns90-v0.aliant.net (142.176.6.250)  12.568 ms  12.609 ms  
> 12.703 ms
>  5  * * *
>  6  * * *
>  7  * * *
>  8  * * *
>  9  * * *
> 10  * * *
> 11  * * *
> 12  * * *
> 13  * * *
> 14  * * *
> 15  * * *
> 16  * * *
> 17  * * *
> 18  * * *
> 19  * * *
> 20  * * *
> 21  * * *
> 22  * * *
> 23  * * *
> 24  * * *
> 25  * * *
> 26  * * *
> 27  * * *
> 28  * * *
> 29  * * *
> 30  * * *
> 
> I'm thinking fwint-ns90 is likely "firewall internal", meaning it is
> taking care of
> protection from the customers, not from the Internet.  If I do the same 
> trace
> with another DNS server, say  a5-65.akam.net for a lookup of CBC.CA,
> it does trace OK.  I don't see how to make the busybox traceroute in 
> the router
> do the same type of trace, but I suspect it makes it.
> 
> I might set up a forwarder line for bellaliant.net in my bind 
> configuration.
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug


Using an OpenWrt 14.07 router on FibreOp...

nslookup bellaliant.net dns-nb00.aliant.net
Server:    198.164.30.2
Address 1: 198.164.30.2 dns-nb00.aliant.net

Name:      bellaliant.net
Address 1: 70.33.239.144






More information about the nSLUG mailing list