[nSLUG] resolving bellaliant.net while on fibreop

D G Teed donald.teed at gmail.com
Wed Aug 19 15:31:41 ADT 2015


On Wed, Aug 19, 2015 at 2:25 PM, TimJ <tjllml at timweb.ca> wrote:
> On 2015-08-18 19:53, D G Teed wrote:
>>
>> Hi again,
>>
>> Thanks Jack and Johann for checking your FibreOp results.
>>
>> The situation is similar to several articles, like this stack exchange
>> one:
>>
>>
>> http://serverfault.com/questions/649289/bind-not-able-to-query-some-servers-domains
>>
>> I've determined it isn't a bind issue, but either something wacky with
>> NAT on the Asus router with merlin firmware, or like the above article
>> concluded, something
>> going on with IDS at Aliant.  I'm not using the Bell Aliant supplied
>> ActionTec router, due to it having telnet open (common to 23% of the
>> IPs in my range).
>>
>> The end of the trip where it fails is talking to the DNS server at Bell
>> Aliant.
>>
>> Linux client:
>>
>> # host bellaliant.net 142.177.1.2
>> ;; connection timed out; no servers could be reached
>>
>> Windows client:
>>
>>> nslookup bellaliant.net 142.177.1.2
>>
>> DNS request timed out.
>>     timeout was 2 seconds.
>> Server:  UnKnown
>> Address:  142.177.1.2
>>
>> DNS request timed out.
>>     timeout was 2 seconds.
>> DNS request timed out.
>>     timeout was 2 seconds.
>> DNS request timed out.
>>     timeout was 2 seconds.
>> DNS request timed out.
>>     timeout was 2 seconds.
>> *** Request to UnKnown timed-out
>>
>> Asus router:
>>
>> admin at RT-N66U:/tmp/home/root# nslookup bellaliant.net 142.177.1.2
>> Server:    142.177.1.2
>> Address 1: 142.177.1.2 dns-ns00.aliant.net
>>
>> Name:      bellaliant.net
>> Address 1: 70.33.239.144
>>
>> It seems unlikely to be a NAT issue as any other lookup I test is
>> fine.  But it is a possibility if there was something unusual for the
>> case of bellaliant.net.
>>
>> The article suggested doing a traceroute with UDP 53.
>>
>> This is the result from Linux:
>>
>> # traceroute -U -p 53 dns-ns00.aliant.net
>> traceroute to dns-ns00.aliant.net (142.177.1.2), 30 hops max, 60 byte
>> packets
>>  1  clark.localdomain.domain (192.168.0.1)  0.292 ms  0.430 ms  0.676 ms
>>  2  loop0.6cw.ba17.hlfx.ns.aliant.net (142.176.50.10)  12.320 ms
>> 12.360 ms  12.463 ms
>>  3  BVI83.cr01.hlfx.ns.aliant.net (142.176.53.34)  12.923 ms  13.021
>> ms irb-84.cr02.hlfx.ns.aliant.net (142.176.53.49)  12.383 ms
>>  4  fwint-ns90-v0.aliant.net (142.176.6.250)  12.568 ms  12.609 ms  12.703
>> ms
>>  5  * * *
>>  6  * * *
>>  7  * * *
>>  8  * * *
>>  9  * * *
>> 10  * * *
>> 11  * * *
>> 12  * * *
>> 13  * * *
>> 14  * * *
>> 15  * * *
>> 16  * * *
>> 17  * * *
>> 18  * * *
>> 19  * * *
>> 20  * * *
>> 21  * * *
>> 22  * * *
>> 23  * * *
>> 24  * * *
>> 25  * * *
>> 26  * * *
>> 27  * * *
>> 28  * * *
>> 29  * * *
>> 30  * * *
>>
>> I'm thinking fwint-ns90 is likely "firewall internal", meaning it is
>> taking care of
>> protection from the customers, not from the Internet.  If I do the same
>> trace
>> with another DNS server, say  a5-65.akam.net for a lookup of CBC.CA,
>> it does trace OK.  I don't see how to make the busybox traceroute in the
>> router
>> do the same type of trace, but I suspect it makes it.
>>
>> I might set up a forwarder line for bellaliant.net in my bind
>> configuration.
>> _______________________________________________
>> nSLUG mailing list
>> nSLUG at nslug.ns.ca
>> http://nslug.ns.ca/mailman/listinfo/nslug
>
>
>
> Using an OpenWrt 14.07 router on FibreOp...
>
> nslookup bellaliant.net dns-nb00.aliant.net
> Server:    198.164.30.2
> Address 1: 198.164.30.2 dns-nb00.aliant.net
>
> Name:      bellaliant.net
> Address 1: 70.33.239.144

Interesting.  At the time I was looking into this, Asus with Merlin
firmware was one of the few that could support vlan tagging.  I didn't
know Openwrt could
also do this.  I also liked the idea that Merlin wasn't a complete rewrite,
but a small set of changes which are always updated on top of whatever
firmware updates come out of Asus.  It might be a problem with NAT or
I'm blacklisted for some reason.

Perhaps I'm flagged for running nmap for open telnet ports against network IP
ranges similar to my IP.


More information about the nSLUG mailing list