[dns-operations] Debugging Google Public DNS

Roy Arends roy at dnss.ec
Mon Jun 3 14:58:43 UTC 2013 

On Jun 3, 2013, at 4:27 PM, Roy Arends <roy at dnss.ec> wrote:

> On Jun 3, 2013, at 3:58 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> 
>> Some instances of Google Public DNS cannot resolve ripe.net :
>> 
>> % dig @8.8.8.8 MX ripe.net
>> 
>> ; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 MX ripe.net
>> ; (1 server found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6005
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>> 
>> ;; QUESTION SECTION:
>> ;ripe.net.			IN	MX
>> 
>> ;; Query time: 3343 msec
>> ;; SERVER: 8.8.8.8#53(8.8.8.8)
>> ;; WHEN: Mon Jun  3 15:57:00 2013
>> ;; MSG SIZE  rcvd: 26
>> 
>> But some can:
>> 
>> % dig @8.8.8.8 MX ripe.net      
>> 
>> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 MX ripe.net
>> ; (1 server found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55124
>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags: do; udp: 512
>> ;; QUESTION SECTION:
>> ;ripe.net.			IN	MX
>> 
>> ;; ANSWER SECTION:
>> ripe.net.		252	IN	MX	250 postlady.ripe.net.
>> ripe.net.		252	IN	MX	200 postgirl.ripe.net.
>> ripe.net.		252	IN	RRSIG	MX 5 2 300 20130703100234 20130603090234 61825 ripe.net. LA+iNlYx/wJPljhvQNQFVL1LisMjDnlNVVFoH/780HYcEIKFaJ5Wm4eD C9FPJQKfX14ZD2T9i7R3qGx6GvFaKqSXhLtWlH4NGM/T4UYhl61L25FL S6qiHDu20tJe4u2/xmmLuqBicj3kCmDuAk0j1Vc851/edBtqR+Kx1LXt HHM=
>> 
>> ;; Query time: 7 msec
>> ;; SERVER: 8.8.8.8#53(8.8.8.8)
>> ;; WHEN: Mon Jun  3 15:57:18 2013
>> ;; MSG SIZE  rcvd: 255
>> 
>> Since Google Public DNS has apparently no NSID or version.bind,
>> besides traceroute, what are the tricks to find the extent of the problem?
> 
> The problem is not google.
> 
> You're testing from two different locations: the different DiG versions show this. I guess the first instance is running from a network in some conference room in Amsterdam. Reason 1: we are in the same conference room :-) Reason 2: a traceroute from my shell account shows the exact same path.
> 
> Your queries have been capture by the local hotel network to maximise user experience :-)
> 
> To be complete, I've just tested all the instances of google public DNS' unicast resolver source addresses (for a list see: https://developers.google.com/speed/public-dns/faq ) from outside the hotel network and all return with the same, correct, data.

I stand corrected. Due to my (possible infinite) stupidity I made a small mistake in a script. these addresses are not actually answering anything. 

Roy

> 
> Hope this helps.
> 
> Roy
> 
>> 
>> For the offending instance:
>> 
>> % traceroute 8.8.8.8
>> traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
>> 1  192.168.48.1 (192.168.48.1)  0.972 ms  0.938 ms  1.858 ms
>> 2  87.213.29.57 (87.213.29.57)  4.524 ms  4.516 ms  4.495 ms
>> 3  ge-2-0-0-1334.ncr01asd2.versatel.net (217.16.40.97)  4.475 ms  4.456 ms  4.455 ms
>> 4  xe-2-2-0-672.br04sara.versatel.net (212.53.22.82)  39.255 ms  39.279 ms  39.248 ms
>> 5  core1.ams.net.google.com (195.69.144.247)  4.330 ms  4.321 ms  4.309 ms
>> 6  209.85.248.118 (209.85.248.118)  5.070 ms  2.973 ms  3.758 ms
>> 7  209.85.255.60 (209.85.255.60)  4.019 ms 209.85.255.72 (209.85.255.72)  5.081 ms  5.081 ms
>> 8  216.239.49.30 (216.239.49.30)  33.150 ms 216.239.49.36 (216.239.49.36)  7.485 ms  8.902 ms
>> 9  * * *
>> 10  google-public-dns-a.google.com (8.8.8.8)  8.725 ms  8.775 ms  8.689 ms
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-jobs mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>

More information about the dns-operations mailing list