LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
From: Alan Kennington <akenning@dog.topology.org>
To : newton@atdot.dotat.org
Date: Tue, 16 Nov 1999 14:54:59 +1030
Re: more spooky stuff on the net!
Mark,
This is where the idea comes from:
========================================================
emu /home/ak> ls -lurt /etc/resolv.conf
-rw-r--r-- 1 root root 253 Nov 16 08:29 /etc/resolv.conf
emu /home/ak> telnet geekboys.org
Trying 212.78.193.215...
emu /home/ak> ls -lurt /etc/resolv.conf
-rw-r--r-- 1 root root 253 Nov 16 14:13 /etc/resolv.conf
emu /home/ak> telnet www.geekboys.org
Trying 212.78.194.207...
emu /home/ak> nslookup 212.78.193.215
Server: dog.topology.org
Address: 203.38.148.51
Name: theo.spray.se
Address: 212.78.193.215
emu /home/ak> nslookup 212.78.194.207
Server: dog.topology.org
Address: 203.38.148.51
Name: spraydio.com
Address: 212.78.194.207
========================================================
But then if I use nslookup to determine the translations for
these names, I get:
=======================================================
emu /home/ak> nslookup geekboys.org
Server: dog.topology.org
Address: 203.38.148.51
Non-authoritative answer:
Name: geekboys.org
Address: 212.78.193.215
emu /home/ak> nslookup www.geekboys.org
Server: dog.topology.org
Address: 203.38.148.51
Non-authoritative answer:
Name: www.geekboys.org
Address: 212.78.193.215
=======================================================
So I'm just reporting the facts.
"telnet" is simply converting/translating/resolving/interpreting
the string "www.geekboys.org" differently to what
"nslookup" is. Or if this is an illusion, I am happy to be
disillusioned.
The trouble is that this has been happening in a sort of
peripherally noticeable way ever since I installed SuSE 6.2.
And now I have a simple reduced example which
demonstrates the "bug", if that it be.
It's also totally repeatable.
My hunch is that maybe telnet is just going to a different
name server or something.
I'll check....
A single packet is emitted by telnet:
=============================================================
14:49:19.731139 emu.topology.org.2646 > 212.78.194.207.telnet: S 2442688136:2442688136(0) win 32120 <mss 1460,sackOK,timestamp 119006852[|tcp]> (DF)
=============================================================
I.e. telnet does not go off and fetch the name from the local
name server at dog as it should.
This means it's being cached somewhere.
Obviously SuSE6.2 comes with some really sophisticated
facility to cache web addresses so that it doesn't
have to go out into the DNS system.
And my question is now: where is it being cached?
I'll have to read some more.....
Cheers,
Alan Kennington.
=======================================================
PS. This is what happens on the net when I run nslookup on emu:
---------------------------------------------------
tcpdump: listening on eth0
14:53:29.607772 emu.topology.org.1086 > dog.topology.org.domain: 56145+ (44)
14:53:29.613014 dog.topology.org.domain > emu.topology.org.1086: 56145* 1/5/5 (282)
14:53:29.624807 emu.topology.org.1086 > dog.topology.org.domain: 56146+ (34)
14:53:29.628698 dog.topology.org.domain > emu.topology.org.1086: 56146 1/2/2 (150)
----------------------------------------------------
I.e. emu correctly goes off to dog to find the answer.
But telnet on emu does _not_ query dog's named for the answer.
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
Return to the LinuxSA Mailing List Information Page