# packets for first query with personal DNS server

From: jab3 (manual_at_helpdesk.org)
Date: 09/22/04 

Date: Wed, 22 Sep 2004 14:22:42 -0400

Hello everyone -

I asked earlier about my new DNS server (subj: DNS server config) and
applied the information I received, which was very helpful. Now I'm not as
concerned about my DNS server wildly notifying everyone because of various
TLD stuff. :) However I do have a question about how it is resolving
packets (more of an information question I believe - but maybe not ;)). I
have been capturing the packets for most of the initial queries to see how
it is doing. I am getting the hostnames resolved - such as google, yahoo,
etc - but when I looked at the packet headers with ethereal I noticed that
it took almost 130 packets (or datagrams, whatever :)) to resolve the
initial query of www.google.com. I mean it was sending packets to [za|zc
zf|zh].akadns.org (apparently google's domain, or one of them) all right in
a row, then it started sending packets to
chia,dill,BASIL,henna,epazote.ARIN.NET (and others), the regional domains.
And it did this a couple of times (hence all the packets). There were also
a few [Standard query response, Format error] packets received (plus some
[Short Frame]).

I am wondering if this is normal because after this initial query, i.e. when
I pinged yahoo or received mail from my ISP, the name resolution took far
fewer (~20 packets for each). Does it just need to gather a bunch of info
for its first query, or is something screwed up with my setup? (my vote is
on the latter :))

Also, are the [Format error] responses because I'm sending the queries from
a private address going through an NAT router, thus making the source
port != 53? Or is it something else? Or normal?

Thanks for your time and any help -
jab3

Relevant Pages

  • Re: cant configure networking for static IP address
    ... I test the network configuration: ... before doing this first ping the first hop - the default gateway from ... I can't ping the DNS server ... they might only allow dns packets to these ...
    (Debian-User)
  • Re: resolver latencies return in Mozilla 1.6
    ... I have watched the packets going out and I ... >> ISP's DNS server keeps rejecting. ... What's weird is that for these failing conversations my firewall doesn't seem ... Same sequential port numbers, but no ICMPs, no "ServFail" packet (whatever ...
    (comp.unix.bsd.freebsd.misc)
  • Re: problems with BT broadband connection
    ... speculation could point to DNS packets ... being lost over a dodgy wireless connection. ... improve the connection to your wireless router; ... PC's LAN interface to use 127.0.0.1 as your primary DNS server. ...
    (uk.telecom.broadband)
  • RE: Re[2]: [Full-disclosure] Personal firewalls.
    ... And setup some kind of overideing ruleset, ... If Z spoofs packets using the ip of the DNS Server (the one that is not ... Would be allowed to send those packets, SYN Packet, etc, as was stated, ad ... Checked by AVG Free Edition. ...
    (Full-Disclosure)
  • Re: Strange msgs in syslog
    ... these because there's a rule to log packets like this. ... Do you have a DNS server running on box 192.168.10.1? ... configured to send DNS requests to 192.168.10.1? ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)