[linux] Server returned error NXDOMAIN
Frans van Berckel
fberckel op xs4all.nl
Ma Apr 1 16:09:38 CEST 2019
On Mon, 2019-04-01 at 14:49 +0200, Daniel C. von Asmuth wrote:
> Aldus schreef Paul Slootman op Mon, Apr 01, 2019 at 11:09:04AM +0200:
> > On Sun 31 Mar 2019, Daniel C. von Asmuth wrote:
> > # tcpdump -vni vlan1 port 53
> > 11:06:22.484941 IP (tos 0x0, ttl 128, id 20218, offset 0, flags
> > [none], proto UDP (17), length 64) 192.168.0.2.55593 >
> > 192.168.1.91.53: 59881+ [1au] A? a.b.c.d.(36)
> > 11:06:22.497821 IP (tos 0x0, ttl 64, id 41840, offset 0, flags
> > [none], proto UDP (17), length 1052) 192.168.1.91.53 >
> > 192.168.0.2.55593: 59881 NXDomain 0/6/1
> > (1024)
> >
> > Dit was dan tcpdump op het lokale netwerk op de gateway firewall.
> > Je kunt duidelijk zien dat er een request gedaan werd voor a.b.c.d
Met dit voorbeeld ben ik eruit ...
# systemctl restart transmission-daemon.service
Apr 1 14:27:01 deblnxsrv251 systemd[1]: Stopping Transmission
BitTorrent Daemon...
Apr 1 14:27:02 deblnxsrv251 systemd[1]: Stopped Transmission
BitTorrent Daemon.
Apr 1 14:27:02 deblnxsrv251 systemd[1]: Starting Transmission
BitTorrent Daemon...
Apr 1 14:27:02 deblnxsrv251 systemd[1]: Started Transmission
BitTorrent Daemon.
Apr 1 14:27:20 deblnxsrv251 systemd-resolved[477]: Server returned
error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001,
retrying transaction with reduced feature level UDP.
Wat blijkt Transmission-daemon probeert je domein te gebruiken.
# tcpdump -vni any port 53
14:27:20.706197 IP (tos 0x0, ttl 64, id 4645, offset 0, flags [DF],
proto UDP (17), length 80) 192.168.1.251.55417 > 194.109.6.66.53:
16774+ [1au] AAAA? TraCKEr.copPerSurFeR.tK. (52)
14:27:20.712861 IP (tos 0x0, ttl 61, id 23604, offset 0, flags [DF],
proto UDP (17), length 136) 194.109.6.66.53 > 192.168.1.251.55417:
16774 0/1/1 (108)
14:27:20.713154 IP (tos 0x0, ttl 64, id 12432, offset 0, flags [DF],
proto UDP (17), length 69) 127.0.0.53.53 > 127.0.0.1.59652: 7196 0/0/0
(41)
14:27:20.713317 IP (tos 0x0, ttl 64, id 9112, offset 0, flags [DF],
proto UDP (17), length 82) 127.0.0.1.59652 > 127.0.0.53.53: 9623+ AAAA?
TracKer.cOPPerSUrFEr.tK.{gecensureerd}.Nl. (54)
Met vriendelijke groet,
--
Frans van Berckel
Media Engineer / Linux Master
LinkedIn: https://www.linkedin.com/in/fransvberckel/
Meer informatie over de Linux
maillijst