Monday, January 31, 2005


Doubt begins only at the last frontiers of what is possible

The ongoing saga of my frummie friend's PC has taken a decidedly weird turn. My friend was about to throw in the proverbial towel, and ask me to rebuild the beast, but the intermittent nature of the problem was bugging the heck out of me. If it works some of the time, then there's obviously a reason why it isn't working at other times, so after booting the guest OS under VMWare and getting the same intermittent faults, I decided to haul out the heavy artillery, the Sniffer (well, Ethereal actually, since I'm very far from the physical box). Some really weird stuff was going down in the protocol trace. The query to the DNS server in the router looked fine, but the response was most interesting -

Transaction ID: 0x0016
Flags: 0x8100 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)

The server responded back with the name servers for the URL in question. I've never seen a DNS server as screwed up as this one. Iterative queries are for server to server operations, not for end station queries. In fact, I can't find any reference to any registry value in Windoze that can be set to force iterative queries in situations like this. I wouldn't necessarily want every PC on my network doing iterative queries against servers from both the bandwidth and security standpoint, and I'm mystified as to why a major cable ISP couldn't pick something like this up - surely if it's happening to my friend, it's happening to other people in the neighborhood. Or are sheeple too inured to mediocre service to complain?

One correspondent suggested pulling the router, as he had attempted an nslookup against the very server in question and got back a correct result. I doubt it's the router, as the checksums were OK, and the server was providing the best known name servers for the URL in question in the response. I'll try it for grins and giggles, but it's absorbing too much of my time. He did provide another reasonably local DNS server on that ISP's network for me to try with my friend's PC, and I'll do that later after I've finished my nightly voodoo doll ritual with Mr. Gates' effigy.


<< Home

This page is powered by Blogger. Isn't yours?

Technorati search