nslookup 142.250.140.94
94.140.250.142.in-addr.arpa name = wj-in-f94.1e100.net.
works straight away
nslookup 161.129.34.162
;; connection timed out; no servers could be reached
What?
ping 161.129.34.162
64 bytes from 161.129.34.162: icmp_seq=1 ttl=55 time=215 ms
So I’m lost, how can the middle one say “timout”? I’m guessing some upstream DNS server isn’t working properly, but I don’t know. Are there other tools in Rocky I could use to find where it’s going wrong?
This came about because I received an incoming connection from 161.129.34.162 and noticed that my server was unable to respond using tcp/ip
You can also use dig command which comes in one of the bind packages, bind-utils I think. Anyway, even with that:
dig -x 161.129.34.162 1
;; communications error to 10.10.11.1#53: timed out
;; communications error to 10.10.11.1#53: timed out
;; communications error to 10.10.11.1#53: timed out
; <<>> DiG 9.18.39 <<>> -x 161.129.34.162
;; global options: +cmd
;; no servers could be reached
as you can see it cannot reach the DNS servers that provide the reverse DNS (ptr) record for that IP. We can even see that by for example, checking against Google DNS:
as you can see in the above it’s more verbose and says EDE: 22 (No Reachable Authority) so that is why. Reverse DNS records or PTR are usually resolved by the ISP that has that IP range. It is either that they haven’t configured a PTR record at all, or their DNS servers are not responding to the request.
Nothing wrong with your computer or anything, basically whoever has that IP from whatever ISP is the problem.
“Forward-confirmed reverse DNS (FCrDNS), also known as full-circle reverse DNS, double-reverse DNS, or iprev, is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other. This is the standard configuration expected by the Internet standards supporting many DNS -reliant protocols. David Barr published an opinion in RFC 1912 (Informational) recommending it as best practice for DNS administrators, but there are no formal requirements for it codified within the DNS standard itself.“
As that last sentence states, it is NOT required for internet access.
I’m trying to understand where it goes; in this case I’m not using Google’s DNS.
dig -x 161.129.34.162 +nssearch +showsearch
;; no response from 192.155.80.213
;; no response from 45.33.39.140
This is interesting, because it didn’t say anything about these two name servers before. I don’t even know if the dig command above is “correct”, I was just trying different options hoping for more detail.
dig -x 45.33.39.140
140.39.33.45.in-addr.arpa. 300 IN PTR 45-33-39-140.ip.linodeusercontent.com.
It says that the name server starting with ‘45’ is something to do with ‘linode’.
dig @45.33.39.140 www.google.com
timeout
So does it mean the ‘linode’ name server is down??
You tried to run a DNS query against the IP address 45.33.39.140 which is obviously not a DNS server since it didn’t respond or it only allows DNS queries from certain IP addresses by the use of ACL’s.
It may also well be that the particular IP doesn’t have DNS forwarders configured, which means it won’t reply to DNS queries for hosts it isn’t an authority for. For example, I can create a DNS server that will reply for queries on domain example.com, but unless I configure forwarders it won’t reply if someone tries to check any other domain, eg: google.com, yahoo.com or whatever because they are entries on other DNS servers in the world.
Most likely from the PTR, linodeusercontent is usually a VPS at Linode, I used to use Linode for VPS’s and their default PTR for any VM’s created has an entry like that unless you change it. So you can check DNS against it, but unless a DNS server is running on that VPS, then it’s not going to reply. So there is no problem. I have plenty of services on my VPS, some are publicly available, and some are not. I have DNS on mine, but you will not be able to check it because I don’t allow access. But that is my business since it’s my VPS, I can allow what I want, just like the person who has the VPS at linode. It doesn’t have to respond to your queries.
You will get incoming connections all the time on your server if it’s publicly available. Just because your server couldn’t respond using TCP/IP or whatever doesn’t mean there is a problem. I don’t really understand what you are trying to search for anyway with those IP’s. As has already been explained, some IP’s will have reverse DNS entries, but they don’t need to be published. So if it doesn’t reply with one, then it doesn’t matter. It’s not important.