[ale] still trying to figure it out

David S. Jackson dsj at sylvester.dsj.net
Thu Jul 31 20:36:40 EDT 2003 

On Thu, Jul 31, 2003 at 05:25:47PM -0400 Geoffrey The Esoteric <esoteric at 3times25.net> wrote:
> I'm still trying to figure out why I can not get to the web site 
> https://mybenefits.csplans.com/
> 
> I was just looking at the output of tcpdump.  When I connect 
> successfully from inside the dmz, I see a dns request and then a 
> response.  When I attempt to connect from behind the dmz, I see a dns 
> request and 'no such name' error.
> 
> Anyone have any idea how it is the data being passed to the dns server 
> would, in anyway get changed such that it can not locate the name?  Both 
> queries hit the same name server.

Well, I just checked the site, and it seems to be up for me.

I just did a whois on csplans.com, and it looks like they're
still messing with their dns records.  The authoritative dns host
is DNSJM1.CSPLANS.COM at 12.38.217.253, but look at this:


   Record expires on 30-Jun-2006.
   Record created on 22-Jul-2003.
   Database last updated on 31-Jul-2003 19:48:15 EDT.

Are you responsible for all this work on the part of the DNS
admins?  :-)   

I just did a few dig and nslookup queries on dnsjm1.csplans.com,
and all I get (for the most part) is "unspecified error", which
means I think they're filtering the dns ports and not authorizing
any sort of xfer to the likes of me.  (Also that I don't know how
to use the tools very well.)

But it looks like something's amiss with the dns.  If you do a
traceroute mybenefits.csplans.com you wind up at 66.21.65.162 in
12 hops.  If you do a nslookup on the same, you get 65.83.73.47.
Same if you ping (udp is filtered).  If you dig
mybenefits.csplans.com, you wind up with an A record at
65.83.73.47.  And it takes me 3713 msec, which seems like a long
time.  Also, you get some differences in output between 

dig @dnsjm1.csplans.com -t ANY csplans.com
and 
dig @ns.bellsouth.net -t ANY csplans.com

I wonder if csplans is running an older version of bind?

Then again, DNS could be fine and somebody just kicked the plug
out of the server the first time...  :-)

-- 
David S. Jackson                        dsj at dsj.net
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"But I don't like Spam!!!!"
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list