Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1632
Views
0
Helpful
0
Replies

DNS response TTL value is 0

zsigmond.szilveszter
Level 1
Level 1

‎02-01-2015 02:02 AM - edited ‎03-03-2019 07:44 AM

Hello!

We have a CISCO 881, IOS 15.2(4)M6. On WAN interface is configured the 86.34.156.48/29 subnet from our ISP. Behind the router is staying 2 webserver. NAT: 86.34.156.51 <> 10.10.10.100 (private IP, server1). If I configure the BIND DNS server's A records with the external IP of the server(86.34.156.51) the outside world never get the response from my DNS server(I don't know what happens there, probably the router get the dns pachet and redirects back to 10.10.10.100), and it is sure the DNS server is configured and works properly(I captured the IP packets with TCPdump). But if I configure the DNS server's A records with the server private IP (10.10.10.100)  the packets is alwasy arriving to proper destination(probably the router's NAT rule changes the DNS packet IP (10.10.10.100) to 86.34.156.51).

The question is that is OK? Can I do that? 

An other issue is that for unknown reason the DNS responses TTL value disappear en route.  Below I pasted the DNS packet captured. Here is appear the TTL=10h10m. I have tried different TTL values too.

# tcpdump -i em1 -vvv -s 0 -l -n port 53
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
11:49:57.722164 IP (tos 0x0, ttl 51, id 22628, offset 0, flags [none], proto UDP (17), length 71)
    82.79.24.76.22880 > 10.10.10.100.domain: [udp sum ok] 58895 [1au] A? style2take.com. ar: . OPT UDPsize=4096 OK (43)
11:49:57.722692 IP (tos 0x0, ttl 64, id 26003, offset 0, flags [none], proto UDP (17), length 168)
    10.10.10.100.domain > 82.79.24.76.22880: [bad udp cksum 0x7fae -> 0x5106!] 58895*- q: A? style2take.com. 1/2/3 style2take.com. [10h40m] A 10.10.10.100 ns: style2take.com. [10h40m] NS ns1.style2take.ro., style2take.com. [10h40m] NS ns2.style2take.ro. ar: ns1.style2take.ro. [1h] A 10.10.10.100, ns2.style2take.ro. [1h] A 10.10.10.100, . OPT UDPsize=4096 OK (140)

 

And here is the response, this is an other linux server away from our, in other subnet etc. The TTL value is 0. Where is the problem? The router is erasing the TTL value??

 

dig style2take.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> style2take.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22181
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;style2take.com.                        IN      A

;; ANSWER SECTION:
style2take.com.         0       IN      A       86.34.156.51   

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card