IPv6 DNS query/response question
NSD is binding to udp/udp6 port 53 and tcp/tcp6 port 53.
My firewall is open for port 53 in both iptables and ip6tables for both udp and tcp.
I've got wireshark watching the DNS exchange and I see the standard DNS query/response on IPv6 but there is an additional line in the wireshark data that I don't understand:
958 202716.271255 2001:470:0:45::2 -> 2001:470:1f05:c23::a1 DNS Standard query AAAA devjonfos.net
959 202716.271513 2001:470:1f04:c23::2 -> 2001:470:0:45::2 DNS Standard query response AAAA 2001:470:1f05:e66::b1
960 202716.271967 2001:470:0:45::2 -> 2001:470:1f04:c23::2 ICMPv6 Unreachable (Port unreachable)
Which port is unreachable? Does this have something to do with DNS security?
Here's the raw data:
958 202716.271255 2001:470:0:45::2 -> 2001:470:1f05:c23::a1 DNS Standard query AAAA devjonfos.net
0000 fe fd ad e6 94 f2 00 12 f2 8f 79 08 08 00 45 00 ..........y...E.
0010 00 63 00 00 40 00 fc 29 8b 1a 48 34 68 4a ad e6 .c..@..)..H4hJ..
0020 94 f2 60 00 00 00 00 27 11 40 20 01 04 70 00 00 ..`....'.@ ..p..
0030 00 45 00 00 00 00 00 00 00 02 20 01 04 70 1f 05 .E........ ..p..
0040 0c 23 00 00 00 00 00 00 00 a1 59 09 00 35 00 27 .#........Y..5.'
0050 49 c1 aa a7 00 00 00 01 00 00 00 00 00 00 09 64 I..............d
0060 65 76 6a 6f 6e 66 6f 73 03 6e 65 74 00 00 1c 00 evjonfos.net....
0070 01 .
959 202716.271513 2001:470:1f04:c23::2 -> 2001:470:0:45::2 DNS Standard query response AAAA 2001:470:1f05:e66::b1
0000 00 12 f2 8f 79 08 fe fd ad e6 94 f2 08 00 45 00 ....y.........E.
0010 00 bd 00 00 40 00 ff 29 87 c0 ad e6 94 f2 48 34 ....@..)......H4
0020 68 4a 60 00 00 00 00 81 11 40 20 01 04 70 1f 04 hJ`......@ ..p..
0030 0c 23 00 00 00 00 00 00 00 02 20 01 04 70 00 00 .#........ ..p..
0040 00 45 00 00 00 00 00 00 00 02 00 35 59 09 00 81 .E.........5Y...
0050 b9 cf aa a7 84 00 00 01 00 01 00 02 00 00 09 64 ...............d
0060 65 76 6a 6f 6e 66 6f 73 03 6e 65 74 00 00 1c 00 evjonfos.net....
0070 01 09 64 65 76 6a 6f 6e 66 6f 73 03 6e 65 74 00 ..devjonfos.net.
0080 00 1c 00 01 00 00 0e 10 00 10 20 01 04 70 1f 05 .......... ..p..
0090 0e 66 00 00 00 00 00 00 00 b1 c0 1f 00 02 00 01 .f..............
00a0 00 00 0e 10 00 13 03 6e 73 31 09 6a 6f 6e 66 6f .......ns1.jonfo
00b0 73 74 65 72 03 6f 72 67 00 c0 1f 00 02 00 01 00 ster.org........
00c0 00 0e 10 00 06 03 6e 73 32 c0 58 ......ns2.X
960 202716.271967 2001:470:0:45::2 -> 2001:470:1f04:c23::2 ICMPv6 Unreachable (Port unreachable)
0000 fe fd ad e6 94 f2 00 12 f2 8f 79 08 08 00 45 00 ..........y...E.
0010 00 ed 00 00 40 00 fc 29 8a 90 48 34 68 4a ad e6 ....@..)..H4hJ..
0020 94 f2 60 00 00 00 00 b1 3a 40 20 01 04 70 00 00 ..`.....:@ ..p..
0030 00 45 00 00 00 00 00 00 00 02 20 01 04 70 1f 04 .E........ ..p..
0040 0c 23 00 00 00 00 00 00 00 02 01 04 18 8f 00 00 .#..............
0050 00 00 60 00 00 00 00 81 11 40 20 01 04 70 1f 04 ..`......@ ..p..
0060 0c 23 00 00 00 00 00 00 00 02 20 01 04 70 00 00 .#........ ..p..
0070 00 45 00 00 00 00 00 00 00 02 00 35 59 09 00 81 .E.........5Y...
0080 b9 cf aa a7 84 00 00 01 00 01 00 02 00 00 09 64 ...............d
0090 65 76 6a 6f 6e 66 6f 73 03 6e 65 74 00 00 1c 00 evjonfos.net....
00a0 01 09 64 65 76 6a 6f 6e 66 6f 73 03 6e 65 74 00 ..devjonfos.net.
00b0 00 1c 00 01 00 00 0e 10 00 10 20 01 04 70 1f 05 .......... ..p..
00c0 0e 66 00 00 00 00 00 00 00 b1 c0 1f 00 02 00 01 .f..............
00d0 00 00 0e 10 00 13 03 6e 73 31 09 6a 6f 6e 66 6f .......ns1.jonfo
00e0 73 74 65 72 03 6f 72 67 00 c0 1f 00 02 00 01 00 ster.org........
00f0 00 0e 10 00 06 03 6e 73 32 c0 58 ......ns2.X
This pattern repeats with other IPv6 DNS exchanges from other IPv6 addresses.
4 Replies
reply from unexpected source: 2001:470:1f04:c23::2#53, expected 2001:470:1f05:c23::a1#53
I'm guessing the reply is not coming from the destination the query was sent to.
–
Travis
BTW, were you actually able to get the quad-A record for ns1.jonfoster.org?
@devjonfos:
Ahh, okay…so maybe it's the HE tunnel address that others see as opposed to the actual address that is set in the quad-A record and that might be causing the unreachable port messages.
BTW, were you actually able to get the quad-A record for ns1.jonfoster.org?
Yes, both A and AAAA records.
Default server: ns1.jonfoster.org.
Address: 2001:470:1f05:c23::a1#53
Default server: ns1.jonfoster.org.
Address: 173.230.148.242#53
> ns1.jonfoster.org.
;; reply from unexpected source: 2001:470:1f04:c23::2#53, expected 2001:470:1f05:c23::a1#53
Server: ns1.jonfoster.org.
Address: 173.230.148.242#53
ns1.jonfoster.org has AAAA address 2001:470:1f05:c23::a1
>