"www.youtube.com" DNS query resolved with different ip- HELP!!!

Archie_Enthusiasm · 2011-04-28 03:15:05

Hi Folks,

I have a weird question, but it is true and thus making me worry about this. I have arch linux on my machine as host OS. On top of it by using virtualbox, I installed windows 7. From my archlinux machine, I can't access some sites anymore (for example, www.youtube.com) . What happens is it just takes so long when I try www.youtube.com and the Firefox says "connection is taking too long", (meaning no response at all). But when I access www.youtube.com from my guest OS (Windows 7), it is working fine. I was very confused by this. Therefore, I did traceroute in both OSs. Now I found out that the name resolution gives different ips. In windows, i get a different ip for the dns query www.youtube.com than the one I did in archlinux. Seemingly, the ip address resolved on archlinux does exist, but somehow does not respond to or doesn't accept the request.

What is happening here? Why do I have different ips for the same query, even if I am sending the queries from the same machine? Is this DNS spoofing or something running agains all queries from my arch linux OS? For me, it does not really make sense.

Please help what could be happening here. (I deleted cache and tried again.... Of course, I don't have any entries in my resolv.conf file for youtube for example)

Thanks a lot.

RiceKills · 2011-04-28 03:29:16

are you sure you are using the same dns on both machines?

Archie_Enthusiasm · 2011-04-28 04:06:15

In virtualbox, I am doing NAT in order to have network connection in my guest OS.

And on my arch linux, I have only one entry in my resolv.conf (192.168.0.1). So there is no other DNS server available inside my LAN. When the packet leaves my home router, I don't have any influence on this (since the name has already been resolved and the packet goes with the resolved IP address). (My ISP assigned me a static DNS server.)

> nslookup www.youtube.com
Server:        192.168.0.1
Address:    192.168.0.1#53

Non-authoritative answer:
www.youtube.com    canonical name = youtube-ui.l.google.com.
Name:    youtube-ui.l.google.com
Address: 74.125.224.78
Name:    youtube-ui.l.google.com
Address: 74.125.224.70
Name:    youtube-ui.l.google.com
Address: 74.125.224.77
Name:    youtube-ui.l.google.com
Address: 74.125.224.74
Name:    youtube-ui.l.google.com
Address: 74.125.224.69
Name:    youtube-ui.l.google.com
Address: 74.125.224.73
Name:    youtube-ui.l.google.com
Address: 74.125.224.68
Name:    youtube-ui.l.google.com
Address: 74.125.224.71
Name:    youtube-ui.l.google.com
Address: 74.125.224.72
Name:    youtube-ui.l.google.com
Address: 74.125.224.79
Name:    youtube-ui.l.google.com
Address: 74.125.224.64
Name:    youtube-ui.l.google.com
Address: 74.125.224.67
Name:    youtube-ui.l.google.com
Address: 74.125.224.75
Name:    youtube-ui.l.google.com
Address: 74.125.224.66
Name:    youtube-ui.l.google.com
Address: 74.125.224.76
Name:    youtube-ui.l.google.com
Address: 74.125.224.65

> ping www.youtube.com
PING www.youtube.com (209.85.135.103) 56(84) bytes of data.

Please see above. This is very strange. When I ping it, I get a different IP than nslookup tells. These IP addresses are all from google (including the one starting with 209.....) Why is this happening?

Last edited by Archie_Enthusiasm (2011-04-28 04:18:30)

ewaller · 2011-04-28 04:24:35

Well, Youtube is owned by Goggle, and I am reasonably sure Google has more than one IP address facing the net.

Archie_Enthusiasm · 2011-04-28 04:30:36

I know that youtube is owned by Google. There is one reasonable reason that I could think of for this happening. Google changed or removed this ip address starting with 209 and the dns server of my ISP did not get it yet (because of its cache or old zone files ). But I have this problem happening for 3 weeks now. This means it should have been enough time to be updated on the dns server of my ISP. But this again does not make any sense at all. How could then my guest OS manage to have the working ip address? (one of the ips starting with 74)

Anyone has an idea or reasonable explanation?

Thanks.

Last edited by Archie_Enthusiasm (2011-04-28 04:31:25)

ewaller · 2011-04-28 06:51:02

Okay, I'm tracking what you are asking now -- Sorry about that. I thought you were concerned about an address being nondeterministic.

Any chance you are running Avahi ? If so, you could have a DNS cache you had not realized was there.
Also, have you looked at what happens with traceroute ??

Archie_Enthusiasm · 2011-04-28 15:08:48

Hi, thanks for the follow-up.

I do have installed avahi, but have no idea whether the cached dns is being used. Can you please tell me how I can check it out?

I had a look on traceroute. As expected, before the traceroute takes place, the name gets resolved. That means on arch linux os, the ip address starting with 202 is used and on the windows OS one of the ip addresses starting with 74 which delivers the www.youtube.com back is being used. When I track the route, the next 5 or 6 hops are same. Since the ip address is different, at some point the corresponding hop sends the packet to a different router.

Arch Linux

#1 2011-04-28 03:15:05

"www.youtube.com" DNS query resolved with different ip- HELP!!!

#2 2011-04-28 03:29:16

Re: "www.youtube.com" DNS query resolved with different ip- HELP!!!

#3 2011-04-28 04:06:15

Re: "www.youtube.com" DNS query resolved with different ip- HELP!!!

#4 2011-04-28 04:24:35

Re: "www.youtube.com" DNS query resolved with different ip- HELP!!!

#5 2011-04-28 04:30:36

Re: "www.youtube.com" DNS query resolved with different ip- HELP!!!

#6 2011-04-28 06:51:02

Re: "www.youtube.com" DNS query resolved with different ip- HELP!!!

#7 2011-04-28 15:08:48

Re: "www.youtube.com" DNS query resolved with different ip- HELP!!!

Board footer