Wireshark must have got the 'bskyb-pop3-ssl.l.google.com' result somehow. I can do an nslookup just after Wireshark comes back with 'bskyb-pop3-ssl.l.google.com' but I still get the same old vanilla flavoured 'pz-in-f208.1e100.net'.
Regards Richard <richard...@sky.com> -----Original Message----- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Andrew Hood Sent: 07 January 2010 11:39 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] How does Wireshark do name resolution? Richard Brooks wrote: > Hello Guy > > Your just not getting it. > > The question is given the ip address of '74.125.127.208', how does one query > a DNS server (in this case DNS ip 8.8.8.8 = public Google DNS) to get the > reply 'bskyb-pop3-ssl.l.google.co' (which is the reply Wireshark gets), and > not the reply 'pz-in-f208.1e100.net', which is what nslookup gets back. If your system did a DNS lookup of bskyb-pop3-ssl.l.google.com while Wireshark was running it could have cached the result and used that resolution. There is nothing invalid about the PTR record and the A record not matching. Not good style, but not illegal. The PTR record is in a block directly allocated to Google. They can map it to whatever they like. 1e100.net have an A record that matches the PTR record. Google have chosen not to provide PTR records for every A record that might point into their space. This can be bad news for a mail server. : dig bskyb-pop3-ssl.l.google.com ; <<>> DiG 9.3.5-P1 <<>> bskyb-pop3-ssl.l.google.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20404 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;bskyb-pop3-ssl.l.google.com. IN A ;; ANSWER SECTION: bskyb-pop3-ssl.l.google.com. 300 IN A 74.125.155.208 ;; AUTHORITY SECTION: google.com. 53445 IN NS ns1.google.com. google.com. 53445 IN NS ns2.google.com. google.com. 53445 IN NS ns3.google.com. google.com. 53445 IN NS ns4.google.com. ;; Query time: 209 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jan 7 22:23:39 2010 ;; MSG SIZE rcvd: 133 : dig -x 74.125.155.208 ; <<>> DiG 9.3.5-P1 <<>> -x 74.125.155.208 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32369 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;208.155.125.74.in-addr.arpa. IN PTR ;; ANSWER SECTION: 208.155.125.74.in-addr.arpa. 86400 IN PTR px-in-f208.1e100.net. ;; AUTHORITY SECTION: 125.74.in-addr.arpa. 86190 IN NS NS2.GOOGLE.COM. 125.74.in-addr.arpa. 86190 IN NS NS3.GOOGLE.COM. 125.74.in-addr.arpa. 86190 IN NS NS4.GOOGLE.COM. 125.74.in-addr.arpa. 86190 IN NS NS1.GOOGLE.COM. ;; Query time: 203 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jan 7 22:26:25 2010 ;; MSG SIZE rcvd: 161 : whois 74.125.155.208 OrgName: Google Inc. OrgID: GOGL Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US NetRange: 74.125.0.0 - 74.125.255.255 CIDR: 74.125.0.0/16 NetName: GOOGLE NetHandle: NET-74-125-0-0-1 Parent: NET-74-0-0-0-0 NetType: Direct Allocation NameServer: NS1.GOOGLE.COM NameServer: NS2.GOOGLE.COM NameServer: NS3.GOOGLE.COM NameServer: NS4.GOOGLE.COM Comment: RegDate: 2007-03-13 Updated: 2007-05-22 OrgTechHandle: ZG39-ARIN OrgTechName: Google Inc. OrgTechPhone: +1-650-318-0200 OrgTechEmail: arin-cont...@google.com # ARIN WHOIS database, last updated 2010-01-06 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. # # ARIN WHOIS data and services are subject to the Terms of Use # available at https://www.arin.net/whois_tou.html : dig px-in-f208.1e100.net. ; <<>> DiG 9.3.5-P1 <<>> px-in-f208.1e100.net. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36422 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;px-in-f208.1e100.net. IN A ;; ANSWER SECTION: px-in-f208.1e100.net. 86400 IN A 74.125.155.208 ;; AUTHORITY SECTION: 1e100.net. 172800 IN NS ns4.google.com. 1e100.net. 172800 IN NS ns1.google.com. 1e100.net. 172800 IN NS ns2.google.com. 1e100.net. 172800 IN NS ns3.google.com. ;; Query time: 220 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jan 7 22:29:39 2010 ;; MSG SIZE rcvd: 136 -- There's no point in being grown up if you can't be childish sometimes. -- Dr. Who ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
