Strange DNS problem, apparently from external servers

Chris Green cl at isbd.net
Mon Feb 14 17:22:12 UTC 2022 

I have been doing various things to my two xubuntu 21.10 systems on my
LAN recently.  I now have a strange DNS issue which I just don't
understand at all.

In trying to work out what wrong I have even disable all local DNS
caching etc. on one of the systems and I'm still getting very odd
answers.

This is when I search for a device which hasn't been present on my LAN
for several months, it's as if the upstream servers have remembered
something.

Here's a couple of samples:-

    chris$ host  2820n 8.8.8.8
    Using domain server:
    Name: 8.8.8.8
    Address: 8.8.8.8#53
    Aliases: 

    2820n.zbmc.eu is an alias for 2820n.
    2820n has address 192.168.1.20
    Host 2820n not found: 3(NXDOMAIN)
    Host 2820n not found: 3(NXDOMAIN)
    chris$ dig @8.8.8.8 2820n

    ; <<>> DiG 9.16.15-Ubuntu <<>> @8.8.8.8 2820n
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31607
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    ;; WARNING: Message has 1 extra bytes at end

    ;; QUESTION SECTION:
    ;2820n.                             IN      A

    ;; ANSWER SECTION:
    2820n.                      86400   IN      A       192.168.1.20

    ;; Query time: 3 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Mon Feb 14 17:08:50 GMT 2022
    ;; MSG SIZE  rcvd: 40

So dig and host agree.  But I don't *have* a 2820n on my LAN, as I
said it was removed several month's ago.  I get the same results 
whatever external server I use.  Apart from anything else I don't
understand how an external server can return a private address.

How do I find what's going on here and where that 192.168.1.20 address
for 2820n is coming from.  I've searched through much of the /var
hierarchy and there's no '2820n' in there, I don't really see how it
can be local anyway as I'm specifically using DNS servers out on the
internet.

There *is* a system at 192.168.1.20 but it's not called 2820n, its
name is tl-mr3420.

Another system gets a totally wrong address (again the address of
another system):-

    chris$ host backup
    ;; connection timed out; no servers could be reached

    chris$ host backup 8.8.8.8
    Using domain server:
    Name: 8.8.8.8
    Address: 8.8.8.8#53
    Aliases: 

    backup.zbmc.eu is an alias for backup.
    backup has address 192.168.1.114
    Host backup not found: 3(NXDOMAIN)
    Host backup not found: 3(NXDOMAIN)


What on earth is going on?

I've checked, as far as I am able, for duplicate IPs and things like
that on the LAN.

-- 
Chris Green

More information about the ubuntu-users mailing list