Inconsistent nslookup behaviour

Question

When I run nslookup google.com 192.168.190.81 it works.
tcpdump -n -vv output during above command is:

18:12:24.815483 IP (tos 0x0, ttl 64, id 8975, offset 0, flags [none], proto UDP (17), length 56)
    192.168.190.85.50601 > 192.168.190.81.53: [bad udp cksum 0xfe2d -> 0xd17b!] 22170+ A? google.com. (28)
18:12:24.816513 IP (tos 0x0, ttl 128, id 42598, offset 0, flags [none], proto UDP (17), length 82)
    192.168.190.81.53 > 192.168.190.85.50601: [udp sum ok] 22170- q: A? google.com. 1/0/0 google.com. A 172.217.18.46 (54)
18:12:24.816971 IP (tos 0x0, ttl 64, id 8976, offset 0, flags [none], proto UDP (17), length 56)
    192.168.190.85.35152 > 192.168.190.81.53: [bad udp cksum 0xfe2d -> 0x81ff!] 57940+ AAAA? google.com. (28)
18:12:24.817741 IP (tos 0x0, ttl 128, id 42599, offset 0, flags [none], proto UDP (17), length 94)
    192.168.190.81.53 > 192.168.190.85.35152: [udp sum ok] 57940- q: AAAA? google.com. 1/0/0 google.com. AAAA 2a00:1450:4006:805::200e (66)

When I run nslookup google.com it times out.
tcpdump -n -vv output during above command is:

18:12:38.205600 IP (tos 0x0, ttl 64, id 23707, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.190.85.39750 > 192.168.190.81.53: Flags [S], cksum 0xfe26 (incorrect -> 0x0fa0), seq 1276672993, win 64240, options [mss 1460,sackOK,TS val 273927086 ecr 0,nop,wscale 7], length 0
18:12:38.205948 IP (tos 0x0, ttl 128, id 42600, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.190.81.53 > 192.168.190.85.39750: Flags [R.], cksum 0x4e62 (correct), seq 0, ack 1276672994, win 0, length 0
18:12:38.206190 IP (tos 0x0, ttl 64, id 10801, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.190.85.39752 > 192.168.190.81.53: Flags [S], cksum 0xfe26 (incorrect -> 0x7d01), seq 456474464, win 64240, options [mss 1460,sackOK,TS val 273927087 ecr 0,nop,wscale 7], length 0
18:12:38.206488 IP (tos 0x0, ttl 128, id 42601, offset 0, flags [DF], proto TCP (6), length 40)

So my question is: Why, when not specifying the DNS server explicitly, it changes to TCP (which I guess the server doesn't support)?

Some info about the environment:
- It's an Ubuntu 18.04 machine on Hyper-V on Windows 10
- 192.168.190.85 is the IP of the machine - 192.168.190.81 is the default gateway inside the Ubuntu machine

You have not told answerers several important things. 1. You have not told them where `nslookup` sends its queries by default. It's probably a local server. Hence 2. You have not told them what proxy DNS server you are running locally, and how it is configured to perform its back-end lookups. 3. You haven't told them what happens when you use `kdig`/`dig`/`dnsqr`. There's a learned response from experienced people to those who have a problem with `nslookup`, which is to use a better diagnosis tool before trying anything else. http://jdebp.uk./FGA/nslookup-flaws.html — JdeBP, Apr 22 '20 at 16:26
@JdeBP You're right. `/etc/resolv.conf` sends to `127.0.0.53`, where I guess the default ubuntu server is running. That probably explains it. Unfortunately, I can't reproduce the issue now, so don't have the other answers. Thanks — Eli Finkel, Apr 22 '20 at 16:32
See https://askubuntu.com/questions/1040595/dns-at-systemds-127-0-0-53-is-ignoring-some-lookups it's `systemd-resolved` — roaima, Apr 22 '20 at 17:33

Inconsistent nslookup behaviour

0 Answers0