# Strange problem with djbdns dnscache



## jdack (Sep 25, 2012)

Hi all. I'm having a puzzling issue with my dnscache server all of a sudden, though no changes have been made and the current config has worked for ages. I'll try to provide as much detail as I can.

I am running djbdns dnscache for local resolution on my network.

The machine is FreeBSD 6.3-STABLE

The problem began Monday morning some time after 10:00am. It just sort of "happened." No changes to the firewall or dns config were made.

Essentially, I can only reach about half the internet. For example, Amazon.com comes up but it's css and many images are broken. Some digging lead me to believe the problem is that akamai.net, who hosts content for a lot of major sites, has changed many of it's server's IP addresses, but my caching server will not update no matter what I've tried.

Here is some sample output, from a shell that is totally outside my network (I get the same results from other places like freeshell)


```
> dnsqr A a1886.g.akamai.net
1 a1886.g.akamai.net:
68 bytes, 1+2+0+0 records, response, noerror
query: 1 a1886.g.akamai.net
answer: a1886.g.akamai.net 20 A 23.3.105.66
answer: a1886.g.akamai.net 20 A 23.3.105.67
```

Here is the same query on my dnscache server:


```
dnsqr A a1886.g.akamai.net
1 a1886.g.akamai.net:
68 bytes, 1+2+0+0 records, response, noerror
query: 1 a1886.g.akamai.net
answer: a1886.g.akamai.net 20 A 69.22.138.11
answer: a1886.g.akamai.net 20 A 69.22.138.34
```

Note: the query being done is based on copying the image url of a broken link on one site, I've repeated this with several others, and the result is the same.

If I put in Google's free DNS on my pc, everything works fine.

I have restarted dnscache (running out of /service) and even gone so far as to reboot the box out of desperation.

Again, I have minimal firewall rules which haven't been changed, nor has my DNSCACHE config.

Any suggestions on what I could try next would be greatly appreciated. This is just bizarre.

Thanks in advance,
-J


----------



## SirDice (Sep 26, 2012)

jdack said:
			
		

> The machine is FreeBSD 6.3-STABLE


FreeBSD 6.3 has been End-of-Life since January 2010.

http://www.freebsd.org/security/#unsup


----------



## DutchDaemon (Sep 26, 2012)

This means: upgrade to a supported version, or your question won't be addressed.


----------



## SirDice (Sep 26, 2012)

It doesn't happen often but FreeBSD, just like any other OS, can be hacked. Especially if you are running an old and unsupported version. Since the EoL there have been numerous security fixes, none of them are patched on 6.3. Not something I would allow on my network if it was up to me.


----------

