Solved

Strange issues accessing youtube

Posted on 2014-11-07
6
570 Views
Last Modified: 2015-08-09
We have a network where no one can access YouTube.  DNS is returning a bogus IP address and I cannot figure out where it is coming from (see nslookup below).  The response is not from Google's Public DNS server but from something else that must be in the middle of the lookups.  How can we determine where this bogus address is being returned from?  The firewall is a Cisco ASA, but I see nothing enabled there that would cause these types of issues.

C:\Users\Administrator>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        internet address = 208.70.74.21
        ttl = 0 (0 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN

------------
Name:    www.youtube.com
Address:  208.70.74.21

Open in new window

0
Comment
Question by:bdhtechnology
  • 3
  • 2
6 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40429866
If you use 4.2.2.2 instead of 8.8.8.8 what do you get?  The nslookup looks fine from my PC...

C:\Users\User>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 9,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.187
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.186
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.182
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.184
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.181
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.185
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.180
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.183
        ttl = 299 (4 mins 59 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        AAAA IPv6 address = 2a00:1450:400b:c02::5b
        ttl = 299 (4 mins 59 secs)

------------
Name:    youtube-ui.l.google.com
Addresses:  2a00:1450:400b:c02::5b
          31.55.167.187
          31.55.167.186
          31.55.167.182
          31.55.167.184
          31.55.167.181
          31.55.167.185
          31.55.167.180
          31.55.167.183
Aliases:  www.youtube.com

Open in new window

0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 40429867
Also, out of interest, are you doing DNS rewrite at the ASA??
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 40434866
Mmmmm http://208.70.74.21/ (your response, is google?)

I Get

C:\Users\pete.long>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 6304 (1 hour 45 mins 4 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.itps.co.uk, type = A, class = IN
    AUTHORITY RECORDS:
    ->  itps.co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.itps.uk.net
        responsible mail addr = hostmaster.itps.uk.net
        serial  = 2012100306
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 38400 (10 hours 40 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.itps.co.uk, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  itps.co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.itps.uk.net
        responsible mail addr = hostmaster.itps.uk.net
        serial  = 2012100306
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 38400 (10 hours 40 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.co.uk, type = A, class = IN
    AUTHORITY RECORDS:
    ->  co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.nic.uk
        responsible mail addr = hostmaster.nominet.org.uk
        serial  = 1303946126
        refresh = 900 (15 mins)
        retry   = 300 (5 mins)
        expire  = 2419200 (28 days)
        default TTL = 10800 (3 hours)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.co.uk, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.nic.uk
        responsible mail addr = hostmaster.nominet.org.uk
        serial  = 1303946126
        refresh = 900 (15 mins)
        retry   = 300 (5 mins)
        expire  = 2419200 (28 days)
        default TTL = 10800 (3 hours)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 12,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21576 (5 hours 59 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.73
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.68
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.70
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.78
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.64
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.69
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.66
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.65
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.71
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.72
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.67
        ttl = 276 (4 mins 36 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        AAAA IPv6 address = 2a00:1450:4009:800::1003
        ttl = 299 (4 mins 59 secs)

------------
Name:    youtube-ui.l.google.com
Addresses:  2a00:1450:4009:800::1003
          74.125.230.73
          74.125.230.68
          74.125.230.70
          74.125.230.78
          74.125.230.64
          74.125.230.69
          74.125.230.66
          74.125.230.65
          74.125.230.71
          74.125.230.72
          74.125.230.67
Aliases:  www.youtube.com


C:\Users\pete.long>


So given my response is different to Craigs, I suspect the responses are geo-specific (I'm in the UK).

PL
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 45

Expert Comment

by:Craig Beck
ID: 40435059
I'm in UK too.
0
 
LVL 1

Accepted Solution

by:
bdhtechnology earned 0 total points
ID: 40475646
In turns out the filtering system we use, iBoss, was rewriting the DNS queries.  I finally was able to track it back to that.  Still would be helpful if there was a way to look at DNS response and figure out where it came from.  Would a packet trace reveal info like that?
0
 
LVL 1

Author Closing Comment

by:bdhtechnology
ID: 40921267
In turns out the filtering system we use, iBoss, was rewriting the DNS queries.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Connector Delivery 5 39
MacBook wifi issues 6 37
CISCO Smartnet agreement 5 32
Office 365 DirSync Non-routable domain even thought it is routable. 8 63
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
An article on effective troubleshooting
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now