Solved

Strange issues accessing youtube

Posted on 2014-11-07
6
620 Views
Last Modified: 2015-08-09
We have a network where no one can access YouTube.  DNS is returning a bogus IP address and I cannot figure out where it is coming from (see nslookup below).  The response is not from Google's Public DNS server but from something else that must be in the middle of the lookups.  How can we determine where this bogus address is being returned from?  The firewall is a Cisco ASA, but I see nothing enabled there that would cause these types of issues.

C:\Users\Administrator>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        internet address = 208.70.74.21
        ttl = 0 (0 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN

------------
Name:    www.youtube.com
Address:  208.70.74.21

Open in new window

0
Comment
Question by:bdhtechnology
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40429866
If you use 4.2.2.2 instead of 8.8.8.8 what do you get?  The nslookup looks fine from my PC...

C:\Users\User>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 9,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.187
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.186
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.182
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.184
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.181
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.185
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.180
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.183
        ttl = 299 (4 mins 59 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        AAAA IPv6 address = 2a00:1450:400b:c02::5b
        ttl = 299 (4 mins 59 secs)

------------
Name:    youtube-ui.l.google.com
Addresses:  2a00:1450:400b:c02::5b
          31.55.167.187
          31.55.167.186
          31.55.167.182
          31.55.167.184
          31.55.167.181
          31.55.167.185
          31.55.167.180
          31.55.167.183
Aliases:  www.youtube.com

Open in new window

0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 40429867
Also, out of interest, are you doing DNS rewrite at the ASA??
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 40434866
Mmmmm http://208.70.74.21/ (your response, is google?)

I Get

C:\Users\pete.long>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 6304 (1 hour 45 mins 4 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.itps.co.uk, type = A, class = IN
    AUTHORITY RECORDS:
    ->  itps.co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.itps.uk.net
        responsible mail addr = hostmaster.itps.uk.net
        serial  = 2012100306
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 38400 (10 hours 40 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.itps.co.uk, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  itps.co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.itps.uk.net
        responsible mail addr = hostmaster.itps.uk.net
        serial  = 2012100306
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 38400 (10 hours 40 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.co.uk, type = A, class = IN
    AUTHORITY RECORDS:
    ->  co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.nic.uk
        responsible mail addr = hostmaster.nominet.org.uk
        serial  = 1303946126
        refresh = 900 (15 mins)
        retry   = 300 (5 mins)
        expire  = 2419200 (28 days)
        default TTL = 10800 (3 hours)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.co.uk, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.nic.uk
        responsible mail addr = hostmaster.nominet.org.uk
        serial  = 1303946126
        refresh = 900 (15 mins)
        retry   = 300 (5 mins)
        expire  = 2419200 (28 days)
        default TTL = 10800 (3 hours)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 12,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21576 (5 hours 59 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.73
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.68
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.70
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.78
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.64
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.69
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.66
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.65
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.71
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.72
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.67
        ttl = 276 (4 mins 36 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        AAAA IPv6 address = 2a00:1450:4009:800::1003
        ttl = 299 (4 mins 59 secs)

------------
Name:    youtube-ui.l.google.com
Addresses:  2a00:1450:4009:800::1003
          74.125.230.73
          74.125.230.68
          74.125.230.70
          74.125.230.78
          74.125.230.64
          74.125.230.69
          74.125.230.66
          74.125.230.65
          74.125.230.71
          74.125.230.72
          74.125.230.67
Aliases:  www.youtube.com


C:\Users\pete.long>


So given my response is different to Craigs, I suspect the responses are geo-specific (I'm in the UK).

PL
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 46

Expert Comment

by:Craig Beck
ID: 40435059
I'm in UK too.
0
 
LVL 1

Accepted Solution

by:
bdhtechnology earned 0 total points
ID: 40475646
In turns out the filtering system we use, iBoss, was rewriting the DNS queries.  I finally was able to track it back to that.  Still would be helpful if there was a way to look at DNS response and figure out where it came from.  Would a packet trace reveal info like that?
0
 
LVL 1

Author Closing Comment

by:bdhtechnology
ID: 40921267
In turns out the filtering system we use, iBoss, was rewriting the DNS queries.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question