Solved

Strange issues accessing youtube

Posted on 2014-11-07
6
597 Views
Last Modified: 2015-08-09
We have a network where no one can access YouTube.  DNS is returning a bogus IP address and I cannot figure out where it is coming from (see nslookup below).  The response is not from Google's Public DNS server but from something else that must be in the middle of the lookups.  How can we determine where this bogus address is being returned from?  The firewall is a Cisco ASA, but I see nothing enabled there that would cause these types of issues.

C:\Users\Administrator>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        internet address = 208.70.74.21
        ttl = 0 (0 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN

------------
Name:    www.youtube.com
Address:  208.70.74.21

Open in new window

0
Comment
Question by:bdhtechnology
  • 3
  • 2
6 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40429866
If you use 4.2.2.2 instead of 8.8.8.8 what do you get?  The nslookup looks fine from my PC...

C:\Users\User>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 9,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.187
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.186
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.182
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.184
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.181
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.185
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.180
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.183
        ttl = 299 (4 mins 59 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        AAAA IPv6 address = 2a00:1450:400b:c02::5b
        ttl = 299 (4 mins 59 secs)

------------
Name:    youtube-ui.l.google.com
Addresses:  2a00:1450:400b:c02::5b
          31.55.167.187
          31.55.167.186
          31.55.167.182
          31.55.167.184
          31.55.167.181
          31.55.167.185
          31.55.167.180
          31.55.167.183
Aliases:  www.youtube.com

Open in new window

0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 40429867
Also, out of interest, are you doing DNS rewrite at the ASA??
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 40434866
Mmmmm http://208.70.74.21/ (your response, is google?)

I Get

C:\Users\pete.long>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 6304 (1 hour 45 mins 4 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.itps.co.uk, type = A, class = IN
    AUTHORITY RECORDS:
    ->  itps.co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.itps.uk.net
        responsible mail addr = hostmaster.itps.uk.net
        serial  = 2012100306
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 38400 (10 hours 40 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.itps.co.uk, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  itps.co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.itps.uk.net
        responsible mail addr = hostmaster.itps.uk.net
        serial  = 2012100306
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 38400 (10 hours 40 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.co.uk, type = A, class = IN
    AUTHORITY RECORDS:
    ->  co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.nic.uk
        responsible mail addr = hostmaster.nominet.org.uk
        serial  = 1303946126
        refresh = 900 (15 mins)
        retry   = 300 (5 mins)
        expire  = 2419200 (28 days)
        default TTL = 10800 (3 hours)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.co.uk, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.nic.uk
        responsible mail addr = hostmaster.nominet.org.uk
        serial  = 1303946126
        refresh = 900 (15 mins)
        retry   = 300 (5 mins)
        expire  = 2419200 (28 days)
        default TTL = 10800 (3 hours)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 12,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21576 (5 hours 59 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.73
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.68
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.70
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.78
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.64
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.69
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.66
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.65
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.71
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.72
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.67
        ttl = 276 (4 mins 36 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        AAAA IPv6 address = 2a00:1450:4009:800::1003
        ttl = 299 (4 mins 59 secs)

------------
Name:    youtube-ui.l.google.com
Addresses:  2a00:1450:4009:800::1003
          74.125.230.73
          74.125.230.68
          74.125.230.70
          74.125.230.78
          74.125.230.64
          74.125.230.69
          74.125.230.66
          74.125.230.65
          74.125.230.71
          74.125.230.72
          74.125.230.67
Aliases:  www.youtube.com


C:\Users\pete.long>


So given my response is different to Craigs, I suspect the responses are geo-specific (I'm in the UK).

PL
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 40435059
I'm in UK too.
0
 
LVL 1

Accepted Solution

by:
bdhtechnology earned 0 total points
ID: 40475646
In turns out the filtering system we use, iBoss, was rewriting the DNS queries.  I finally was able to track it back to that.  Still would be helpful if there was a way to look at DNS response and figure out where it came from.  Would a packet trace reveal info like that?
0
 
LVL 1

Author Closing Comment

by:bdhtechnology
ID: 40921267
In turns out the filtering system we use, iBoss, was rewriting the DNS queries.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question