Solved

Strange issues accessing youtube

Posted on 2014-11-07
6
552 Views
Last Modified: 2015-08-09
We have a network where no one can access YouTube.  DNS is returning a bogus IP address and I cannot figure out where it is coming from (see nslookup below).  The response is not from Google's Public DNS server but from something else that must be in the middle of the lookups.  How can we determine where this bogus address is being returned from?  The firewall is a Cisco ASA, but I see nothing enabled there that would cause these types of issues.

C:\Users\Administrator>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        internet address = 208.70.74.21
        ttl = 0 (0 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN

------------
Name:    www.youtube.com
Address:  208.70.74.21

Open in new window

0
Comment
Question by:bdhtechnology
  • 3
  • 2
6 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40429866
If you use 4.2.2.2 instead of 8.8.8.8 what do you get?  The nslookup looks fine from my PC...

C:\Users\User>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 9,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.187
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.186
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.182
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.184
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.181
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.185
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.180
        ttl = 299 (4 mins 59 secs)
    ->  youtube-ui.l.google.com
        internet address = 31.55.167.183
        ttl = 299 (4 mins 59 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        AAAA IPv6 address = 2a00:1450:400b:c02::5b
        ttl = 299 (4 mins 59 secs)

------------
Name:    youtube-ui.l.google.com
Addresses:  2a00:1450:400b:c02::5b
          31.55.167.187
          31.55.167.186
          31.55.167.182
          31.55.167.184
          31.55.167.181
          31.55.167.185
          31.55.167.180
          31.55.167.183
Aliases:  www.youtube.com

Open in new window

0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 40429867
Also, out of interest, are you doing DNS rewrite at the ASA??
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 40434866
Mmmmm http://208.70.74.21/ (your response, is google?)

I Get

C:\Users\pete.long>nslookup -debug www.youtube.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 6304 (1 hour 45 mins 4 secs)

------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.itps.co.uk, type = A, class = IN
    AUTHORITY RECORDS:
    ->  itps.co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.itps.uk.net
        responsible mail addr = hostmaster.itps.uk.net
        serial  = 2012100306
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 38400 (10 hours 40 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.itps.co.uk, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  itps.co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.itps.uk.net
        responsible mail addr = hostmaster.itps.uk.net
        serial  = 2012100306
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 1209600 (14 days)
        default TTL = 38400 (10 hours 40 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.co.uk, type = A, class = IN
    AUTHORITY RECORDS:
    ->  co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.nic.uk
        responsible mail addr = hostmaster.nominet.org.uk
        serial  = 1303946126
        refresh = 900 (15 mins)
        retry   = 300 (5 mins)
        expire  = 2419200 (28 days)
        default TTL = 10800 (3 hours)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.youtube.com.co.uk, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  co.uk
        ttl = 1799 (29 mins 59 secs)
        primary name server = ns1.nic.uk
        responsible mail addr = hostmaster.nominet.org.uk
        serial  = 1303946126
        refresh = 900 (15 mins)
        retry   = 300 (5 mins)
        expire  = 2419200 (28 days)
        default TTL = 10800 (3 hours)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 12,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = A, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21576 (5 hours 59 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.73
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.68
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.70
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.78
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.64
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.69
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.66
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.65
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.71
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.72
        ttl = 276 (4 mins 36 secs)
    ->  youtube-ui.l.google.com
        internet address = 74.125.230.67
        ttl = 276 (4 mins 36 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        www.youtube.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.youtube.com
        canonical name = youtube-ui.l.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
    ->  youtube-ui.l.google.com
        AAAA IPv6 address = 2a00:1450:4009:800::1003
        ttl = 299 (4 mins 59 secs)

------------
Name:    youtube-ui.l.google.com
Addresses:  2a00:1450:4009:800::1003
          74.125.230.73
          74.125.230.68
          74.125.230.70
          74.125.230.78
          74.125.230.64
          74.125.230.69
          74.125.230.66
          74.125.230.65
          74.125.230.71
          74.125.230.72
          74.125.230.67
Aliases:  www.youtube.com


C:\Users\pete.long>


So given my response is different to Craigs, I suspect the responses are geo-specific (I'm in the UK).

PL
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 40435059
I'm in UK too.
0
 
LVL 1

Accepted Solution

by:
bdhtechnology earned 0 total points
ID: 40475646
In turns out the filtering system we use, iBoss, was rewriting the DNS queries.  I finally was able to track it back to that.  Still would be helpful if there was a way to look at DNS response and figure out where it came from.  Would a packet trace reveal info like that?
0
 
LVL 1

Author Closing Comment

by:bdhtechnology
ID: 40921267
In turns out the filtering system we use, iBoss, was rewriting the DNS queries.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now