[dns-operations] af.mil DNS issue

Peter Dambier peter at peter-dambier.de
Fri Jun 30 15:38:52 UTC 2006 

Seen from

host_look("84.167.248.36","echnaton.serveftp.com","1420294180").
host_name("84.167.248.36","p54A7F824.dip.t-dialin.net").

; <<>> DiG 9.1.3 <<>> -t any af.mil @NS1.ACC.af.mil.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52124
;; flags: qr aa rd; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 6

;; QUESTION SECTION:
;af.mil.                                IN      ANY

;; ANSWER SECTION:
af.mil.                 86400   IN      NS      ns1.acc.af.mil.
af.mil.                 86400   IN      NS      ns3.acc.af.mil.
af.mil.                 86400   IN      NS      ares.afnoc.af.mil.
af.mil.                 86400   IN      NS      mars.afnoc.af.mil.
af.mil.                 86400   IN      NS      artemis.afnoc.af.mil.
af.mil.                 86400   IN      NS      ns.usafe.af.mil.
af.mil.                 86400   IN      SOA     afnoc.af.mil. dnsman.afnoc.af.mil. 2006063047 3600 900 604800 2700
af.mil.                 86400   IN      MX      0 fohfwb003.oh.afmc.af.mil.
af.mil.                 86400   IN      MX      0 fohfwb001.oh.afmc.af.mil.
af.mil.                 86400   IN      MX      0 fohfwb002.oh.afmc.af.mil.

;; ADDITIONAL SECTION:
ns1.acc.af.mil.         2700    IN      A       131.6.4.17
ns3.acc.af.mil.         2700    IN      A       131.7.52.10
ares.afnoc.af.mil.      86400   IN      A       131.63.50.2
mars.afnoc.af.mil.      86400   IN      A       131.63.50.1
artemis.afnoc.af.mil.   86400   IN      A       198.220.211.145
ns.usafe.af.mil.        86400   IN      A       132.25.88.211

;; Query time: 169 msec
;; SERVER: 131.6.4.17#53(NS1.ACC.af.mil.)
;; WHEN: Fri Jun 30 17:16:21 2006
;; MSG SIZE  rcvd: 378


The exception

; <<>> DiG 9.1.3 <<>> -t any af.mil @ares.afnoc.af.mil
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6181
;; flags: qr aa rd; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;af.mil.                                IN      ANY

;; ANSWER SECTION:
af.mil.                 86400   IN      SOA     afnoc.af.mil. dnsman.afnoc.af.mil. 2006063047 3600 900 604800 2700
af.mil.                 86400   IN      NS      ns.usafe.af.mil.
af.mil.                 86400   IN      NS      ns1.acc.af.mil.
af.mil.                 86400   IN      NS      ns3.acc.af.mil.
af.mil.                 86400   IN      NS      ares.afnoc.af.mil.
af.mil.                 86400   IN      NS      mars.afnoc.af.mil.
af.mil.                 86400   IN      NS      artemis.afnoc.af.mil.
af.mil.                 86400   IN      MX      0 fohfwb001.oh.afmc.af.mil.
af.mil.                 86400   IN      MX      0 fohfwb002.oh.afmc.af.mil.
af.mil.                 86400   IN      MX      0 fohfwb003.oh.afmc.af.mil.

;; ADDITIONAL SECTION:
ares.afnoc.af.mil.      86400   IN      A       131.63.50.2
mars.afnoc.af.mil.      86400   IN      A       131.63.50.1
artemis.afnoc.af.mil.   86400   IN      A       198.220.211.145

;; Query time: 275 msec
;; SERVER: 131.63.50.2#53(ares.afnoc.af.mil)
;; WHEN: Fri Jun 30 17:20:45 2006
;; MSG SIZE  rcvd: 330


still gives three (3) of the five (5) servers. That is 60%


so does

;; Query time: 271 msec
;; SERVER: 131.63.50.1#53(mars.afnoc.af.mil)
;; WHEN: Fri Jun 30 17:23:30 2006
;; MSG SIZE  rcvd: 330

(same answer)


I query using both djbdns and Bind 9.4.0.a6
Both find the A records when I ask for them.


La Swizzera is not member of the NATO. Maybe they are really blocked :)

Regards
Peter and Karin


Geo. wrote:
> Folks,
> 
> I don't know if anyone here can help with this or not.
> 
> The domain af.mil is running dns with no A records for their DNS servers,
> see http://www.dnsreport.com/tools/dnsreport.ch?domain=af.mil
> 
> This causes a problem for some dns servers that have cache poisoning
> features enabled because they won't resolve the domain this way.
> 
> I've had contact with a couple of the techs from af.mil and their convinced
> that the problem isn't their DNS but that they have "blocked" us.
> 
> Is there anyone on this list who knows dns and has a contact over at af.mil
> who might be able to explain the problem to them or if I'm wrong about this
> explain to me why the domain doesn't resolve with cache poisoning protection
> enabled?
> 
> Geo.
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/

More information about the dns-operations mailing list