[dns-operations] Strange Responses for 20.in-addr.arpa
Geoffrey Sisson
geoff at nominet.org.uk
Wed Apr 25 13:45:36 UTC 2007
Lutz Donnerhacke <lutz at iks-jena.de> wrote on 2007-04-25 14:22:31:
> While digging for some DNSKEYs I got not responses at all for
20.in-addr.arpa.
> Deeper inspections shows, that those servers response only to queries
for
> NS, PTR and (sometimes) SOA.
ns1.csc.com and ns2.csc.com respond to queries for KEY, NXT and SIG RRs
but time out
for DS, DNSKEY, NSEC, RRSIG and SSHFP RRs, so one guess is that there is a
middlebox
of some description blocking queries for RR types that it doesn't know
about.
(The other servers auth for 6.20.in-addr.arpa return queries for all RR
types AFAICT.)
Geoff
> Example:
>
> ; <<>> DiG 9.4.0 <<>> soa 20.in-addr.arpa
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51467
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ; <<>> DiG 9.4.0 <<>> soa 6.20.in-addr.arpa
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28585
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> 6.20.in-addr.arpa. 86400 IN SOA ns2.csc.com. dnsadmi...
>
> ; <<>> DiG 9.4.0 <<>> dnskey 6.20.in-addr.arpa
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
> ; <<>> DiG 9.4.0 <<>> ptr 1.1.6.20.in-addr.arpa
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13228
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> 1.1.6.20.in-addr.arpa. 86400 IN PTR nwkcat91-v21v.de-wil.csc.com.
>
>
> I do not understand this, but assume the setup is correct.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list