[dns-operations] What happend to UM?

Sun Jul 15 22:47:31 UTC 2007

> The root looks harmless enough
> 
> ; <<>> DiG 9.4.0b4 <<>> -t any um @a.root-server.net
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2644
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;um.                            IN      ANY
> 
> ;; AUTHORITY SECTION:
> um.                     172800  IN      NS      NS.ISI.EDU.
> um.                     172800  IN      NS      VENERA.ISI.EDU.
> um.                     172800  IN      NS      NS.UU.NET.
> 
> ;; ADDITIONAL SECTION:
> NS.UU.NET.              172800  IN      A       137.39.1.3
> NS.ISI.EDU.             172800  IN      A       128.9.128.127
> VENERA.ISI.EDU.         172800  IN      A       128.9.176.32
> 
> ;; Query time: 141 msec
> ;; SERVER: 198.41.0.4#53(198.41.0.4)
> ;; WHEN: Sun Jul 15 22:43:43 2007
> ;; MSG SIZE  rcvd: 136
> 
> 
> but that is interesting
> 
> ;; Truncated, retrying in TCP mode.
> 
> ; <<>> DiG 9.4.0b4 <<>> -t any um @NS.ISI.EDU
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50126
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 4, ADDITIONAL: 3
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;um.                            IN      ANY
> 
> ;; ANSWER SECTION:
> um.                     86400   IN      NS      ns.isi.edu.
> um.                     86400   IN      NS      flag.ep.net.
> um.                     86400   IN      NS      unldns.unl.edu.
> um.                     86400   IN      NS      berkeley.ip4.int.
> um.                     86400   IN      NSEC    *.um. NS SOA RRSIG NSEC DNSKE
> Y
> um.                     86400   IN      DNSKEY  256 3 5 ...
> um.                     86400   IN      DNSKEY  257 3 5 ...
> um.                     86400   IN      RRSIG   DNSKEY 5 1 ...
> um.                     86400   IN      RRSIG   DNSKEY 5 1 ...
> um.                     86400   IN      RRSIG   NSEC 5 1 ...
> um.                     86400   IN      RRSIG   NS 5 1 ...
> um.                     86400   IN      RRSIG   SOA 5 1 ...
> um.                     86400   IN      SOA     flag.ep.net. hostmaster.nic.u
> m. 2006120115 43200 3600 1209600 86400
> 
> ;; AUTHORITY SECTION:
> um.                     86400   IN      NS      ns.isi.edu.
> um.                     86400   IN      NS      flag.ep.net.
> um.                     86400   IN      NS      unldns.unl.edu.
> um.                     86400   IN      NS      berkeley.ip4.int.
> 
> ;; ADDITIONAL SECTION:
> ns.isi.edu.             86400   IN      A       128.9.128.127
> flag.ep.net.            169084  IN      A       198.32.4.13
> berkeley.ip4.int.       86400   IN      A       204.61.208.98
> 
> ;; Query time: 265 msec
> ;; SERVER: 128.9.128.127#53(128.9.128.127)
> ;; WHEN: Sun Jul 15 22:48:55 2007
> ;; MSG SIZE  rcvd: 3453
> 
> 
> And the timestamp 2006-12-01

	Peter,
	        the SOA record does not have timestamp in it.  It
	has a serial number and as long as it has moved forward
	that is all that matters for the serial.

	The three servers list in the root are consistant w.r.t.
	plain DNS.  The fourth server (unldns.unl.edu, only listed
	in the um zone) isn't configured to serve UM.

% dig +nssearch um 
SOA flag.ep.net. hostmaster.nic.um. 2006120115 43200 3600 1209600 86400 from server ns.isi.edu in 160 ms.
SOA flag.ep.net. hostmaster.nic.um. 2006120115 43200 3600 1209600 86400 from server berkeley.ip4.int in 200 ms.
SOA flag.ep.net. hostmaster.nic.um. 2006120115 43200 3600 1209600 86400 from server flag.ep.net in 194 ms.
% 

% dig soa um @unldns.unl.edu +norec

; <<>> DiG 9.3.4 <<>> soa um @unldns.unl.edu +norec
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6483
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;um.                            IN      SOA

;; Query time: 250 msec
;; SERVER: 129.93.1.1#53(129.93.1.1)
;; WHEN: Mon Jul 16 08:36:16 2007
;; MSG SIZE  rcvd: 20

	Also of the 3 servers listed in the root only one of them
	is DNSSEC enabled.

	ns.isi.edu is running BIND 8.3.3 so it needs to be upgraded.
	berkeley.ip4.int is running BIND 9.3.1 so it needs dnssec to be
	enabled.

% dig +nssearch um +dnssec
SOA flag.ep.net. hostmaster.nic.um. 2006120115 43200 3600 1209600 86400 from server ns.isi.edu in 162 ms.
SOA flag.ep.net. hostmaster.nic.um. 2006120115 43200 3600 1209600 86400 from server flag.ep.net in 200 ms.
RRSIG SOA 5 1 86400 20070810143321 20070711143321 64982 um. BCEiaDmJH8KAnIBeGze3Eu45jo+LQ2Cy2ahX9kefZzL34pH8kJfYV66z 71dpkQ0Eeen7F1hvNfoVY/nEbW5zAOx9pOWlRUzK5kfpL8hws8wl5Rbp eVgJONIa1SvyXM4MmDEdRukvkIdCWpWR/GGWie3E0mgqTbMNW0pRtkzN msQwjf6o/mBuv1A3dgls3F9o/6YixYQqb1XFK7FtHIGtgYuTRRL6miH4 mylGlQxPyxlRBUL9Z08vlgWddwGZSLRW8CCqD0N/9oPBntYWp/7PQjjx yEFm93AkGp+AvcYUbJsq+6wluOtFgZ3NeSZPAVSq/8p7siKExa201Pba uUtzNnaNIAP8Jm2QtHkLM7mnvEtSg2BEIeQZTqwxvkO3baz7mWXBHDME RjD0JInlhAjPbH3wh/94TGwF2Gu8s1bYEWyH7TOAboVRp+TLw3fs/EUN QfAUX/mNguQ1Ag4DnF0xMA+fV4j7DAEuEAjLomQ6YBMP495daeA+i9iw SK0xMUZnuaR5S+T2djK49WiW4IsCR+sHgNHGL59JB3Hcf0D00uLcmag= from server flag.ep.net in 201 ms.
SOA flag.ep.net. hostmaster.nic.um. 2006120115 43200 3600 1209600 86400 from server berkeley.ip4.int in 201 ms.
% 

	Mark

> I dont remember they har any RRSIG records that early
> 
> 
> Cheers
> Peter and Karin
> 
> -- 
> Peter and Karin Dambier
> Cesidian Root - Radice Cesidiana
> Rimbacher Strasse 16
> D-69509 Moerlenbach-Bonsweiher
> +49(6209)795-816 (Telekom)
> +49(6252)750-308 (VoIP: sipgate.de)
> mail: peter at peter-dambier.de
> mail: peter at echnaton.arl.pirates
> http://iason.site.voila.fr/
> https://sourceforge.net/projects/iason/
> http://www.cesidianroot.com/
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org