[dns-operations] Google name servers: different serial numbers when NXDOMAIN or not

Carlos Aguado Sánchez caguado at infra.structur.es
Mon Feb 13 14:31:05 UTC 2012 

Hello,


Indeed, I precisely found discrepancies together with their first level
redirector (SOA l.google.com) some weeks ago.

dig @ns1.google.com SOA l.google.com

vs

dig @ns1.google.com SOA xmpp-server.l.google.com.


I also happens for RR not found and non-terminal names like the following:
dig @ns1.google.com A _xmpp-server._tcp.google.com
dig @ns1.google.com A _tcp.google.com


So is perhaps some kind of internal caching issue?


Regards,
Carlos



On 13 February 2012 14:33, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> David Gavarret discovered a strange thing on Google's name
> servers. The serial number in the SOA record is not the same when
> queried directly than when returned with a NXDOMAIN.
>
> % dig @ns1.google.com SOA google.fr
>
> ; <<>> DiG 9.7.3 <<>> @ns1.google.com SOA google.fr
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59682
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;google.fr.                     IN      SOA
>
> ;; ANSWER SECTION:
> google.fr.              86400   IN      SOA     ns1.google.com.
> dns-admin.google.com. 2012010600 21600 3600 1209600 300
>
> ;; AUTHORITY SECTION:
> google.fr.              345600  IN      NS      ns1.google.com.
> google.fr.              345600  IN      NS      ns4.google.com.
> google.fr.              345600  IN      NS      ns3.google.com.
> google.fr.              345600  IN      NS      ns2.google.com.
>
> ;; ADDITIONAL SECTION:
> ns1.google.com.         345600  IN      A       216.239.32.10
> ns4.google.com.         345600  IN      A       216.239.38.10
> ns3.google.com.         345600  IN      A       216.239.36.10
> ns2.google.com.         345600  IN      A       216.239.34.10
>
> ;; Query time: 51 msec
> ;; SERVER: 216.239.32.10#53(216.239.32.10)
> ;; WHEN: Thu Feb  9 21:25:01 2012
> ;; MSG SIZE  rcvd: 219
>
>
> % dig @ns1.google.com SOA doesnotexistatall.google.fr
>
> ; <<>> DiG 9.7.3 <<>> @ns1.google.com SOA doesnotexistatall.google.fr
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21855
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;doesnotexistatall.google.fr.   IN      SOA
>
> ;; AUTHORITY SECTION:
> google.fr.              60      IN      SOA     ns1.google.com.
> dns-admin.google.com. 1476465 21600 3600 1209600 300
>
> ;; Query time: 48 msec
> ;; SERVER: 216.239.32.10#53(216.239.32.10)
> ;; WHEN: Thu Feb  9 21:25:53 2012
> ;; MSG SIZE  rcvd: 105
>
> As a result, some tools which allow to monitor the rejuvenation of
> zones fail. For instance, check google.fr on
> <http://www.migrationdns.com/?ndd=google.fr>, the numbers are
> different (depending whether the resolver started with a non existing
> name or not).
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120213/4e47bb62/attachment.html>

More information about the dns-operations mailing list