[dns-operations] Inconsistent NS records for ARPA zones at OpenDNS

Frank Bulk frnkblk at iname.com
Mon Jan 23 12:30:58 UTC 2012


With the NS records updated at ARIN the list of inconsistencies shortened
and I expect that eventually the cached entries will refresh with the full
information.

One ARPA remains that I don't understand:

nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa
@resolver1.opendns.com +short
ns1.mtcnet.net.
nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa
@resolver2.opendns.com +short
ns1.mtcnet.net.
nagios:/home/fbulk#

nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa @8.8.8.8 +short
ns2.mtcnet.net.
ns1.netins.net.
ns1.mtcnet.net.
nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa @ns1.netins.net
+short
ns1.netins.net.
ns2.mtcnet.net.
ns1.mtcnet.net.
nagios:/home/fbulk#

Google and the parent of 167.142.156.192/29, namely 167.142.0.0/16, give the
correct answer, but OpenDNS does not.

Frank

-----Original Message-----
From: dns-operations-bounces at lists.dns-oarc.net
[mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Frank Bulk
Sent: Sunday, January 22, 2012 10:08 PM
To: 'Sebastian Castro'
Cc: dns-operations at lists.dns-oarc.net
Subject: Re: [dns-operations] Inconsistent NS records for ARPA zones at
OpenDNS

Sebastian:

Thanks for catching that -- I'll update our ARPA entries at ARIN.

We've been checking ARPA entries at OpenDNS for at least two years -- it's
just the last two days in a row that this has popped up.  Something must
have changed with how OpenDNS obtains or caches these entries.

Frank

-----Original Message-----
From: dns-operations-bounces at lists.dns-oarc.net
[mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Sebastian
Castro
Sent: Sunday, January 22, 2012 8:51 PM
Cc: dns-operations at lists.dns-oarc.net
Subject: Re: [dns-operations] Inconsistent NS records for ARPA zones at
OpenDNS

On 23/01/12 15:21, Frank Bulk wrote:
> I tried Ulevitch yesterday at his private email address, but didn't get a
> response, so I'm reaching out here.  Both yesterday and today our
automated
> DNS checks (which check NS records for domains we host, both the forward
and
> reverse ones) show inconsistent results at resolver1.opendns.com and
> resolver2.opendns.com.
> 
> Inconsistent in the sense that it doesn't match up with that we've
> configured, as well as resolver1 and resolver2 don't match up for some of
> the ARPA zones.  Here's some examples; the output from Google is correct.

Hi Frank,

It seems the inconsistency can be explained by comparing what's on the
parent against what you are publishing.

ARIN nameservers indicate the nameservers for 10.31.96.in-addr.arpa are

10.31.96.in-addr.arpa.	86400	IN	NS	NS1.NETINS.NET.
10.31.96.in-addr.arpa.	86400	IN	NS	NS1.MTCNET.NET.


While the auth nameservers themselves report

10.31.96.in-addr.arpa.	86400	IN	NS	ns1.netins.net.
10.31.96.in-addr.arpa.	86400	IN	NS	ns1.mtcnet.net.
10.31.96.in-addr.arpa.	86400	IN	NS	ns2.mtcnet.net.

Perhaps resolver2.opendns.com is not updating the cache based on the
authoritative answer? Would be fixed if you try to add ns2.mtcnet.net to
ARIN?

Cheers,

> 
> nagios:/home/fbulk# dig NS 10.31.96.in-addr.arpa @resolver1.opendns.com
> +short
> NS1.MTCNET.NET.
> NS1.NETINS.NET.
> nagios:/home/fbulk# dig NS 10.31.96.in-addr.arpa @resolver2.opendns.com
> +short
> NS1.MTCNET.NET.
> NS1.NETINS.NET.
> nagios:/home/fbulk# dig NS 10.31.96.in-addr.arpa @8.8.8.8 +short
> ns1.netins.net.
> ns2.mtcnet.net.
> ns1.mtcnet.net.
> 
> 
> nagios:/home/fbulk# dig NS 7.31.96.in-addr.arpa @resolver1.opendns.com
> +short
> ns2.mtcnet.net.
> ns1.mtcnet.net.
> ns1.netins.net.
> nagios:/home/fbulk# dig NS 7.31.96.in-addr.arpa @resolver2.opendns.com
> +short
> NS1.NETINS.NET.
> NS1.MTCNET.NET.
> nagios:/home/fbulk# dig NS 7.31.96.in-addr.arpa @8.8.8.8 +short
> ns1.mtcnet.net.
> ns2.mtcnet.net.
> ns1.netins.net.
> nagios:/home/fbulk#
> 
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs


-- 
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs


_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs





More information about the dns-operations mailing list