[dns-operations] Inconsistent NS records for ARPA zones at OpenDNS

Torsten Segner torsten at segner.eu
Mon Jan 23 13:46:46 UTC 2012 

Am Mon, 23 Jan 2012 06:30:58 -0600
schrieb "Frank Bulk" <frnkblk at iname.com>:

> With the NS records updated at ARIN the list of inconsistencies shortened
> and I expect that eventually the cached entries will refresh with the full
> information.
> 
> One ARPA remains that I don't understand:
> 
> nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa
> @resolver1.opendns.com +short
> ns1.mtcnet.net.
> nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa
> @resolver2.opendns.com +short
> ns1.mtcnet.net.
> nagios:/home/fbulk#
> 
> nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa @8.8.8.8 +short
> ns2.mtcnet.net.
> ns1.netins.net.
> ns1.mtcnet.net.
> nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa @ns1.netins.net
> +short
> ns1.netins.net.
> ns2.mtcnet.net.
> ns1.mtcnet.net.
> nagios:/home/fbulk#
> 
> Google and the parent of 167.142.156.192/29, namely 167.142.0.0/16, give the
> correct answer, but OpenDNS does not.
> 
> Frank



dig +norec @ns1.netins.net 192/29.156.142.167.in-addr.arpa ns

; <<>> DiG 9.8.1-P1-RedHat-9.8.1-4.P1.fc16 <<>> @ns1.netins.net 192/29.156.142.167.in-addr.arpa ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38518
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;192/29.156.142.167.in-addr.arpa. IN	NS

;; AUTHORITY SECTION:
192/29.156.142.167.in-addr.arpa. 86400 IN NS	ns1.mtcnet.net.

;; ADDITIONAL SECTION:
ns1.mtcnet.net.		600	IN	A	96.31.0.32

;; Query time: 147 msec
;; SERVER: 167.142.225.5#53(167.142.225.5)
;; WHEN: Mon Jan 23 14:37:44 2012
;; MSG SIZE  rcvd: 93



Looks like OpenDNS for some reason isn't following the referral from ns1.netins.net.


Ciao
Torsten


> 
> -----Original Message-----
> From: dns-operations-bounces at lists.dns-oarc.net
> [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Frank Bulk
> Sent: Sunday, January 22, 2012 10:08 PM
> To: 'Sebastian Castro'
> Cc: dns-operations at lists.dns-oarc.net
> Subject: Re: [dns-operations] Inconsistent NS records for ARPA zones at
> OpenDNS
> 
> Sebastian:
> 
> Thanks for catching that -- I'll update our ARPA entries at ARIN.
> 
> We've been checking ARPA entries at OpenDNS for at least two years -- it's
> just the last two days in a row that this has popped up.  Something must
> have changed with how OpenDNS obtains or caches these entries.
> 
> Frank
> 
> -----Original Message-----
> From: dns-operations-bounces at lists.dns-oarc.net
> [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Sebastian
> Castro
> Sent: Sunday, January 22, 2012 8:51 PM
> Cc: dns-operations at lists.dns-oarc.net
> Subject: Re: [dns-operations] Inconsistent NS records for ARPA zones at
> OpenDNS
> 
> On 23/01/12 15:21, Frank Bulk wrote:
> > I tried Ulevitch yesterday at his private email address, but didn't get a
> > response, so I'm reaching out here.  Both yesterday and today our
> automated
> > DNS checks (which check NS records for domains we host, both the forward
> and
> > reverse ones) show inconsistent results at resolver1.opendns.com and
> > resolver2.opendns.com.
> > 
> > Inconsistent in the sense that it doesn't match up with that we've
> > configured, as well as resolver1 and resolver2 don't match up for some of
> > the ARPA zones.  Here's some examples; the output from Google is correct.
> 
> Hi Frank,
> 
> It seems the inconsistency can be explained by comparing what's on the
> parent against what you are publishing.
> 
> ARIN nameservers indicate the nameservers for 10.31.96.in-addr.arpa are
> 
> 10.31.96.in-addr.arpa.	86400	IN	NS	NS1.NETINS.NET.
> 10.31.96.in-addr.arpa.	86400	IN	NS	NS1.MTCNET.NET.
> 
> 
> While the auth nameservers themselves report
> 
> 10.31.96.in-addr.arpa.	86400	IN	NS	ns1.netins.net.
> 10.31.96.in-addr.arpa.	86400	IN	NS	ns1.mtcnet.net.
> 10.31.96.in-addr.arpa.	86400	IN	NS	ns2.mtcnet.net.
> 
> Perhaps resolver2.opendns.com is not updating the cache based on the
> authoritative answer? Would be fixed if you try to add ns2.mtcnet.net to
> ARIN?
> 
> Cheers,
> 
> > 
> > nagios:/home/fbulk# dig NS 10.31.96.in-addr.arpa @resolver1.opendns.com
> > +short
> > NS1.MTCNET.NET.
> > NS1.NETINS.NET.
> > nagios:/home/fbulk# dig NS 10.31.96.in-addr.arpa @resolver2.opendns.com
> > +short
> > NS1.MTCNET.NET.
> > NS1.NETINS.NET.
> > nagios:/home/fbulk# dig NS 10.31.96.in-addr.arpa @8.8.8.8 +short
> > ns1.netins.net.
> > ns2.mtcnet.net.
> > ns1.mtcnet.net.
> > 
> > 
> > nagios:/home/fbulk# dig NS 7.31.96.in-addr.arpa @resolver1.opendns.com
> > +short
> > ns2.mtcnet.net.
> > ns1.mtcnet.net.
> > ns1.netins.net.
> > nagios:/home/fbulk# dig NS 7.31.96.in-addr.arpa @resolver2.opendns.com
> > +short
> > NS1.NETINS.NET.
> > NS1.MTCNET.NET.
> > nagios:/home/fbulk# dig NS 7.31.96.in-addr.arpa @8.8.8.8 +short
> > ns1.mtcnet.net.
> > ns2.mtcnet.net.
> > ns1.netins.net.
> > nagios:/home/fbulk#
> > 
> > 
> > 
> > _______________________________________________
> > dns-operations mailing list
> > dns-operations at lists.dns-oarc.net
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> > dns-jobs mailing list
> > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
> 
>

More information about the dns-operations mailing list