[dns-operations] Inconsistent NS records for ARPA zones at OpenDNS
Frank Bulk
frnkblk at iname.com
Mon Jan 23 16:47:39 UTC 2012
Yes, that's correct.
Frank
-----Original Message-----
From: toto at the-damian.de [mailto:toto at the-damian.de] On Behalf Of Torsten
Segner
Sent: Monday, January 23, 2012 7:47 AM
To: Frank Bulk
Cc: dns-operations at lists.dns-oarc.net
Subject: Re: [dns-operations] Inconsistent NS records for ARPA zones at
OpenDNS
Am Mon, 23 Jan 2012 06:30:58 -0600
schrieb "Frank Bulk" <frnkblk at iname.com>:
> With the NS records updated at ARIN the list of inconsistencies shortened
> and I expect that eventually the cached entries will refresh with the full
> information.
>
> One ARPA remains that I don't understand:
>
> nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa
> @resolver1.opendns.com +short
> ns1.mtcnet.net.
> nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa
> @resolver2.opendns.com +short
> ns1.mtcnet.net.
> nagios:/home/fbulk#
>
> nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa @8.8.8.8 +short
> ns2.mtcnet.net.
> ns1.netins.net.
> ns1.mtcnet.net.
> nagios:/home/fbulk# dig NS 192/29.156.142.167.in-addr.arpa @ns1.netins.net
> +short
> ns1.netins.net.
> ns2.mtcnet.net.
> ns1.mtcnet.net.
> nagios:/home/fbulk#
>
> Google and the parent of 167.142.156.192/29, namely 167.142.0.0/16, give
the
> correct answer, but OpenDNS does not.
>
> Frank
dig +norec @ns1.netins.net 192/29.156.142.167.in-addr.arpa ns
; <<>> DiG 9.8.1-P1-RedHat-9.8.1-4.P1.fc16 <<>> @ns1.netins.net
192/29.156.142.167.in-addr.arpa ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38518
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;192/29.156.142.167.in-addr.arpa. IN NS
;; AUTHORITY SECTION:
192/29.156.142.167.in-addr.arpa. 86400 IN NS ns1.mtcnet.net.
;; ADDITIONAL SECTION:
ns1.mtcnet.net. 600 IN A 96.31.0.32
;; Query time: 147 msec
;; SERVER: 167.142.225.5#53(167.142.225.5)
;; WHEN: Mon Jan 23 14:37:44 2012
;; MSG SIZE rcvd: 93
Looks like OpenDNS for some reason isn't following the referral from
ns1.netins.net.
Ciao
Torsten
>
> -----Original Message-----
> From: dns-operations-bounces at lists.dns-oarc.net
> [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Frank Bulk
> Sent: Sunday, January 22, 2012 10:08 PM
> To: 'Sebastian Castro'
> Cc: dns-operations at lists.dns-oarc.net
> Subject: Re: [dns-operations] Inconsistent NS records for ARPA zones at
> OpenDNS
>
> Sebastian:
>
> Thanks for catching that -- I'll update our ARPA entries at ARIN.
>
> We've been checking ARPA entries at OpenDNS for at least two years -- it's
> just the last two days in a row that this has popped up. Something must
> have changed with how OpenDNS obtains or caches these entries.
>
> Frank
>
> -----Original Message-----
> From: dns-operations-bounces at lists.dns-oarc.net
> [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Sebastian
> Castro
> Sent: Sunday, January 22, 2012 8:51 PM
> Cc: dns-operations at lists.dns-oarc.net
> Subject: Re: [dns-operations] Inconsistent NS records for ARPA zones at
> OpenDNS
>
> On 23/01/12 15:21, Frank Bulk wrote:
> > I tried Ulevitch yesterday at his private email address, but didn't get
a
> > response, so I'm reaching out here. Both yesterday and today our
> automated
> > DNS checks (which check NS records for domains we host, both the forward
> and
> > reverse ones) show inconsistent results at resolver1.opendns.com and
> > resolver2.opendns.com.
> >
> > Inconsistent in the sense that it doesn't match up with that we've
> > configured, as well as resolver1 and resolver2 don't match up for some
of
> > the ARPA zones. Here's some examples; the output from Google is
correct.
>
> Hi Frank,
>
> It seems the inconsistency can be explained by comparing what's on the
> parent against what you are publishing.
>
> ARIN nameservers indicate the nameservers for 10.31.96.in-addr.arpa are
>
> 10.31.96.in-addr.arpa. 86400 IN NS NS1.NETINS.NET.
> 10.31.96.in-addr.arpa. 86400 IN NS NS1.MTCNET.NET.
>
>
> While the auth nameservers themselves report
>
> 10.31.96.in-addr.arpa. 86400 IN NS ns1.netins.net.
> 10.31.96.in-addr.arpa. 86400 IN NS ns1.mtcnet.net.
> 10.31.96.in-addr.arpa. 86400 IN NS ns2.mtcnet.net.
>
> Perhaps resolver2.opendns.com is not updating the cache based on the
> authoritative answer? Would be fixed if you try to add ns2.mtcnet.net to
> ARIN?
>
> Cheers,
>
> >
> > nagios:/home/fbulk# dig NS 10.31.96.in-addr.arpa @resolver1.opendns.com
> > +short
> > NS1.MTCNET.NET.
> > NS1.NETINS.NET.
> > nagios:/home/fbulk# dig NS 10.31.96.in-addr.arpa @resolver2.opendns.com
> > +short
> > NS1.MTCNET.NET.
> > NS1.NETINS.NET.
> > nagios:/home/fbulk# dig NS 10.31.96.in-addr.arpa @8.8.8.8 +short
> > ns1.netins.net.
> > ns2.mtcnet.net.
> > ns1.mtcnet.net.
> >
> >
> > nagios:/home/fbulk# dig NS 7.31.96.in-addr.arpa @resolver1.opendns.com
> > +short
> > ns2.mtcnet.net.
> > ns1.mtcnet.net.
> > ns1.netins.net.
> > nagios:/home/fbulk# dig NS 7.31.96.in-addr.arpa @resolver2.opendns.com
> > +short
> > NS1.NETINS.NET.
> > NS1.MTCNET.NET.
> > nagios:/home/fbulk# dig NS 7.31.96.in-addr.arpa @8.8.8.8 +short
> > ns1.mtcnet.net.
> > ns2.mtcnet.net.
> > ns1.netins.net.
> > nagios:/home/fbulk#
> >
> >
> >
> > _______________________________________________
> > dns-operations mailing list
> > dns-operations at lists.dns-oarc.net
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> > dns-jobs mailing list
> > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
>
More information about the dns-operations
mailing list