[dns-operations] gov.mu inconsistency

Casey Deccio casey at deccio.net
Thu Nov 6 21:48:29 UTC 2014

On Thu, Nov 6, 2014 at 3:55 PM, S Moonesamy <sm+mu at elandsys.com> wrote:

> I have been trying to debug an issue affection domains in the gov.mu
> zone.  On 4 November, I would only get an A RR for www1.gov.mu if the DNS
> query when through udns2.tld.mu and fork.sth.dnsnode.net:
There are clearly two versions of the zone being served by gov.mu servers.
If the value of the serials is any indicator of date (as it appears), then
udns1.tld.mu and anycast1.irondns.net are serving a version of the zone
that is about ten months newer than that being served by ns{1,2,3}.gov.mu
(2014110646 vs. 2014010572).

$ dig +short @ns1.gov.mu gov.mu soa
ns1.gov.mu. hostmaster.mail.gov.mu. 2014010572 43200 3600 86400 180
$ dig +short @udns1.tld.mu gov.mu soa
ns1.gov.mu. gov.mu. 2014110646 10800 3600 43200 300

Note that udns1.tld.mu and anycast1.irondns.net are *not* in the NS RRset
for gov.mu (i.e., aren't explicitly designated as authoritative), but they
*are* authoritative for mu, and do also (stealthily) answer authoritatively
for gov.mu, which means that your resolver will accept their answer when it
queries mu for something in gov.mu (although it will learn the designated
NS names in the authority section of the response).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141106/a73d349a/attachment.html>

More information about the dns-operations mailing list