[dns-operations] What did I do wrong?
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri May 21 06:00:26 UTC 2021
On Fri, May 21, 2021 at 12:40:08PM +0700, Pirawat WATANAPONGSE via dns-operations wrote:
> Running dig on b.in-addr-servers.arpa which supposedly is one of the
> upstream-authoritative servers of my zone, I get a ‘REFUSED’ status back.
Tne nameservers for ip6.arpa are not the same as the nameservers for
in-addr.arpa. Your query should be directed to b.ip6-servers.arpa, and
should include the "norecur" flag.
$ dig -t ptr +norecur +question @b.ip6-servers.arpa 0.0.1.3.6.0.4.2.ip6.arpa
; <<>> DiG 9.16.13 <<>> -t ptr +norecur +question @b.ip6-servers.arpa 0.0.1.3.6.0.4.2.ip6.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49402
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;0.0.1.3.6.0.4.2.ip6.arpa. IN PTR
;; AUTHORITY SECTION:
0.4.2.ip6.arpa. 86400 IN NS ns2.apnic.net.
0.4.2.ip6.arpa. 86400 IN NS ns3.lacnic.net.
0.4.2.ip6.arpa. 86400 IN NS apnic.authdns.ripe.net.
0.4.2.ip6.arpa. 86400 IN NS rirns.arin.net.
0.4.2.ip6.arpa. 86400 IN NS apnic1.dnsnode.net.
;; Query time: 9 msec
;; SERVER: 199.253.182.182#53(199.253.182.182)
;; WHEN: Fri May 21 01:53:10 EDT 2021
;; MSG SIZE rcvd: 192
Which reveals a delegation to apnic et. al. Trying there one sees a
further delegation to ku.ac.th:
$ dig -t ptr +norecur +question @ns2.apnic.net. 0.0.1.3.6.0.4.2.ip6.arpa
; <<>> DiG 9.16.13 <<>> -t ptr +norecur +question @ns2.apnic.net.
0.0.1.3.6.0.4.2.ip6.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31180
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 8d658667824256180100000060a74b3d7994ae1e39965fd2 (good)
;; QUESTION SECTION:
;0.0.1.3.6.0.4.2.ip6.arpa. IN PTR
;; AUTHORITY SECTION:
0.0.1.3.6.0.4.2.ip6.arpa. 86400 IN NS ns2.ku.ac.th.
0.0.1.3.6.0.4.2.ip6.arpa. 86400 IN NS ns.ku.ac.th.
;; Query time: 3 msec
;; SERVER: 203.119.95.53#53(203.119.95.53)
;; WHEN: Fri May 21 01:55:09 EDT 2021
;; MSG SIZE rcvd: 124
Following that referral, we finally run into a serious issue, those
nameservers don't appear to support PTR queries for IPv6 addresses:
$ dig -t ptr +norecur +question @ns.ku.ac.th 0.0.1.3.6.0.4.2.ip6.arpa
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
; <<>> DiG 9.16.13 <<>> -t ptr +norecur +question @ns.ku.ac.th 0.0.1.3.6.0.4.2.ip6.arpa
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached
$ dig -t ptr +norecur +question @ns2.ku.ac.th 0.0.1.3.6.0.4.2.ip6.arpa
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 0.0.0.0.in-addr.arpa/PTR/IN
; <<>> DiG 9.16.13 <<>> -t ptr +norecur +question @ns2.ku.ac.th
0.0.1.3.6.0.4.2.ip6.arpa
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached
--
Viktor.
More information about the dns-operations
mailing list