[TriLUG] Ugh... More DNS questions

Scott Lambdin via TriLUG trilug at trilug.org
Thu Aug 20 15:46:38 EDT 2015


Did you do anything at he.net to set the Glue records so as to let the root
DNS servers know about the change?

(guess)

--Scott

On Thu, Aug 20, 2015 at 2:56 PM, Brian Henning via TriLUG <trilug at trilug.org
> wrote:

> Some day I will really understand DNS.  That day has not yet arrived.
>
> SO... in the midst of moving my DNS authority from 1and1 to he.net, my
> domain is currently unresolvable.  Nobody except 1and1 ever responds with
> anything, and 1and1 still says it's a CNAME.  But when I do a dig +trace,
> the delegation appears correct.  Here's what I see (with some trimming):
>
> First, if I ask 1and1 directly (aside: I do not know why it still answers
> with a CNAME; I changed the configuration over 4 hours ago):
>
> $ dig undecidedgames.net @ns52.1and1.com
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6524
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;undecidedgames.net.            IN      A
>
> ;; ANSWER SECTION:
> undecidedgames.net.     3600    IN      CNAME   cheetah.dynip.com.
>
> If I ask my default resolver (which happens to be dnsmasq on localhost):
>
> $ dig undecidedgames.net
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> undecidedgames.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36356
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;undecidedgames.net.            IN      A
>
> The same result happens if I ask any of the other nameservers I happen to
> know.  But then, if I do a +trace, I get this (trimmed for length):
>
> $ dig +trace undecidedgames.net
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> +trace
> undecidedgames.net
> ;; global options:  printcmd
> .                       11167   IN      NS      b.root-servers.net.
> (...)
> ;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 24 ms
>
> net.                    172800  IN      NS      k.gtld-servers.net.
> (...)
> ;; Received 493 bytes from 2001:500:84::b#53(b.root-servers.net) in 82 ms
>
> undecidedgames.net.     172800  IN      NS      ns1.he.net.
> undecidedgames.net.     172800  IN      NS      ns2.he.net.
> undecidedgames.net.     172800  IN      NS      ns3.he.net.
> undecidedgames.net.     172800  IN      NS      ns4.he.net.
> ;; Received 259 bytes from 192.52.178.30#53(k.gtld-servers.net) in 113 ms
>
> ;; Received 36 bytes from 216.218.130.2#53(ns1.he.net) in 30 ms
>
> HE has explained that their nameserver won't respond until the delegation
> is complete as a security measure, and I know that a trace is a special
> kind of DNS operation that doesn't happen for ordinary lookups.  But given
> that the trace does show what looks to be correct delegation, what's the
> missing piece?  Why doesn't HE think delegation is complete?  Why doesn't
> an nslookup -type=ns return anything unless I point it at a gtld-server
> directly?
>
> $ nslookup -type=ns undecidedgames.net
> Server:         127.0.0.1
> Address:        127.0.0.1#53
>
> Non-authoritative answer:
> *** Can't find undecidedgames.net: No answer
>
> Authoritative answers can be found from:
>
> ...versus...
>
> $ nslookup -type=ns undecidedgames.net h.gtld-servers.net
> Server:         h.gtld-servers.net
> Address:        192.54.112.30#53
>
> Non-authoritative answer:
> *** Can't find undecidedgames.net: No answer
>
> Authoritative answers can be found from:
> undecidedgames.net      nameserver = ns1.he.net.
> undecidedgames.net      nameserver = ns2.he.net.
> undecidedgames.net      nameserver = ns3.he.net.
> undecidedgames.net      nameserver = ns4.he.net.
> ns1.he.net      internet address = 216.218.130.2
> ns2.he.net      has AAAA address 2001:470:200::2
> ns2.he.net      internet address = 216.218.131.2
> ns3.he.net      has AAAA address 2001:470:300::2
> ns3.he.net      internet address = 216.218.132.2
> ns4.he.net      has AAAA address 2001:470:400::2
> ns4.he.net      internet address = 216.66.1.2
>
> Oh, and the ICANN whois database is showing the correct nameserver info
> too, so that's not it.
>
> So if he.net still thinks undecidedgames.net is a CNAME, why doesn't
> anyone else?  Whom are they asking for that information?  Nothing at large
> still points to 1and1 except 1and1 themselves.  If I try to point my
> browser at undecidedgames.net, I get an unresolvable hostname error.
>
> I'm sure it's something simple, but I sure feel pretty ignorant at the
> moment.
>
> Thanks,
> -Brian
>
> --
> This message was sent to: Scott Lambdin <lopaki at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/lopaki%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome


More information about the TriLUG mailing list