Also a reminder that one could use the openresolverproject data set to check for poisoning or stale information.
Or would folks prefer a portal to that info? Jared Mauch On Jun 20, 2013, at 9:29 AM, Vernon Schryver <[email protected]> wrote: >>> "..It seems your nameservers don't agree on the SOA serial number!... " > > I wouldn't put too much stock in what http://viewdns.info/ says > about anything, and not just because what how third parties digest > your RRs is not dispositives or because historically the web DNS > digesters have always spread a lot of bogus fear, uncertainty, > doubt, and misinformation. All that really matters is what `dig`, > `nslookup`, other tools, and recursive and stubb resolvers say. > > They're badly confused about the DNS RRs for rhyolite.com. Never > mind what I suspect are their glue confusions, perhaps due to IPv6 > or perhaps due to my using well distributed secondaries. > Besides "your nameservers don't agree on the SOA serial number" > they also say this about my SOA: > > Your Start of Authority (SOA) record is: > > Primary nameserver: 5 > Hostmaster E-mail address: 2 > Serial number: 28800 > Refresh: 20130815213614 > Retry: 20130616213614 > Expire: 26805 > Minimum TTL: rhyolite.com. > > and then hector me about the implications of that silly nonsense. > > This is what an old version of `dig +dnssec` on someone's > system (not mine) says: > > rhyolite.com. 27587 IN SOA ns.rhyolite.com. > named-mgr.rhyolite.com. 1371422174 3600 900 2592000 7200 > rhyolite.com. 27587 IN RRSIG SOA 5 2 28800 > 20130815213614 20130616213614 26805 rhyolite.com. > uTprgMR4QbNDzyBKCgDUINT1ToLVnSvB9UZ3IOoNofQmx9kQ5u8toMj+ > aEX+MN7cUJqyXvYqrG3f4jf9ezfXEaOUkaMVGYitXK+FfA80jOGL2d9s > EPSGjFrPu47mcy8hbkz9PAYtMY1wG/4iIpy/kJLXB/sRMfkdwtA7NKst s0M= > > Notice the "20130815213614" in the RRSIG. I think an exegesis of RRs > by code written by someone who didn't reflexively deal getting unexpected > RRs from strange DNS servers should not be interesting to anyone, > and especially not when the extra RR is standard and only included when > you explicitly ask for it with the flag bit. > > > They also say: > > Your Mail eXchanger (MX) records are: > > 5 2 [TTL=IN] > > and they point out the various crazinesses of that. > > > Vernon Schryver [email protected] > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
