Re: [dns-operations] 20130625 survey version.bind
cute: '\; DROP DATABASE mysql\; -- Also: Пошли нахер UTF-8 in a txt record! Well done. (don't translate, nsfw) Roy On Jun 26, 2013, at 1:45 AM, Jared Mauch ja...@puck.nether.net wrote: The openresolver project surveyed version.bind from those resolvers that respond from port 53 based on the 20130616 dataset. I know this will be of value to some people in understanding what resolvers may be reaching their systems. Here are the results: http://openresolverproject.org/version.bind.20130616.20130625.parsed.txt Enjoy! - Jared ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] weird DNS problem
On Wed, Jun 26, 2013 at 11:15:32PM -0500, alex flores a...@mordormx.net wrote a message of 58 lines which said: One more weird thing is that just as the problem appeared, just dissapeared from the dns affected and it start to work correctly, but now we received the report from another dns So it looks like the condition that block the dns communication dissapear and then apply to another dns. So it smells like a network problem. They are typically transient. alejandro.flo...@mexis.net: Host or domain name not found. Name service error for name=mexis.net type=MX: Host not found, try again You have only two authoritative name servers, in the same /16 and the same AS. From traceroute, they also seem to be in the same physical location. That is not enough to providence resilience and reliability. A network issue with this prefix/AS/location is sufficient to explain the symptoms you describe. DNS depends on IP, remember. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] weird DNS problem
You have only two authoritative name servers, in the same /16 and the same AS. From traceroute, they also seem to be in the same physical location. That is not enough to providence resilience and reliability. A network issue with this prefix/AS/location is sufficient to explain the symptoms you describe. DNS depends on IP, remember. i privately pointed him to 2182. of course that only deals with his L3 problem. randy ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] 20130625 survey version.bind
(don't translate, nsfw) Two perfectly harmless words, at least in a lot of anglo-saxon companies ;) -JP ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Problem with ns.uu.net
all seems to be *almost* good for .ee in ns.uu.net $ dig @ns.uu.net ee soa ; DiG 9.9.2-P2 @ns.uu.net ee soa ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27874 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ee.IN SOA ;; ANSWER SECTION: ee. 86400 IN SOA ns.tld.ee. hostmaster.eestiinternet.ee. 1370411401 14400 7200 360 10800 ;; Query time: 106 msec ;; SERVER: 137.39.1.3#53(137.39.1.3) ;; WHEN: Thu Jun 27 13:26:35 2013 ;; MSG SIZE rcvd: 99 Responds as authoritative but is behind in its SOA $ dig +nssearch ee SOA ns.tld.ee. hostmaster.eestiinternet.ee. 1372332001 14400 7200 360 10800 from server 194.146.106.110 in 50 ms. SOA ns.tld.ee. hostmaster.eestiinternet.ee. 1372332001 14400 7200 360 10800 from server 192.36.125.2 in 56 ms. SOA ns.tld.ee. hostmaster.eestiinternet.ee. 1372332001 14400 7200 360 10800 from server 193.40.56.245 in 61 ms. SOA ns.tld.ee. hostmaster.eestiinternet.ee. 1372332001 14400 7200 360 10800 from server 193.40.5.99 in 66 ms. SOA ns.tld.ee. hostmaster.eestiinternet.ee. 1372332001 14400 7200 360 10800 from server 195.43.87.10 in 77 ms. SOA ns.tld.ee. hostmaster.eestiinternet.ee. 1372332001 14400 7200 360 10800 from server 213.184.51.122 in 79 ms. SOA ns.tld.ee. hostmaster.eestiinternet.ee. 1372332001 14400 7200 360 10800 from server 194.204.0.1 in 80 ms. SOA ns.tld.ee. hostmaster.eestiinternet.ee. 1370411401 14400 7200 360 10800 from server 137.39.1.3 in 105 ms. Don't have up to date contacts for Verizon's NOC. try: hel...@verizonbusiness.com +1.8009000241 and see if that helps Joao On 27 Jun 2013, at 12:34, Jaana Järve net...@uninet.ee wrote: Hello, is there anybody here who can either confirm or deny that ns.uu.net is not and has not been answering queries about .int or .ee? And if it is talking to you, what serial does it give for .ee? I haven't yet been able to find anyplace I could successfully query it from, although I suppose it has to be working for _some_ zones, for someone or there would be a visible hoopla about it. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Problem with ns.uu.net
On Jun 27 2013, Jaana Järve wrote: is there anybody here who can either confirm or deny that ns.uu.net is not and has not been answering queries about .int or .ee? And if it is talking to you, what serial does it give for .ee? I am getting responses from it all right (80-90ms response time which agrees with traceroute - 18 hops from my workstation) but the serial for EE it gives is 1370411401 while the other nameservers give 1372362601 (guessing those are time_t values, it's 3 weeks behind - still only half the SOA.expire value). It's putatively up to date for INT with serial 2013062400. [I was amused, in a way, to notice that INT still has ns1.cs.ucl.ac.uk as one of its nameservers. A truly venerable server, and you can really believe the result of running dig CH TXT version.bind @ns1.cs.ucl.ac.uk.] -- Chris Thompson University of Cambridge Computing Service, Email: c...@ucs.cam.ac.ukNew Museums Site, Cambridge CB2 3QH, Phone: +44 1223 334715 United Kingdom. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
[dns-operations] about the ADDITIONAL SECTION
Hi, Sorry for my not good english. Says I have a domain a.com, whose NS records are: ns1.b.com ns2.b.com But b.com is not auth-resolved by my nameserver, for example, its auth-servers are registrar's. a.com is auth-resolved by my own nameservers, the NS records look as: a.com. 111IN NS ns1.b.com. a.com. 111IN NS ns2.b.com. But, if I add the zone b.com into the nameservers' zone file (though the zone is not auth-resolved by my servers as I've said), and setup the A records with fake IP for ns1.b.com and ns2.b.com. When query for: dig a.com ns The nameservers will answer with the additional section whose content is the fake IPs. ;; ANSWER SECTION: a.com.111 IN NS ns1.b.com. a.com.111 IN NS ns2.b.com. ;; ADDITIONAL SECTION: ns1.b.com. 111 IN A 1.2.3.4 ns2.b.com. 111 IN A 5.6.7.8 Will this make the world's DNS cache not work? i.e, the ISP's public DNS servers. Thanks. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
[dns-operations] DNSResolvers.com will be shutdown
As per our post: http://blog.easydns.org/2013/06/27/dnsresolvers-open-resolvers-will-be-shut-down/ The DNSResolvers.com free and open public resolvers will be shut down, imminently (like tonight, if we get DDoS-ed against them again). We'll keep them up for awhile if we can so everybody can migrate off, but if you or somebody you care about is using them, please make other arrangements as fast as possible. thankyouverymuch - mark -- Mark Jeftovic mar...@easydns.com Founder CEO, easyDNS Technologies Inc. +1-(416)-535-8672 ext 225 Read my blog: http://markable.com ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] about the ADDITIONAL SECTION
In message 51ccef49.8030...@nsbeta.info, Feng He writes: Hi, Sorry for my not good english. Says I have a domain a.com, whose NS records are: ns1.b.com ns2.b.com But b.com is not auth-resolved by my nameserver, for example, its auth-servers are registrar's. a.com is auth-resolved by my own nameservers, the NS records look as: a.com. 111IN NS ns1.b.com. a.com. 111IN NS ns2.b.com. This is expected and good. But, if I add the zone b.com into the nameservers' zone file (though the zone is not auth-resolved by my servers as I've said), and setup the A records with fake IP for ns1.b.com and ns2.b.com. When query for: dig a.com ns Do not do this. This is bad. The nameservers will answer with the additional section whose content is the fake IPs. ;; ANSWER SECTION: a.com.111 IN NS ns1.b.com. a.com.111 IN NS ns2.b.com. ;; ADDITIONAL SECTION: ns1.b.com. 111 IN A 1.2.3.4 ns2.b.com. 111 IN A 5.6.7.8 Will this make the world's DNS cache not work? i.e, the ISP's public DNS servers. Thanks. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] DNSResolvers.com will be shutdown
于 2013-6-28 11:00, Mark Jeftovic 写道: As per our post: http://blog.easydns.org/2013/06/27/dnsresolvers-open-resolvers-will-be-shut-down/ The DNSResolvers.com free and open public resolvers will be shut down, imminently (like tonight, if we get DDoS-ed against them again). We'll keep them up for awhile if we can so everybody can migrate off, but if you or somebody you care about is using them, please make other arrangements as fast as possible. Sorry to hear that but we have met the same DDoS problem days ago so we have to stop the free DNS hosting. http://www.dnsbed.com/?p=11 DDoS is hard to defend, I have four nameservers for free hosting, each met 2GB of traffic of attacking. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs