Re: DNS ed.gov translations
> ROTFL what an honour ;-), as we are in to weekend mood anyway I share > the reason for this. When I joined Colt my signature did look like this: > > --- > ___ ___ ___ ___ Ralf Weber t: +49 (0)69 56606 2780 > \C/ \O/ \L/ \T/ System Administrator > V V V VCOLT Telecom GmbHf: +49 (0)69 56606 6280 > IP Services e: r...@colt.net As did everyone's, I think - it's great that we had such an ASCII-art-friendly logo :) > That was used until our lawyers decided that as with real letters it > was their duty to design the fine print on email also. This lead to > what you see now below. I don't like it but am bound to use it. In the > signatur select box of my email program the signatur below is named > "r...@colt.net > violating RFC1855". I moved all my work-related mailing-list subscriptions to personal email when the legal departments started getting hold of .sigs. It seems pretty much impossible these days to post from a work address to any external email at all without looking like an idiot. (Of course, just removing the legal boilerplate doesn't, in itself, *prevent* me from looking an idiot, before anyone goes for the obvious...) Regards, Tim.
Re: DNS ed.gov translations
Moin! On 29.05.2009, at 09:04, Warren Bailey wrote: I elect Ralf as owner of the longest email signature in history.. ROTFL what an honour ;-), as we are in to weekend mood anyway I share the reason for this. When I joined Colt my signature did look like this: --- ___ ___ ___ ___ Ralf Weber t: +49 (0)69 56606 2780 \C/ \O/ \L/ \T/ System Administrator V V V VCOLT Telecom GmbHf: +49 (0)69 56606 6280 IP Services e: r...@colt.net That was used until our lawyers decided that as with real letters it was their duty to design the fine print on email also. This lead to what you see now below. I don't like it but am bound to use it. In the signatur select box of my email program the signatur below is named "r...@colt.net violating RFC1855". So long -Ralf --- Ralf Weber Platform Infrastructure Manager Colt Telecom GmbH Herriotstrasse 4 60528 Frankfurt Germany DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780 Fax: +49 (0)69 56606 6280 Email: r...@colt.net http://www.colt.net/ Data | Voice | Managed Services Schütze Deine Umwelt | Erst denken, dann drucken * COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland * Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 * Geschäftsführer: Dr. Jürgen Hernichel (Vors.), Rita Thies * Amtsgericht Frankfurt/Main HRB 46123 * USt.-IdNr. DE 197 498 400
Re: DNS ed.gov translations
You just flashed me back to alt.fan.warlord. That .sig is nothing. No ASCII sword or any BUAG involved at all. On 5/29/2009 at 12:04 AM, "Warren Bailey" wrote: > I elect Ralf as owner of the longest email signature in history.. > > > > - Original Message - > From: Ralf Weber > To: Peter Charbonneau > Cc: nanog@nanog.org > Sent: Thu May 28 22:47:19 2009 > Subject: Re: DNS ed.gov translations > > Moin! > > On 29.05.2009, at 03:06, Peter Charbonneau wrote: >> >> Firewalls are Cisco ASAs that pass all traffic to/from the >> nameservers. >> Fragments are allowed through. > Is this the firewall formerly known as PIX? If so we had problems with > our DNS server until we put the following line in our configuration: > fixup protocol dns maximum-length 4096 > Maybe this helps. > > So long > -Ralf > --- > Ralf Weber > Platform Infrastructure Manager > Colt Telecom GmbH > Herriotstrasse 4 > 60528 Frankfurt > Germany > DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780 > Fax: +49 (0)69 56606 6280 > Email: r...@colt.net > http://www.colt.net/ > Data | Voice | Managed Services > > Schütze Deine Umwelt | Erst denken, dann drucken > > * > COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland > * Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 * > > Geschäftsführer: Dr. Jürgen Hernichel (Vors.), Rita Thies * > Amtsgericht Frankfurt/Main HRB 46123 * USt.-IdNr. DE 197 498 400
Re: DNS ed.gov translations
* Peter Charbonneau: > ed.gov. 86400 IN NS eduptcdns02.ed.gov. > ed.gov. 86400 IN NS eduftcdns01.ed.gov. > ed.gov. 86400 IN NS eduftcdns02.ed.gov. > ed.gov. 86400 IN NS eduptcdns01.ed.gov. > ;; Received 202 bytes from 216.55.155.29#53(A.GOV.ZONEEDIT.COM) in 84 ms > > dig: couldn't get address for 'eduftcdns01.ed.gov': not found This looks more like a "lack of glue" issue. The next time thiss happens, please use "dig www.fafsa.ed.gov +trace +all +norecurse" for diagnostics (one additional run with the "+dnssec" flag might be helpful, too). -- Florian Weimer BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Re: DNS ed.gov translations
I elect Ralf as owner of the longest email signature in history.. - Original Message - From: Ralf Weber To: Peter Charbonneau Cc: nanog@nanog.org Sent: Thu May 28 22:47:19 2009 Subject: Re: DNS ed.gov translations Moin! On 29.05.2009, at 03:06, Peter Charbonneau wrote: > > Firewalls are Cisco ASAs that pass all traffic to/from the > nameservers. > Fragments are allowed through. Is this the firewall formerly known as PIX? If so we had problems with our DNS server until we put the following line in our configuration: fixup protocol dns maximum-length 4096 Maybe this helps. So long -Ralf --- Ralf Weber Platform Infrastructure Manager Colt Telecom GmbH Herriotstrasse 4 60528 Frankfurt Germany DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780 Fax: +49 (0)69 56606 6280 Email: r...@colt.net http://www.colt.net/ Data | Voice | Managed Services Schütze Deine Umwelt | Erst denken, dann drucken * COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland * Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 * Geschäftsführer: Dr. Jürgen Hernichel (Vors.), Rita Thies * Amtsgericht Frankfurt/Main HRB 46123 * USt.-IdNr. DE 197 498 400
Re: DNS ed.gov translations
Moin! On 29.05.2009, at 03:06, Peter Charbonneau wrote: Firewalls are Cisco ASAs that pass all traffic to/from the nameservers. Fragments are allowed through. Is this the firewall formerly known as PIX? If so we had problems with our DNS server until we put the following line in our configuration: fixup protocol dns maximum-length 4096 Maybe this helps. So long -Ralf --- Ralf Weber Platform Infrastructure Manager Colt Telecom GmbH Herriotstrasse 4 60528 Frankfurt Germany DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780 Fax: +49 (0)69 56606 6280 Email: r...@colt.net http://www.colt.net/ Data | Voice | Managed Services Schütze Deine Umwelt | Erst denken, dann drucken * COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland * Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 * Geschäftsführer: Dr. Jürgen Hernichel (Vors.), Rita Thies * Amtsgericht Frankfurt/Main HRB 46123 * USt.-IdNr. DE 197 498 400
Re: DNS ed.gov translations
On May 28, 2009, at 8:37 PM, Mark Andrews wrote:
In message ,
Peter Charbonneau writes:
Greetings,
Periodically, we loose the capability of translating .ed.gov names.
Today, it seems that it is www.dl.ed.gov and www.fafsa.ed.gov that
will not translate.
If I use dig I get:
porthos2:~ pcharbon2$ dig +trace www.fafsa.ed.gov
; <<>> DiG 9.4.3-P1 <<>> +trace www.fafsa.ed.gov
;; global options: printcmd
. 499251 IN NS L.ROOT-SERVERS.NET.
. 499251 IN NS M.ROOT-SERVERS.NET.
. 499251 IN NS H.ROOT-SERVERS.NET.
. 499251 IN NS D.ROOT-SERVERS.NET.
. 499251 IN NS A.ROOT-SERVERS.NET.
. 499251 IN NS K.ROOT-SERVERS.NET.
. 499251 IN NS B.ROOT-SERVERS.NET.
. 499251 IN NS G.ROOT-SERVERS.NET.
. 499251 IN NS E.ROOT-SERVERS.NET.
. 499251 IN NS I.ROOT-SERVERS.NET.
. 499251 IN NS J.ROOT-SERVERS.NET.
. 499251 IN NS C.ROOT-SERVERS.NET.
. 499251 IN NS F.ROOT-SERVERS.NET.
;; Received 488 bytes from 137.165.4.21#53(137.165.4.21) in 2 ms
gov.172800 IN NS E.GOV.ZONEEDIT.COM.
gov.172800 IN NS G.GOV.ZONEEDIT.COM.
gov.172800 IN NS A.GOV.ZONEEDIT.COM.
gov.172800 IN NS B.GOV.ZONEEDIT.COM.
gov.172800 IN NS C.GOV.ZONEEDIT.COM.
gov.172800 IN NS D.GOV.ZONEEDIT.COM.
gov.172800 IN NS F.GOV.ZONEEDIT.COM.
;; Received 274 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in
82
ms
ed.gov. 86400 IN NS eduptcdns02.ed.gov.
ed.gov. 86400 IN NS eduftcdns01.ed.gov.
ed.gov. 86400 IN NS eduftcdns02.ed.gov.
ed.gov. 86400 IN NS eduptcdns01.ed.gov.
;; Received 202 bytes from 216.55.155.29#53(A.GOV.ZONEEDIT.COM) in
84 ms
dig: couldn't get address for 'eduftcdns01.ed.gov': not found
porthos2:~ pcharbon2$
It always seems to fail after the "third" lookup sequence.
After about an hour (or two or eight) it starts working again for
some
period of time.
I am out of troubleshooting tools and don't know where to go from
here. Any help would be greatly appreciated.
PeteC
Peter Charbonneau
Sr. Network and Systems Administrator
Williams College
(413) 597-3408 (office)
(413) 822-2922 (cell)
OIT will NEVER ask for your password!
What nameserver and version are you running?
What options do you have turned on in the nameserver?
What firewall settings do you have? Do you allow fragments
through?
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Bind 9.4.2
-- named.conf options -
options {
directory "/var/named"; // sets root dir, use full path to
escape
statistics-file "/var/named/named.stats"; // stats are your
friend
dump-file "/var/named/named.dump";
zone-statistics yes;
allow-recursion { 127.0.0.1; 137.165.0.0/16; }; // allow
recursive lookups
allow-transfer { none; }; // allow transfers to these IP's
notify no; // dont notify the above IP's when a zone is
updated, since we are a slave server
pid-file "/var/run/named/named.pid";
transfer-format many-answers; // Generates more efficient
zone transfers
listen-on { any; };
};
// Include logging config file
include "/var/named/conf/logging.conf";
// Include to ACLs
include "/var/named/conf/acls.conf";
// Include TSIG Keys
include "/etc/bind/keys.conf";
Firewalls are Cisco ASAs that pass all traffic to/from the nameservers.
Fragments are allowed through.
What dig (above) shows is typical of the problem we see. We get to
that "tier" and one of the listed servers (in this case
eduftcdns01.ed.gov) fails to respond. If I try to ping it or
traceroute to it, I can't get to it. Shouldn't bind, then, try one of
the other three servers listed?
PeteC
Peter Charbonneau
Sr. Systems and Network Administrator
Williams College
(413) 597-3408 (D)
(413) 822-2922 (C)
Re: DNS ed.gov translations
In message , Peter Charbonneau writes: > Greetings, > >Periodically, we loose the capability of translating .ed.gov names. > >Today, it seems that it is www.dl.ed.gov and www.fafsa.ed.gov that > will not translate. > > If I use dig I get: > > porthos2:~ pcharbon2$ dig +trace www.fafsa.ed.gov > > ; <<>> DiG 9.4.3-P1 <<>> +trace www.fafsa.ed.gov > ;; global options: printcmd > . 499251 IN NS L.ROOT-SERVERS.NET. > . 499251 IN NS M.ROOT-SERVERS.NET. > . 499251 IN NS H.ROOT-SERVERS.NET. > . 499251 IN NS D.ROOT-SERVERS.NET. > . 499251 IN NS A.ROOT-SERVERS.NET. > . 499251 IN NS K.ROOT-SERVERS.NET. > . 499251 IN NS B.ROOT-SERVERS.NET. > . 499251 IN NS G.ROOT-SERVERS.NET. > . 499251 IN NS E.ROOT-SERVERS.NET. > . 499251 IN NS I.ROOT-SERVERS.NET. > . 499251 IN NS J.ROOT-SERVERS.NET. > . 499251 IN NS C.ROOT-SERVERS.NET. > . 499251 IN NS F.ROOT-SERVERS.NET. > ;; Received 488 bytes from 137.165.4.21#53(137.165.4.21) in 2 ms > > gov. 172800 IN NS E.GOV.ZONEEDIT.COM. > gov. 172800 IN NS G.GOV.ZONEEDIT.COM. > gov. 172800 IN NS A.GOV.ZONEEDIT.COM. > gov. 172800 IN NS B.GOV.ZONEEDIT.COM. > gov. 172800 IN NS C.GOV.ZONEEDIT.COM. > gov. 172800 IN NS D.GOV.ZONEEDIT.COM. > gov. 172800 IN NS F.GOV.ZONEEDIT.COM. > ;; Received 274 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 82 > ms > > ed.gov. 86400 IN NS eduptcdns02.ed.gov. > ed.gov. 86400 IN NS eduftcdns01.ed.gov. > ed.gov. 86400 IN NS eduftcdns02.ed.gov. > ed.gov. 86400 IN NS eduptcdns01.ed.gov. > ;; Received 202 bytes from 216.55.155.29#53(A.GOV.ZONEEDIT.COM) in 84 ms > > dig: couldn't get address for 'eduftcdns01.ed.gov': not found > porthos2:~ pcharbon2$ > > > It always seems to fail after the "third" lookup sequence. > > After about an hour (or two or eight) it starts working again for some > period of time. > > I am out of troubleshooting tools and don't know where to go from > here. Any help would be greatly appreciated. > > > > PeteC > > > Peter Charbonneau > Sr. Network and Systems Administrator > Williams College > (413) 597-3408 (office) > (413) 822-2922 (cell) > OIT will NEVER ask for your password! What nameserver and version are you running? What options do you have turned on in the nameserver? What firewall settings do you have? Do you allow fragments through? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
DNS ed.gov translations
Greetings, Periodically, we loose the capability of translating .ed.gov names. Today, it seems that it is www.dl.ed.gov and www.fafsa.ed.gov that will not translate. If I use dig I get: porthos2:~ pcharbon2$ dig +trace www.fafsa.ed.gov ; <<>> DiG 9.4.3-P1 <<>> +trace www.fafsa.ed.gov ;; global options: printcmd . 499251 IN NS L.ROOT-SERVERS.NET. . 499251 IN NS M.ROOT-SERVERS.NET. . 499251 IN NS H.ROOT-SERVERS.NET. . 499251 IN NS D.ROOT-SERVERS.NET. . 499251 IN NS A.ROOT-SERVERS.NET. . 499251 IN NS K.ROOT-SERVERS.NET. . 499251 IN NS B.ROOT-SERVERS.NET. . 499251 IN NS G.ROOT-SERVERS.NET. . 499251 IN NS E.ROOT-SERVERS.NET. . 499251 IN NS I.ROOT-SERVERS.NET. . 499251 IN NS J.ROOT-SERVERS.NET. . 499251 IN NS C.ROOT-SERVERS.NET. . 499251 IN NS F.ROOT-SERVERS.NET. ;; Received 488 bytes from 137.165.4.21#53(137.165.4.21) in 2 ms gov.172800 IN NS E.GOV.ZONEEDIT.COM. gov.172800 IN NS G.GOV.ZONEEDIT.COM. gov.172800 IN NS A.GOV.ZONEEDIT.COM. gov.172800 IN NS B.GOV.ZONEEDIT.COM. gov.172800 IN NS C.GOV.ZONEEDIT.COM. gov.172800 IN NS D.GOV.ZONEEDIT.COM. gov.172800 IN NS F.GOV.ZONEEDIT.COM. ;; Received 274 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 82 ms ed.gov. 86400 IN NS eduptcdns02.ed.gov. ed.gov. 86400 IN NS eduftcdns01.ed.gov. ed.gov. 86400 IN NS eduftcdns02.ed.gov. ed.gov. 86400 IN NS eduptcdns01.ed.gov. ;; Received 202 bytes from 216.55.155.29#53(A.GOV.ZONEEDIT.COM) in 84 ms dig: couldn't get address for 'eduftcdns01.ed.gov': not found porthos2:~ pcharbon2$ It always seems to fail after the "third" lookup sequence. After about an hour (or two or eight) it starts working again for some period of time. I am out of troubleshooting tools and don't know where to go from here. Any help would be greatly appreciated. PeteC Peter Charbonneau Sr. Network and Systems Administrator Williams College (413) 597-3408 (office) (413) 822-2922 (cell) OIT will NEVER ask for your password!
