Re: [swinog] DNS, Invalid characters in classless PTR delegation
On Wed, 28 Jan 2004 18:10:10 +0100, Benoit Panizzon [EMAIL PROTECTED] said: Especialy www.zonecut.net pretends that it does not exist. What exactly do you think is wrong with that server? ; DiG 9.4.0s20040114055632 @www.zonecut.net 6.77.141.195.in-addr.arpa. ptr +noall +ans ;; global options: printcmd 6.77.141.195.in-addr.arpa. 86191 IN CNAME 6.0/27.77.141.195.in-addr.arpa. 6.0/27.77.141.195.in-addr.arpa. 42993 IN PTRpragmatica.ch. Hmm, or is it just the Web-Gui that does now work? s/now/not/ ? http://www.zonecut.net/dns/index.cgi?domain=0/27.77.141.195.in-addr.arpa No such domain: 0/27.77.141.195.in-addr.arpa http://www.ip-plus.net/tools/dns_check_set.en.html Invalid characters in dns1.pragmatica.ch or 0/27.77.141.195.in-addr.arpa. I rather suspect those tools don't perform PTR queries at all. -- Alex -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: [swinog] DNS, Invalid characters in classless PTR delegation
On Thu, 29 Jan 2004 14:06:24 +0100, Benoit Panizzon [EMAIL PROTECTED] said: Hmm, or is it just the Web-Gui that does now work? s/now/not/ ? right I rather suspect those tools don't perform PTR queries at all. It does work and it looks great when it works ;-) http://www.zonecut.net/dns/index.cgi?domain=128-27.194.238.80.in-addr.arpa That tool actually only traces delegations (hence the name zonecut, I guess). It doesn't look up PTR or any other type of resource record. Apparently it applies some rules to the domain name that causes it to believe that the zone 0/27.77.141.195.in-addr.arpa. doesn't exist. I don't think that any name server is at fault here. You might want to tell the author of the tool. -- Alex -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: AW: [swinog] Bluewin DNS1 DNS2 replication lag?
| | ; DiG 9.4.0s20040114055632 @dns2.bluewin.ch nice version of dig ;-) especially if the last known Snapshot is bind-9.3.0s20021217.tar.gz. That's part of what you get for your money when you become a BIND Forum member http://www.isc.org/BINDForum/ :-) -- Alex -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: [swinog] Bluewin DNS1 DNS2 replication lag?
On Wed, 21 Jan 2004 11:19:27 +0100, Didier Leimbach [EMAIL PROTECTED] said: Hello, this is my first post. to me swinog seems to be a good list to post my question. please correct me if i'm wrong. here's my question: On Monday the TTL for www.juraworld.com has been changed to 1h on ns1.lan.ch and ns2.lan.ch. Today ist has been changed to 15min as we're getting ready to move servers. Yet, dns2.bluewin.ch doesn't reflect this TTL. How large was the TTL before you changed it on Monday? Given the remaining TTL on dns2 of about 20 hours, this result is to be expected only when the original TTL was at least around 68 hours (20+2*24, assuming you lowered the TTL at noon on Monday). Has anyone an idea how bluewins dns are setup? Bluewin support gave me an almost unbelievable answer: dns2 is only backup and updated every 14 days from dns1 I don't know what they mean by update. I sure hope dns2 is up to date for the zones for which it is authoritative :-) However, that's beside the point since your problem is related to caching. -- Alex thanks very much! didier leimbach dig @dns1.bluewin.ch www.juraworld.com ; DiG 9.2.3 @dns1.bluewin.ch www.juraworld.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 41 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.juraworld.com. IN A ;; ANSWER SECTION: www.juraworld.com. 900 IN A 62.204.127.37 ;; AUTHORITY SECTION: juraworld.com. 900 IN NS ns1.lan.ch. juraworld.com. 900 IN NS ns2.lan.ch. ;; ADDITIONAL SECTION: ns1.lan.ch. 2676IN A 212.60.61.245 ns2.lan.ch. 1847IN A 212.60.63.245 ;; Query time: 218 msec ;; SERVER: 195.186.1.110#53(dns1.bluewin.ch) ;; WHEN: Wed Jan 21 11:10:32 2004 ;; MSG SIZE rcvd: 125 --- ; DiG 9.2.3 @dns2.bluewin.ch www.juraworld.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 41 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13 ;; QUESTION SECTION: ;www.juraworld.com. IN A ;; ANSWER SECTION: www.juraworld.com. 74385 IN A 62.204.127.37 ;; AUTHORITY SECTION: com.172797 IN NS g.gtld-servers.net. com.172797 IN NS h.gtld-servers.net. com.172797 IN NS i.gtld-servers.net. com.172797 IN NS j.gtld-servers.net. com.172797 IN NS k.gtld-servers.net. com.172797 IN NS l.gtld-servers.net. com.172797 IN NS m.gtld-servers.net. com.172797 IN NS a.gtld-servers.net. com.172797 IN NS b.gtld-servers.net. com.172797 IN NS c.gtld-servers.net. com.172797 IN NS d.gtld-servers.net. com.172797 IN NS e.gtld-servers.net. com.172797 IN NS f.gtld-servers.net. ;; ADDITIONAL SECTION: a.gtld-servers.net. 108097 IN A 192.5.6.30 b.gtld-servers.net. 119329 IN A 192.33.14.30 c.gtld-servers.net. 119329 IN A 192.26.92.30 d.gtld-servers.net. 119329 IN A 192.31.80.30 e.gtld-servers.net. 119329 IN A 192.12.94.30 f.gtld-servers.net. 119150 IN A 192.35.51.30 g.gtld-servers.net. 119329 IN A 192.42.93.30 h.gtld-servers.net. 119150 IN A 192.54.112.30 i.gtld-servers.net. 119329 IN A 192.43.172.30 j.gtld-servers.net. 118991 IN A 192.48.79.30 k.gtld-servers.net. 118991 IN A 192.52.178.30 l.gtld-servers.net. 119329 IN A 192.41.162.30 m.gtld-servers.net. 118948 IN A 192.55.83.30 ;; Query time: 31 msec ;; SERVER: 195.186.1.111#53(dns2.bluewin.ch) ;; WHEN: Wed Jan 21 11:11:16 2004 ;; MSG SIZE rcvd: 483 -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/ -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: AW: [swinog] Bluewin DNS1 DNS2 replication lag?
On Wed, 21 Jan 2004 13:24:36 +0100, Didier Leimbach [EMAIL PROTECTED] said: Hi Alex, thanks for your reply. I indeed forgot to mention that the original TTL was 24h. So everything should have been as expected since about yesterday. Yes. In that case, I don't know why the A RR for www.juraworld.com is still in the cache of dns2.bluewin.ch. I also find it strange that dns2 is giving me all the root-server as glue. I think that it just didn't happen to have the glue for juraworld.com. in its cache, so it returned the glue for the GTLD-servers instead (not the root servers). After querying it for the NS records for that domain, it now reports the expected glue (at least until those records expire) ; DiG 9.4.0s20040114055632 @dns2.bluewin.ch www.juraworld.com. ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 7936 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.juraworld.com. IN A ;; ANSWER SECTION: www.juraworld.com. 65625 IN A 62.204.127.37 ;; AUTHORITY SECTION: juraworld.com. 747 IN NS ns1.lan.ch. juraworld.com. 747 IN NS ns2.lan.ch. ;; ADDITIONAL SECTION: ns1.lan.ch. 330 IN A 212.60.61.245 ns2.lan.ch. 642 IN A 212.60.63.245 ;; Query time: 3 msec ;; SERVER: 195.186.1.111#53(dns2.bluewin.ch) ;; WHEN: Wed Jan 21 13:37:59 2004 ;; MSG SIZE rcvd: 125 we'll see what happens by tomorrow Right. The old records should be definitely gone by then :-/ -- Alex -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: [swinog] Security à la SWITCH - nic.ch
On Wed, 12 Nov 2003 18:21:08 +0100, Philipp Morger [EMAIL PROTECTED] said: SWITCH - nic.ch - a ignorant and stupid organization. Well, that's almost anyone that sends access information in cleartext mails... the problem is, that there's almost no security mechanism in place - I doubt that if switch would provide (and please do) a way to submit a gpg-key to get emails encrypted that it would be used by a wide userbase anyway... And how do you propose to verify the user's key? This is a BIG can of worms (can you say PKI?). Incidentally, there is an Interface (Batch-Schnittstelle) for wholsale partners that uses PGP signatures. This is impossible to do on a large scale. BTW, don't ask me about this security issue, I'm just working for the NOC :-) -- Alex -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: [swinog] Odd answers from dns.switch.ch
On Wed, 09 Jul 2003 16:36:47 +0200, [EMAIL PROTECTED] [EMAIL PROTECTED] said: True, before I was able to get the answer-section from this server (was nice and fast)... any infos from switch why they changed this ? The reason for turning off recursion (and that is all that happened: no improper or unreal answers as you initially suspected but simply referrals for queries that can't be answered authoritatively) was to separate the functions of caching server and authoritative server (it serves 400+ zones). The host provided both functions for historical reasons but this is considered to be bad practice nowadays. However, note that the caching function has never been offered as a public service and therefore there was no need to officially announce its removal. I'm afraid you used it at your own risk. I know that others did that too, but there is simply no way for us to even send a heads-up to those people. Regards, -- Alex SWITCH-NOC As a reference I still can use the authority-answer from the secondaries. -Lukas At 16:25 09.07.2003, you wrote: well, if i ask the root servers, the authority domains for .ch are: ;; AUTHORITY SECTION: ch. 2D IN NSNS.APNIC.NET. ch. 2D IN NSDOMREG.NIC.ch. ch. 2D IN NSMERAPI.SWITCH.ch. ch. 2D IN NSDNS.PRINCETON.EDU. ch. 2D IN NSRIP.PSG.COM. ch. 2D IN NSTULKU.NIC.AR. ch. 2D IN NSCCTLD.TIX.ch. -steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 4:24 PM To: [EMAIL PROTECTED] Subject: [swinog] Odd answers from dns.switch.ch Hi all Is there a reason why dns.switch.ch no longer replys with the proper authority/answer-section ? Where can we get now the real informations about a zone (reference) ? Thank god that the secondaries still answer with the authority-part. Any comments ? Best, -Lukas -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/ -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/ -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/ -- __ SWITCH - The Swiss Education and Research Network __ Alexander Gall, SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland [EMAIL PROTECTED] Tel: +41 1 268 1522 Fax: +41 1 268 1568 -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: [swinog] Coincidence?
On Fri, 28 Feb 2003 09:22:57 +0100, Pascal Gloor [EMAIL PROTECTED] said: where can i register my new domains? bush-has-a-low.iq my.iq Unfortunatly I didnt found any active domain in the .iq zone but there is another interesting thing... iq. 1D IN SOA faith.mynet.net. hostmaster.infocomcorp.com. ( 2002091902 ; serial 3H ; refresh 1H ; retry 1W ; expiry 0S ); minimum 0 seconds? :-P So? This just instructs name servers not to cache negative answers for this zone. -- Alex -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/