cannot resolve oppedahl.com from uspto.gov domain
Beginning sometime within the past few days, uspto.gov domain cannot resolve oppedahl.com domain, but can resolve it from almost everywhere else. Some free websites (http://centralops.net/co/) cannot resolve it as well. I want to verify that uspto.gov doesn't need to correct anything on our end. When doing a dig, I can't get an IP address for their nameservers. By the way, they have published DNSSEC keys out there not in use. Last year, I had a few clients that couldn't connect to uspto.gov domain when I had published keys out there that I had not removed. Once I removed them, the problem was resolved. Do you think this could be the same case for oppedahl.com? I appreciate any help. Thx. Results of dig +trace: ; DiG 9.7.4-P1 +trace oppedahl.com ;; global options: +cmd . 46503 IN NS h.root-servers.net. . 46503 IN NS f.root-servers.net. . 46503 IN NS m.root-servers.net. . 46503 IN NS e.root-servers.net. . 46503 IN NS k.root-servers.net. . 46503 IN NS l.root-servers.net. . 46503 IN NS d.root-servers.net. . 46503 IN NS j.root-servers.net. . 46503 IN NS b.root-servers.net. . 46503 IN NS c.root-servers.net. . 46503 IN NS a.root-servers.net. . 46503 IN NS g.root-servers.net. . 46503 IN NS i.root-servers.net. ;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 41 ms com.172800 IN NS a.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. ;; Received 502 bytes from 198.41.0.4#53(198.41.0.4) in 462 ms oppedahl.com. 172800 IN NS dns2.oppedahl.com. oppedahl.com. 172800 IN NS dns1.oppedahl.com. dig: couldn't get address for 'dns2.oppedahl.com': failure ; DiG 9.7.4-P1 dns2.oppedahl.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 28190 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dns2.oppedahl.com. IN A ;; Query time: 11 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Feb 3 08:29:30 2012 ;; MSG SIZE rcvd: 35 [klear@idns1 ~]$ dig dns1.oppedahl.com ; DiG 9.7.4-P1 dns1.oppedahl.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 21440 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dns1.oppedahl.com. IN A ;; Query time: 13 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Feb 3 08:29:39 2012 ;; MSG SIZE rcvd: 35 [klear@idns1 ~]$ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: cannot resolve oppedahl.com from uspto.gov domain
* Bill Owens: On Fri, Feb 03, 2012 at 01:55:12PM +, Florian Weimer wrote: These nameservers: dns2.oppedahl.com. 172800 IN A 208.109.255.50 dns1.oppedahl.com. 172800 IN A 216.69.185.50 return SERVFAIL for EDNS0 queries. COM contains a signed delegation. This configuration is not supported. It seems that BIND produces a failure even if DNSSEC validation is not enabled for the view. How odd. . . it doesn't look that way from here: [littledebian:~] owens% dig oppedahl.com soa +norec +edns=0 @216.69.185.50 The exact same command line results in SERVFAIL for me. Various protocol-specific traceroutes suggests that I'm hitting the Godaddy servers hosted close to Level3 in Washington DC. The exact same command line also results in SERVFAIL for me. Does my DNS reply size limit have anything to do with this? Should it be over 4000? [klear@idns1 ~]$ dig +short rs.dns-oarc.net txt rst.x3827.rs.dns-oarc.net. rst.x3837.x3827.rs.dns-oarc.net. rst.x3843.x3837.x3827.rs.dns-oarc.net. Tested at 2012-02-03 00:54:03 UTC 151.207.242.20 sent EDNS buffer size 4096 151.207.242.20 DNS reply size limit is at least 3843 [klear@idns1 ~]$ -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: cannot resolve oppedahl.com from uspto.gov domain
On Fri, Feb 03, 2012 at 02:12:43PM +, Florian Weimer wrote: * Bill Owens: On Fri, Feb 03, 2012 at 01:55:12PM +, Florian Weimer wrote: These nameservers: dns2.oppedahl.com. 172800 IN A 208.109.255.50 dns1.oppedahl.com. 172800 IN A 216.69.185.50 return SERVFAIL for EDNS0 queries. COM contains a signed delegation. This configuration is not supported. It seems that BIND produces a failure even if DNSSEC validation is not enabled for the view. How odd. . . it doesn't look that way from here: [littledebian:~] owens% dig oppedahl.com soa +norec +edns=0 @216.69.185.50 The exact same command line results in SERVFAIL for me. Various protocol-specific traceroutes suggests that I'm hitting the Godaddy servers hosted close to Level3 in Washington DC. Aha, the dreaded anycast. I didn't think to look for that since they were using oppedahl.com names for the servers. And indeed, my tcptraceroutes go to Chicago from one test machine, an unidentified location from the other. Sadly, they don't appear to do the hostname.bind or id.server trick (or I'm requesting it incorrectly). I suppose this needs to turn into a trouble report to GoDaddy, though I wonder how hard it will be to find someone who would understand it. . . Bill. Who would be responsible for opening a trouble report to GoDaddy? I don't understand exactly what the problem is here. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: cannot resolve oppedahl.com from uspto.gov domain
Thank you all very much for the assistance! On Fri, Feb 03, 2012 at 10:04:19AM -0500, Lear, Karen (Evolver) wrote: Who would be responsible for opening a trouble report to GoDaddy? I don't understand exactly what the problem is here. It looks, from the outside, as though the Oppedahl Patent Law Firm LLC uses GoDaddy for DNS registration, DNS server hosting, and web server hosting. They're also DNSSEC-signing their domain (for which they should be praised ;) The GoDaddy DNS servers are distributed around the network in various colocation sites, and reachable by IP anycast, which means that a number of different hosts will answer queries as if they were 'dns1.oppedahl.com', they are all reachable over the same IP address, and normal IP routing takes your DNS queries to the closest one. When I query for oppedahl.com, I use servers in Chicago and they work fine. When you're trying to query for oppedahl.com, you're likely using the same Washington, DC area server that Florian was using, and it is broken; it doesn't respond to queries that use EDNS0, and therefore can't handle DNSSEC. Since Oppedahl is the GoDaddy customer, they should open a support case. It should be especially important for them to have the USPTO be able to reach their website, email, etc. so I'd think they would want to follow up on this quite vigorously. . . Incidentally their phone numbers are 970-468-8600 and 303-252-8800, since you can't get them off the website any more ;) Bill. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
MX record IP address instead of hostnames
Can anyone tell me why my MX record for the coop-uspto.gov domain are IP addresses instead of hostnames? [klear@dns1 conf]$ nslookup set type=mx coop-uspto.gov Server: 10.240.11.20 Address:10.240.11.20#53 Non-authoritative answer: coop-uspto.gov mail exchanger = 5 151.207.128.23.coop-uspto.gov. coop-uspto.gov mail exchanger = 5 151.207.128.22.coop-uspto.gov. Authoritative answers can be found from: coop-uspto.gov nameserver = dr-coopdns-1.coop-uspto.gov. dr-coopdns-1.coop-uspto.gov internet address = 151.207.240.200 Here is the zone file for coop-uspto.gov [klear@dr-coopdns-1 named]$ more db.coop-uspto $TTL 7200 @ IN SOA dr-coopdns-1.coop-uspto.gov. nmb.uspto.gov. ( 2011060708 ; serial number /mm/dd/## format 10800 ; refresh after 3 hour 3600; retry after 1 hour 604800 ; expire after 1 week 86400 ) ; minimum TTL 1 day IN NS dr-coopdns-1.coop-uspto.gov. localhost IN A 127.0.0.1 dr-coopdns-1IN A 151.207.240.200 dr-idns-1 IN A 151.207.128.33 ;COOP-USPTO MX record coop-uspto.gov. IN MX 5 coop-mbxhc-0.coop-uspto.gov. ;coop-mbxhc-0IN MX 5 coop-mbxhc-0.coop-uspto.gov. ;coop-mbxhc-1IN MX 5coop-mbxch-1.coop-uspto.gov. coop-uspto.gov. IN MX 5 coop-mbxhc-1.coop-uspto.gov. mailer IN A 151.207.128.131 ;www www IN A 151.207.128.134 @ IN A 151.207.128.134 coop-uspto-srv1 IN A 151.207.128.134 coop-dc-0 IN A 151.207.128.20 coop-dc-1 IN A 151.207.128.21 coop-mbxhc-0IN A 151.207.128.22 webmail IN A 151.207.128.22 webmail IN A 151.207.128.23 autodiscover IN A 151.207.128.22 autodiscover IN A 151.207.128.23 coop-mbxhc-1IN A 151.207.128.23 Thanks, k Karen Lear Evolver EUS - Network Operations Phone: 571-272-5314 email: karen.l...@uspto.gov ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: MX record IP address instead of hostnames
Thanks. From: bind-users-bounces+karen.lear=uspto@lists.isc.org [bind-users-bounces+karen.lear=uspto@lists.isc.org] On Behalf Of Eivind Olsen [eiv...@aminor.no] Sent: Tuesday, June 07, 2011 5:38 PM To: bind-users@lists.isc.org Subject: Re: MX record IP address instead of hostnames Karen Lear wrote: Can anyone tell me why my MX record for the coop-uspto.gov domain are IP addresses instead of hostnames? ... Non-authoritative answer: coop-uspto.gov mail exchanger = 5 151.207.128.23.coop-uspto.gov. coop-uspto.gov mail exchanger = 5 151.207.128.22.coop-uspto.gov. I can't, no. It looks fine enough when I check here (a bit odd to only have a single nameserver, but that's beside the point). [eivind@vimes ~]$ dig +short mx coop-uspto.gov 5 coop-mbxhc-1.coop-uspto.gov. 5 coop-mbxhc-0.coop-uspto.gov. [eivind@vimes ~]$ Regards Eivind Olsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Slowness and timeouts resolving qa.pay.gov
My recursive DNS servers are intermittently timing out and giving slow responses to qa.pay.gov. I haven't noticed problems with any other sites. How can I nail down where the problem is? From my home, on comast.net, I don't have slowness or timeouts resolving qa.pay.gov. Thx, k ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Slowness and timeouts resolving qa.pay.gov
.30 IN NS ns1.twai.gov. pay.gov.30 IN NS ns2.twai.gov. ;; Received 117 bytes from 199.169.192.28#53(NS2.TWAI.gov) in 74 ms Thank you. -Original Message- From: Warren Kumari [mailto:war...@kumari.net] Sent: Wednesday, July 14, 2010 10:59 AM To: Lear, Karen (Evolver) Cc: 'bind-users@lists.isc.org' Subject: Re: Slowness and timeouts resolving qa.pay.gov On Jul 14, 2010, at 9:54 AM, Lear, Karen (Evolver) wrote: My recursive DNS servers are intermittently timing out and giving slow responses to qa.pay.gov. I haven't noticed problems with any other sites. How can I nail down where the problem is? You are going to have to start by providing way more info, like: 1: Do you run these recursive servers or does someone else? 2: what are they ? version, etc. 3: How often does this happen? 4: Do you have the same issues with any other requests? 5: Do you have anything interesting in the logs? 6: Are you logging anything? 7: Is there a firewall between your resolver and the rest of the world? 8: Please provide configs... 9: Please provide output of dig, against both your server and with +trace. Also, please don't start a new thread by replying to a message and changing the subject, it is bad form and will annoy lots of folk. People who have stopped following the old thread with also probably not see your message, and so you will be less likely to get help... W From my home, on comast.net, I don't have slowness or timeouts resolving qa.pay.gov. Thx, k ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- A. No Q. Is it sensible to top-post? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Zone transfer issues on new domain
I added it to the named.conf on the slave. Shouldn't it create its own db.usptoenews file under the secondaries directory? From: bind-users-bounces+karen.lear=uspto@lists.isc.org [bind-users-bounces+karen.lear=uspto@lists.isc.org] On Behalf Of Sten Carlsen [st...@s-carlsen.dk] Sent: Tuesday, March 30, 2010 9:26 PM To: bind-users@lists.isc.org Subject: Re: Zone transfer issues on new domain Did you add it to the slaves configuration? It does not get automagically added; so the slave gets a notify on a zone it can not serve as it is not in its config. On 31/03/10 2:14, Lear, Karen (Evolver) wrote: Can you tell me why I’m getting the message below on my slave server after adding a master zone on the master server for usptoenews.gov: [kl...@dns2 logs]$ grep enews activity.log 30-Mar-2010 17:17:45.484 notify: notice: client 10.240.6.50#10738: received notify for zone 'usptoenews.gov': TSIG 'ns1-ns2.uspto.gov': not authoritative 30-Mar-2010 17:22:47.335 notify: notice: client 10.240.6.50#62593: received notify for zone 'usptoenews.gov': TSIG 'ns1-ns2.uspto.gov': not authoritative email: karen.l...@uspto.govmailto:karen.l...@uspto.gov ___ bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Zone transfer issues on new domain
To clarify, I added this to the named.conf on the slave: }; zone usptoenews.gov { type slave; file secondaries/db.usptoenews; masters { 10.240.6.50; }; }; From: Lear, Karen (Evolver) Sent: Wednesday, March 31, 2010 7:25 AM To: Sten Carlsen; bind-users@lists.isc.org Subject: RE: Zone transfer issues on new domain I added it to the named.conf on the slave. Shouldn't it create its own db.usptoenews file under the secondaries directory? From: bind-users-bounces+karen.lear=uspto@lists.isc.org [bind-users-bounces+karen.lear=uspto@lists.isc.org] On Behalf Of Sten Carlsen [st...@s-carlsen.dk] Sent: Tuesday, March 30, 2010 9:26 PM To: bind-users@lists.isc.org Subject: Re: Zone transfer issues on new domain Did you add it to the slaves configuration? It does not get automagically added; so the slave gets a notify on a zone it can not serve as it is not in its config. On 31/03/10 2:14, Lear, Karen (Evolver) wrote: Can you tell me why I’m getting the message below on my slave server after adding a master zone on the master server for usptoenews.gov: [kl...@dns2 logs]$ grep enews activity.log 30-Mar-2010 17:17:45.484 notify: notice: client 10.240.6.50#10738: received notify for zone 'usptoenews.gov': TSIG 'ns1-ns2.uspto.gov': not authoritative 30-Mar-2010 17:22:47.335 notify: notice: client 10.240.6.50#62593: received notify for zone 'usptoenews.gov': TSIG 'ns1-ns2.uspto.gov': not authoritative email: karen.l...@uspto.govmailto:karen.l...@uspto.gov ___ bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
MX records for new additional domain on existing authoritative name servers
I'm adding a new domain to my existing authoritative name servers, and need to add an MX record for a device on the existing domain. That device will serve both domains until we get a new box in and then we will have separate MX records/devices for each domain. I have created a new zone file and modified named.conf to include the new zone. When I run named-checkzone, I get a message about the MX record being out of zone and not having an A record. However, at the end of my named-checkzone output, I get OK. Can I restart named as is without causing problems or do I need to address these messages? Thx, [kl...@mynameserver]$ sudo named-checkzone -t /dns/chroot/conf -D NEWDOMAIN.gov MYNEWZONEFILE zone NEWDOMAIN.gov/IN: NEWDOMAIN.gov/MX 'MX1.OLDDOMAIN.gov' (out of zone) has no addresses records (A or ) zone NEWDOMAIN.gov/IN: NEWDOMAIN.gov/MX 'MX2.OLDDOMAIN.gov' (out of zone) has no addresses records (A or ) OK ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Using an MX record from a different domain
I'm adding a new domain to my existing authoritative name servers, and need to add an MX record for a device residing on existing domain. When I run named-checkzone, I get a message about the MX record being out of zone and not having an A record. However, at the end of my named-checkzone output, I get OK. Can I restart named as is without causing problems or do I need to address these messages? [kl...@dns1 conf]$ sudo named-checkzone -t /dns/chroot/conf -D usptoenews.gov db.usptoenews zone usptoenews.gov/IN: usptoenews.gov/MX 'smtpedge1.uspto.gov' (out of zone) has no addresses records (A or ) zone usptoenews.gov/IN: usptoenews.gov/MX 'smtpedge2.uspto.gov' (out of zone) has no addresses records (A or ) zone usptoenews.gov/IN: loaded serial 2010033000 usptoenews.gov. 7200 IN SOA dns1.uspto.gov. nmb.uspto.gov. 2010033000 10800 3600 604800 86400 usptoenews.gov. 7200 IN NSdns1.uspto.gov. usptoenews.gov. 7200 IN NSdns2.uspto.gov. usptoenews.gov. 7200 IN MX5 smtpedge1.uspto.gov. usptoenews.gov. 7200 IN MX5 smtpedge2.uspto.gov. dns1.usptoenews.gov. 7200 IN A 151.207.240.50 dns2.usptoenews.gov. 7200 IN A 151.207.246.51 enews.usptoenews.gov. 7200 IN A 151.207.244.68 localhost.usptoenews.gov. 7200 IN A 127.0.0.1 OK Karen Lear Evolver EUS - Network Operations Phone: 571-272-5314 email: karen.l...@uspto.gov ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Zone transfer issues on new domain
Can you tell me why I'm getting the message below on my slave server after adding a master zone on the master server for usptoenews.gov: [kl...@dns2 logs]$ grep enews activity.log 30-Mar-2010 17:17:45.484 notify: notice: client 10.240.6.50#10738: received notify for zone 'usptoenews.gov': TSIG 'ns1-ns2.uspto.gov': not authoritative 30-Mar-2010 17:22:47.335 notify: notice: client 10.240.6.50#62593: received notify for zone 'usptoenews.gov': TSIG 'ns1-ns2.uspto.gov': not authoritative email: karen.l...@uspto.gov ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Advertizing a new domain on my existing Authoritative DNS server
I'm running 9.6.1-P3 on RHEL4. Advertising example.com and now have been asked to advertise a new domain newexample.com (not a subdomain). What is the best way to go about this? Thanks, k ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users