Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.
Click here to check if anything new just came in.
May 12 2010
.de / denic failure
I noticed .de domains were not resolving as expected. While debugging, it turns out some DNS servers of the denic seem to be out of sync.
This is a ``nice" query, created by resolving a well known domain on the denic nameservers:
---snip---
nihilus@zeus:~$ dig -t NS de
; <<>> DiG 9.5.1-P3 <<>> -t NS de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61752
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 9
;; QUESTION SECTION:
;de. IN NS
;; ANSWER SECTION:
de. 86400 IN NS z.nic.de.
de. 86400 IN NS c.de.net.
de. 86400 IN NS l.de.net.
de. 86400 IN NS a.nic.de.
de. 86400 IN NS s.de.net.
de. 86400 IN NS f.nic.de.
;; ADDITIONAL SECTION:
a.nic.de. 2191 IN A 194.0.0.53
a.nic.de. 2191 IN AAAA 2001:678:2::53
c.de.net. 2191 IN A 208.48.81.43
f.nic.de. 2191 IN A 81.91.164.5
f.nic.de. 2191 IN AAAA 2001:608:6:6::10
l.de.net. 2191 IN A 77.67.63.105
l.de.net. 2191 IN AAAA 2001:668:1f:11::105
s.de.net. 2191 IN A 195.243.137.26
z.nic.de. 2191 IN A 194.246.96.1
;; Query time: 819 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 12 14:50:27 2010
;; MSG SIZE rcvd: 306
nihilus@zeus:~$ for i in a.nic.de c.de.net f.nic.de l.de.net s.de.net z.nic.de; do dig fefe.de @$i; done
; <<>> DiG 9.5.1-P3 <<>> fefe.de @a.nic.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9590
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;fefe.de. IN A
;; AUTHORITY SECTION:
de. 7200 IN SOA f.nic.de. its.denic.de. 2010051253 7200 7200 3600000 7200
;; Query time: 23 msec
;; SERVER: 2001:678:2::53#53(2001:678:2::53)
;; WHEN: Wed May 12 14:50:54 2010
;; MSG SIZE rcvd: 77
[...]
; <<>> DiG 9.5.1-P3 <<>> fefe.de @z.nic.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40763
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;fefe.de. IN A
;; AUTHORITY SECTION:
de. 7200 IN SOA f.nic.de. its.denic.de. 2010051253 7200 7200 3600000 7200
;; Query time: 12 msec
;; SERVER: 194.246.96.1#53(194.246.96.1)
;; WHEN: Wed May 12 14:50:54 2010
;; MSG SIZE rcvd: 77
---snip---
As you see, at least a.nic.de and z.nic.de return an NXDOMAIN for a registered and correctly configured domain.
This is a ``nice" query, created by resolving a well known domain on the denic nameservers:
---snip---
nihilus@zeus:~$ dig -t NS de
; <<>> DiG 9.5.1-P3 <<>> -t NS de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61752
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 9
;; QUESTION SECTION:
;de. IN NS
;; ANSWER SECTION:
de. 86400 IN NS z.nic.de.
de. 86400 IN NS c.de.net.
de. 86400 IN NS l.de.net.
de. 86400 IN NS a.nic.de.
de. 86400 IN NS s.de.net.
de. 86400 IN NS f.nic.de.
;; ADDITIONAL SECTION:
a.nic.de. 2191 IN A 194.0.0.53
a.nic.de. 2191 IN AAAA 2001:678:2::53
c.de.net. 2191 IN A 208.48.81.43
f.nic.de. 2191 IN A 81.91.164.5
f.nic.de. 2191 IN AAAA 2001:608:6:6::10
l.de.net. 2191 IN A 77.67.63.105
l.de.net. 2191 IN AAAA 2001:668:1f:11::105
s.de.net. 2191 IN A 195.243.137.26
z.nic.de. 2191 IN A 194.246.96.1
;; Query time: 819 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 12 14:50:27 2010
;; MSG SIZE rcvd: 306
nihilus@zeus:~$ for i in a.nic.de c.de.net f.nic.de l.de.net s.de.net z.nic.de; do dig fefe.de @$i; done
; <<>> DiG 9.5.1-P3 <<>> fefe.de @a.nic.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9590
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;fefe.de. IN A
;; AUTHORITY SECTION:
de. 7200 IN SOA f.nic.de. its.denic.de. 2010051253 7200 7200 3600000 7200
;; Query time: 23 msec
;; SERVER: 2001:678:2::53#53(2001:678:2::53)
;; WHEN: Wed May 12 14:50:54 2010
;; MSG SIZE rcvd: 77
[...]
; <<>> DiG 9.5.1-P3 <<>> fefe.de @z.nic.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40763
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;fefe.de. IN A
;; AUTHORITY SECTION:
de. 7200 IN SOA f.nic.de. its.denic.de. 2010051253 7200 7200 3600000 7200
;; Query time: 12 msec
;; SERVER: 194.246.96.1#53(194.246.96.1)
;; WHEN: Wed May 12 14:50:54 2010
;; MSG SIZE rcvd: 77
---snip---
As you see, at least a.nic.de and z.nic.de return an NXDOMAIN for a registered and correctly configured domain.
Reposted by
sublab
sublab
