[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Your friend's DNS

To: namedroppers@ops.ietf.org
Subject: Re: Your friend's DNS
From: Heinrich Mendelssohn <itokeechan@hotmail.com>
Date: 26 Nov 2002 23:27:11 +0100
In-reply-to: <as08v1$54jf$1@isrv4.isc.org>
References: <BA08C9B1.18763%marc@sky4studios.be> <as08v1$54jf$1@isrv4.isc.org>
User-agent: Microsoft-Entourage/10.1.1.2418

Matt Larson wrote:
> Heinrich Mendelssohn wrote:
> 
>>It seems that CH, the ccTLD for Switzerland, was listed as
>>non-existant during a few hours on Monday November 25, 2002 by
>>A.ROOT-SERVERS.NET, as well as all the other ROOT-SERVERS.NET servers
>>I checked. I noticed the problem as suddenly a lot of .ch domains
>>became unresolvable and e-mails started to bounce...
>>
>>The CH ccTLD was relisted again by A.ROOT-SERVERS.NET at about 14:55
>>GMT on November 25.
>>Did anyone this, or know what happened ?  A human error at VeriSign ?
>>Have other ccTLDs been affected ?
> 
> 
> There have been no changes to the .ch delegation in the root zone since
> October 22, 2002.  I verified this in the database from which the zone
> is produced, as well as the resulting root zone files.  Did you save the
> output of the query or note the serial number of the root zone that was
> affected?
> 
> Did you use dig for this query?  You might have been burned by dig
> assuming that "ch" meant the CHAOS class.  For example, the version of
> dig that I have lying around (9.1.3) assumes that "dig
> @a.root-servers.net ch ns" is a query for ./CHAOS/NS.  On the other
> hand, adding a period after the TLD (dig @a.root-servers.net ch. ns)
> performs the desired query for CH/IN/NS.  Could that have been what you
> saw?
> 
> Matt

*Red-faced shame*

Matt's diagnostic is probably correct.  I think I queried for a plain
"CH", instead of "CH."
My sendmail config rejects e-mail coming from unresolvable domains, and I
noticed that it started to bounce mails coming from sunrise.ch, a fairly
large swiss telecom carrier.  For US guys, it would be a bit as if your
sendmail was decreeing that, say, Verizon or Sprint weren't resolvable anymore.

I ran a few queries, and when I couldn't even resolve well-known domains
like cern.ch, I started to look one level above.

Anyway, I now think that the probable cause was some transient IP routing
instability between the US server I was working on and Switzerland.

It's probable that when I queried dig again at around 14:55 GMT and got
back the expected servers for CH, I was appending a dot at the end of "CH".
I thus assumed that "CH" was back on-line...  I'm a bit lazy/inconsistent
and sometimes forget to add the dot.

Sorry for the false alarm...
Heinrich Mendelssohn

P.S.
With dig v8.2, the two name servers for sunrise.ch (195.141.56.5 and
193.192.227.3) respond as expected to the queries.
With dig v9.2.1, both name servers don't send back any response at all.
Peculiar.  Maybe a difference in the level of the resolver libraries
linked to dig v.8 and dig v.9 changes the DNS UDP packet's contents,
and Sunrise's firewalls kill the v.9 packets.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: Your friend's DNS
  - From: Heinrich Mendelssohn <itokeechan@hotmail.com>

Prev by Date: Re: Is this correct behavior?
Next by Date: Re: Is this correct behavior?
Previous by thread: Re: Your friend's DNS
Next by thread: Is this correct behavior?
Index(es):
- Date
- Thread