l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2007 Oct 01 09:16

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Strange DNS lookup failures (Ubuntu Fiesty)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Strange DNS lookup failures (Ubuntu Fiesty)



Quoting Gandalf Parker (gandalf@community.net):

> You might pay Sonic, and they are great for service and being a 
> go-between, but technically SBC is your DNS. The SBC DNS servers might be 
> closer to being "on a direct path" to you than running off the path to get 
> to Sonic's. [...]
> You might find that both of Sonic's DNS servers are your best bet.

Even closer, though, is one you operate on your local LAN.  

No offence intended towards quality local ISPs such as Sonic, but
personally I'd _much_ rather run my own recursive-resolver nameserver
than rely on one at an ISP.  The latter will inherently tend to be
vulnerable to cache-poisoning attack, for one thing, which I can prevent
locally through several means including accepting recursive queries only
from my own local IPs.

Also, it's extremely common for ISP nameservers to play games with TTL
(time to live) values, e.g., extending those values far past what was
actually published by the domains, in order to artificially save ISP
bandwidth.  _Something_ odd is happening at one of the Sonic
nameservers, in this regard (though not prolonging TTLs, but rather the
reverse).  Compare the correct TTL of 86400 for my domain, when querying
my own master nameserver:

$ dig linuxmafia.com @ns1.linuxmafia.com

; <<>> DiG 9.3.2 <<>> linuxmafia.com @ns1.linuxmafia.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44760
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2

;; QUESTION SECTION:
;linuxmafia.com.                        IN      A

;; ANSWER SECTION:
linuxmafia.com.         86400   IN      A       198.144.195.186
                        ^^^^^ (this value)

;; AUTHORITY SECTION:
linuxmafia.com.         86400   IN      NS      ns1.thecoop.net.
linuxmafia.com.         86400   IN      NS      ns1.linuxmafia.com.
linuxmafia.com.         86400   IN      NS      ns2.linuxmafia.com.
linuxmafia.com.         86400   IN      NS      ns.tx.primate.net.
linuxmafia.com.         86400   IN      NS      ns.primate.net.

;; ADDITIONAL SECTION:
ns1.linuxmafia.com.     86400   IN      A       198.144.195.186
ns2.linuxmafia.com.     86400   IN      A       63.193.123.122

;; Query time: 292 msec
;; SERVER: 198.144.195.186#53(198.144.195.186)
;; WHEN: Mon Oct  1 08:07:46 2007
;; MSG SIZE  rcvd: 190

$

...against the return value when querying NS2.SONIC.NET:

$ dig linuxmafia.com @ns2.sonic.net

; <<>> DiG 9.3.2 <<>> linuxmafia.com @ns2.sonic.net
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14643
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;linuxmafia.com.                        IN      A

;; ANSWER SECTION:
linuxmafia.com.         13306   IN      A       198.144.195.186
                        ^^^^^ (this value)

;; Query time: 1143 msec
;; SERVER: 208.201.224.33#53(208.201.224.33)
;; WHEN: Mon Oct  1 08:11:42 2007
;; MSG SIZE  rcvd: 48

$ 

Now, I'm not sure _why_ that's happening at NS2.SONIC.NET, and I'm sure
it's nothing nefarious, but I know for certain that nothing like that
happens at my own nameservers.
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!