accelerated TTL decrement

Brad Knowles brad.knowles at skynet.be
Fri Apr 13 13:06:11 UTC 2001 

At 1:22 AM -0600 4/13/01, Nate Duehr wrote:

>  On one of my nameservers, every few [three to be exact] days I lose the
>  ability to find any records in the wellogix.com zone.

	Here's your problem:

dig @a.gtld-servers.net. wellogix.com. ns

; <<>> DiG 8.1 <<>> @a.gtld-servers.net. wellogix.com. ns
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUERY SECTION:
;;      wellogix.com, type = NS, class = IN

;; ANSWER SECTION:
wellogix.com.           2D IN NS        NS2.wellogix.com.
wellogix.com.           2D IN NS        NS3.wellogix.com.

;; ADDITIONAL SECTION:
NS2.wellogix.com.       2D IN A         63.224.68.250
NS3.wellogix.com.       2D IN A         208.146.252.243

;; Total query time: 13 msec
;; WHEN: Fri Apr 13 08:54:38 2001
;; MSG SIZE  sent: 30  rcvd: 98

dig @NS2.wellogix.com. wellogix.com. soa

; <<>> DiG 8.1 <<>> @NS2.wellogix.com. wellogix.com. soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_send to server NS2.wellogix.com.  63.224.68.250: Connection refused

dig @NS3.wellogix.com. wellogix.com. soa

; <<>> DiG 8.1 <<>> @NS3.wellogix.com. wellogix.com. soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      wellogix.com, type = SOA, class = IN

;; ANSWER SECTION:
wellogix.com.           42m40s IN SOA   a.ns.wellogix.com. 
hostmaster.wellogix.com. (
                                         986999119       ; serial
                                         4h33m4s         ; refresh
                                         34m8s           ; retry
                                         1w5d3h16m16s    ; expiry
                                         42m40s )                ; minimum


;; AUTHORITY SECTION:
wellogix.com.           3D IN NS        a.ns.wellogix.com.
wellogix.com.           3D IN NS        b.ns.wellogix.com.

;; ADDITIONAL SECTION:
a.ns.wellogix.com.      3D IN A         208.146.252.243
b.ns.wellogix.com.      3D IN A         63.224.68.250

;; Total query time: 110 msec
;; WHEN: Fri Apr 13 08:55:55 2001
;; MSG SIZE  sent: 30  rcvd: 144


	In other words, ns3.wellogix.com is a lame delegation, and 
ns2.wellogix.com doesn't appear to be working at all.  They need to 
fix ns2 so that it answers queries, and fix the delegations for ns2 & 
ns3 (either get the registrar to use the new names a.ns.wellogix.com 
and b.ns.wellogix.com, or change the local records back to using the 
old names).


	Also note that they don't have reverse DNS set up properly:

dig -x 208.146.252.243

; <<>> DiG 8.1 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      243.252.146.208.in-addr.arpa, type = ANY, class = IN

;; AUTHORITY SECTION:
252.146.208.in-addr.arpa.  3H IN SOA  ns1.inflow.net. dnsadmin.inflow.com. (
                                         2001030801      ; serial
                                         1H              ; refresh
                                         10M             ; retry
                                         1W              ; expiry
                                         1D )            ; minimum


;; Total query time: 342 msec
;; WHEN: Fri Apr 13 08:58:41 2001
;; MSG SIZE  sent: 46  rcvd: 115

dig -x 63.224.68.250

; <<>> DiG 8.1 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      250.68.224.63.in-addr.arpa, type = ANY, class = IN

;; AUTHORITY SECTION:
68.224.63.in-addr.arpa.  3H IN SOA  ns1.uswest.net. hostmaster.uswest.net. (
                                         53              ; serial
                                         8H              ; refresh
                                         2H              ; retry
                                         1W              ; expiry
                                         1D )            ; minimum


;; Total query time: 296 msec
;; WHEN: Fri Apr 13 08:58:49 2001
;; MSG SIZE  sent: 44  rcvd: 105

>  I think this may be similar because the gtld-server names do not match
>  the names of the NS records they actually have in their zonefile.

	Yup.  It's called a "lame delegation".

>  BIND 8.2.3-REL... of course.  :)

	If so, then they've turned off support for version.bind queries 
entirely (at least, on ns3).  I strongly suspect that there is 
actually a different version of BIND running on at least this machine.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list