question about thehartford.com domain

Rich Goodson rgoodson at gronkulator.com
Wed Jun 15 13:58:08 UTC 2011 

Info at the authoritative servers doesn't match the glue records.

We see this all the time on our recursive resolvers.

rich-goodsons-computer:~ rgoodson$ dig +norec @ns1.thehartford.com thehartford.com NS

; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec @ns1.thehartford.com thehartford.com NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43188
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;thehartford.com.		IN	NS

;; ANSWER SECTION:
thehartford.com.	120	IN	NS	hfdns4.thehartford.com.
thehartford.com.	120	IN	NS	simns3.thehartford.com.
thehartford.com.	120	IN	NS	simns4.thehartford.com.
thehartford.com.	120	IN	NS	hfdns3.thehartford.com.

;; ADDITIONAL SECTION:
hfdns4.thehartford.com.	120	IN	A	162.136.188.4
simns3.thehartford.com.	120	IN	A	162.136.190.3
simns4.thehartford.com.	120	IN	A	162.136.190.4
hfdns3.thehartford.com.	120	IN	A	162.136.188.3

;; Query time: 39 msec
;; SERVER: 162.136.188.1#53(162.136.188.1)
;; WHEN: Wed Jun 15 08:55:41 2011
;; MSG SIZE  rcvd: 181

rich-goodsons-computer:~ rgoodson$ dig +norec @f.gtld-servers.net thehartford.com NS

; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec @f.gtld-servers.net thehartford.com NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3174
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;thehartford.com.		IN	NS

;; AUTHORITY SECTION:
thehartford.com.	172800	IN	NS	ns1.thehartford.com.
thehartford.com.	172800	IN	NS	ns2.thehartford.com.

;; ADDITIONAL SECTION:
ns1.thehartford.com.	172800	IN	A	162.136.188.1
ns2.thehartford.com.	172800	IN	A	162.136.190.1

;; Query time: 94 msec
;; SERVER: 192.35.51.30#53(192.35.51.30)
;; WHEN: Wed Jun 15 08:55:49 2011
;; MSG SIZE  rcvd: 101



On Jun 15, 2011, at 7:28 AM, M. Meadows wrote:

> 
>  
> Good morning.
>  
> We sent the following email to the dns managers at thehartford.com this morning:
>  
> --------------------------------------------------------------------------------- 
>     Hi. We’re experiencing some issues with address record lookups for eftc.thehartford.com. We’ve got a couple questions about how this address record is set up.
>  
> Question : why does eftc as an address record in the thehartford.com zone file have a 30 second TTL? Seems … very … short. I think most nameservers won’t do less than a minute for an address record. Right?
>  
> Question : our check of whois indicates that ns1.thehartford.com and ns2.thehartford.com are the authoritative nameservers for thehartford.com. A dig with a +trace for eftc.thehartford.com seems to indicate that they are indeed the auth nameservers. It’s interesting, though, that an http://www.kloth.net/services/nslookup.php lookup for thehartford.com query for NS records shows a non-authoritative answer of hfdns3.thehartford.com, hfdns4.thehartford.com, simns3.thehartford.com,simns3.thehartford.com and simns4.thehartford.com. We’re unsure what’s going on with that.
>  
>     So we have a Microsoft set of DNS servers that seem to get confused J by this somehow. Not really clear to us what’s going on with it … but it’s sort of like there’s some negative caching going on for hfdns3, hfdns4, simns3 and simns4 … at some point … where these Microsoft DNS servers think those 4 servers are the authorities for the thehartford.com domain … and those auth nameserver names … can’t be found … resolved. Then for a period … until the Microsoft DNS servers have their cache cleared … they say … NOPE … no such servers out there. Can’t get to hfdns4, hfdns3, simns3 or simns4 at all … so we can’t resolveeftc.thehartford.com.
>  
>     Can you help us understand what’s going on?
>  
> Thanks!
> --------------------------------------------------------------------------------- 
>  
> So now ... just in case we don't hear back from the dns folks at thehartford.com ... I'm wondering if any of the experts on this mailing list can help us understand this?
>  
>  
>  
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110615/790d1b87/attachment.html>

More information about the bind-users mailing list