OT: dot org domain resolution

Glenn Steen glenn.steen at gmail.com
Tue Oct 23 09:33:26 IST 2007 

On 23/10/2007, Ken A <ka at pacific.net> wrote:
> DAve wrote:
> > Hugo van der Kooij wrote:
> >> DAve wrote:
> >>> This is the fastest response ML I am on, so I will bug you guys ;^)
> >>> Currently we have some dot org domains as clients who now have no A or
> >>> MX records cached locally so they cannot see their own websites, and are
> >>> having mail issues as well. After much checking, and testing, and server
> >>> log reviewing, we discovered this.
> >>> Go to dnsstuff.org and run a ALL query on *any* dot org domain.
> >>> Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing
> >>> but NS records are returned. If the root server refers to
> >>> AFILIAS-NST.org you get all records. We see this reslt for our client's
> >>> domains as well openoffice.org, slashdot.org, freebsd.org.
> >> What is the bad things here? Are the root servers not supposed to hand
> >> out only NS records for the next level? They should not be used as
> >> global resolvers.
> >
> > I agree. My understanding has always been root-server -> tld-server ->
> > authoritative-server which returns the requested record.
> >
> > Oddly some clients never query past ultradns after receiving the
> > authoritative server for their request. Though, those same clients are
> > doing a query if the response comes from AFILIAS-NST.org. DNSSTUFF seems
> > to do that as well.
> >
> > Possibly because the ultradns server returns no SOA record?
> >
> >> My guess is that you got a local DNS issue to resolv here.
> >
> > As I said above, "clients who now have no A or MX records cached
> > locally". Our servers seem fine, only very clients have seen the issue.
> >
> >> So where do I find anything ORG. like? Let us just ask localy:
> >>
> >> $ dig org. any
> >> ;; QUESTION SECTION:
> >> ;org.                           IN      ANY
> >> ;; ANSWER SECTION:
> >> org.                    83204   IN      NS      tld1.ultradns.net.
> >> org.                    83204   IN      NS      tld2.ultradns.net.
> >> org.                    83204   IN      NS      a0.org.afilias-nst.info.
> >> org.                    83204   IN      NS      b0.org.afilias-nst.org.
> >> org.                    83204   IN      NS      c0.org.afilias-nst.info.
> >> org.                    83204   IN      NS      d0.org.afilias-nst.org.
> >>
> >> Now where can I find anything VANDERKOOIJ.ORG. like? Let us ask
> >> tld1.ultradns.net. for this:
> >>
> >> $ dig vanderkooij.org. any @tld1.ultradns.net.
> >> ;; QUESTION SECTION:
> >> ;vanderkooij.org.               IN      ANY
> >> ;; ANSWER SECTION:
> >> vanderkooij.org.        86400   IN      NS      ns5.mydyndns.org.
> >> vanderkooij.org.        86400   IN      NS      ns4.mydyndns.org.
> >> vanderkooij.org.        86400   IN      NS      ns3.mydyndns.org.
> >> vanderkooij.org.        86400   IN      NS      ns2.mydyndns.org.
> >> vanderkooij.org.        86400   IN      NS      hvdkooij.xs4all.nl.
> >>
> >> Sounds to me like the way DNS is supposed to work.
> >
> > Yep, I thought so as well. And org queries also resolve properly from
> > all our name servers.
> >
> >>> I called ultradns and they didn't seem too concerned, but said they
> >>> would look into it.
> >>> Am I crazy?
> >> You might. But it does not nescessarily have any bearing on the question
> >> at hand ;-)
> >
> > I can find nothing else in common between the clients with an issue except,
> > A) every client has org for a TLD
> > B) every client experiences the problem sporadicly
> > C) ultradns is the only server not returning a SOA record.
> >
> > At this point I am unable to understand why they cannot get a MX record
> > and mail does not arrive at the mailscanner servers. Or why they cannot
> > get an A record and see their own website.
> >
> > Baffling...
> >
> > DAve
>
> .org sometimes = grant funded, microsoft domain server or sexchange
> configured to host the 'domain' .. sometimes.. it seems clueless admins
> setup their own domain on their own network and so can't reach the real
> one.. just a thought, but I've seen it a few times.
> Ken
If they've done that, they've probably set up an AD, which leads to
having a local DNS setup, which leads to them needing to set it like a
"split view DNS" thing... Which is very very easy to do, and has some
distinct ... advantages (At least for the "BOFH within":-). They need
take care when doing roadrunners, but apart from that... easy:-):-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list