|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Just got on this thing (perhaps very belatedly) - root server trouble?
Matt Ranney put this into my mailbox:
> On Tue, 18 Feb 1997, Karl Denninger wrote:
>
> [...]
> > What do you think happens to the nameservers on the net when they're asked
> > for a domain that doesn't have functional servers, and they sit and churn
> > trying to resolve the names?
> >
> > BTW, churn is the right word. Its taking anywhere from 5-10 *seconds* to
> > come back as NXDOMAIN on each request for those that fail to resolve, and
> > this is from the IANA roots.
>
> So aside from programs like yours, who ever asks for domains that
> aren't in use?
See the logs below. These machines run simple TCP services such as httpd and
ftpd. They're simply trying to extract domain names from IP addresses for
purposes of logging. These logs also filter the "lame delegation" notices.
I did this because otherwise the output below would be at least double in
size.
Day in and day out I encounter more and more and more and more domains whose
administrators haven't a clue. Either their IP addresses don't properly map
to hosts, or these hostnames don't map back to the same IPs, or there's a
CNAME in an MX or NS record, or some violation of RFC.
I'm half-tempted to write up a perl script that does a 'dig SOA' on each
domain that shows up in these logs and send off 'learn something about DNS'
type e-mail to the mail address that shows up. It's getting more and more
annoying that people don't take the time to set up their DNS correctly.
I can understand when people make mistakes or have something that'll be
corrected by tomorrow. But most of these problems happen over and over and
over and nobody knows and/or cares.
Someone once wrote to me complaining that they couldn't connect to my FTP
server. Turns out that the site had all their dialup IPs mapping to
'dialup.hisdomain.com'. And what did 'dialup.hisdomain.com' point to? The
termserver.
I sent the admin mail about it, explaining politely that this was contrary
to RFC and standards and all that and was the reason why this poor user
couldn't ftp to my site. He wrote back refusing to change it because "well,
I haven't gotten any other complaints so it obviously works fine, and besides,
your looking up both the IP address and hostname is just a needless waste of
time."
I realize we can't exactly go out and educate the masses forcefully. Internic,
however, can. I would like to see them (somehow) set aside the resources to
perform random audits of domains; even if only to ensure that all named DNSs
are actually authoritative. If it turns out that one of them isn't, the
domain holder has a week to correct the situation. If at the end of the week
the problem still hasn't been fixed, the domain is put on hold until such time
as the problem has been fixed.
Lawsuits? Doubtful. What company would want to be caught arguing "Well, it's
unfair that they turned us off just because we were doing it wrong, even
though they told us how to do it right!" Not even Bob Allisat would want that.
Anyhow, to end a ramble - we need to fix this crap, folks. It may not be
'nanog material', but where else do we post it? News of the Weird?
-dalvenjah
---syslog excerpt---
Feb 18 13:30:49 dalnet.webmaster.com named[809]: ns_forw: query(221.3.159.192.in-addr.arpa) A RR negative cache entry (PARCPLACE.COM:) learnt (NODATA=192.153.56.3:NS=128.9.0.107)
Feb 18 13:30:49 dalnet.webmaster.com named[809]: ns_forw: query(221.3.159.192.in-addr.arpa) No possible A RRs
Feb 18 13:30:49 dalnet.webmaster.com named[809]: ns_resp: query(221.3.159.192.in-addr.arpa) No possible A RRs
Feb 18 13:30:49 dalnet.webmaster.com named[809]: ns_resp: query(221.3.159.192.in-addr.arpa) A RR negative cache entry (PARCPLACE.COM:) learnt (NODATA=192.153.56.3:NS=128.9.0.107)
Feb 18 13:40:57 dalnet.webmaster.com named[809]: ns_forw: query(220.104.204.207.in-addr.arpa) NS points to CNAME (ns.ionet.net:) learnt (CNAME=206.41.131.3:NS=206.41.128.10)
Feb 18 13:42:18 dalnet.webmaster.com named[809]: ns_forw: query(23.16.242.207.in-addr.arpa) A RR negative cache entry (204.97.248.2:) learnt (NXDOMAIN=192.112.36.4:NS=128.167.1.100)
Feb 18 13:42:18 dalnet.webmaster.com named[809]: ns_resp: query(23.16.242.207.in-addr.arpa) A RR negative cache entry (204.97.248.2:) learnt (NXDOMAIN=192.112.36.4:NS=128.167.1.100)
Feb 18 13:42:18 dalnet.webmaster.com named[809]: ns_resp: query(23.16.242.207.in-addr.arpa) No possible A RRs
Feb 18 13:42:56 dalnet.webmaster.com named[809]: ns_forw: query(23.16.242.207.in-addr.arpa) No possible A RRs
Feb 18 19:23:18 ns1 syslog: gethostbyaddr: www.erinet.com. != 207.0.229.23
Feb 18 19:23:20 ns1 syslog: gethostbyaddr: www.erinet.com. != 207.0.229.23
Feb 18 19:23:27 ns1 syslog: gethostbyaddr: www.erinet.com. != 207.0.229.23
Feb 18 19:23:51 ns1 syslog: gethostbyaddr: www.erinet.com. != 207.0.229.23
Feb 18 19:23:53 ns1 syslog: gethostbyaddr: www.erinet.com. != 207.0.229.23
Feb 18 19:17:34 ns1 in.ftpd[16721]: warning: can't verify hostname: gethostbyname(ma29.axionet.com) failed
--
Dalvenjah FoxFire (aka Sven Nielsen) "It brought me a Mr. Potato Head,
Founder, the DALnet IRC Network Scully. It knew that I wanted a
Mr. Potato Head!"
e-mail: [email protected] WWW: http://www.dal.net/~dalvenjah/
whois: SN90 Try DALnet! http://www.dal.net/
- - - - - - - - - - - - - - - - -
|