Dns-operations mailing list

[Simon <simon AT hacknix.net>]

Thanks for both of your replies. My servers are all Linux, Bind 9.7.4.
All of the hosts on my home network are configured to use one of these
servers directly in resolv.conf.

On 09/26/12 20:19, Jeff Taylor wrote:
> Also check the date and serial on your root zone.  The zone is
> regenerated every hour, and sent out if there are any changes.  I am
> currently holding serial 2012092601.

The serial I have is 2012092602.

> I am curious what you are referring to when you say you have a T1
> opennic server?  The T1 servers do not resolve queries, they only
> transfer zone files.  If you are actually get dns queries answered by
> one of the T1 servers, it is only because they are misconfigured.

I should be more clear. My three servers are configured as T1 servers as
per the guide in the Wiki. They are not currently integrated into
Opennic as T1 servers. The reason for this is I am intending at some
point to propose a new TLD and host the zone for this on my servers.
Because I control these servers, I can run recursive queries on them. I
allow one of them (the one hosted at my home on my ADSL line) to be used
recursively by hosts inside my own network.


> One other item of note... I have been noticing outages between Level3
> and other providers periodically this week.  In fact, there's one
> occurring right now, so my servers are not currently reachable.  In case
> you're not familiar with them, Level3 is one of a handful of companies
> that provide the backbone trunk lines for all internet communications...
> when they go down, everybody is affected.

Yep, I'm familiar with Level 3. However, my issues have been been
apparent since Friday and are resolved by using my ISPs name servers in
place of my own (excuse the pun ;-) ).

As you can see from below, the results I am getting from my ISP and from
my servers is noticeably different. In fact the serial I get from my ISP
suggests the last change on 2012. The results I get from my servers
suggest 2008.

Flushing the bind cache has no effect.

Suggestions appreciated ;-)

<dns queries for comparison below>

rune@naqi ~ $ dig  -t SOA www.facebook.com @2001:8b0::2020

; <<>> DiG 9.8.1 <<>> -t SOA www.facebook.com @2001:8b0::2020
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11563
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.facebook.com.              IN      SOA

;; ANSWER SECTION:
www.facebook.com.       238     IN      CNAME   www.c10r.facebook.com.

;; AUTHORITY SECTION:
c10r.facebook.com.      288     IN      SOA     a.ns.c10r.facebook.com.
dns.facebook.com. 2012040900 300 600 600 300

;; Query time: 154 msec
;; SERVER: 2001:8b0::2020#53(2001:8b0::2020)
;; WHEN: Wed Sep 26 21:35:41 2012
;; MSG SIZE  rcvd: 102

rune@naqi ~ $ dig  -t SOA www.facebook.com

; <<>> DiG 9.8.1 <<>> -t SOA www.facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7240
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.facebook.com.              IN      SOA

;; ANSWER SECTION:
www.facebook.com.       500     IN      SOA     glb1.facebook.com.
dns.facebook.com. 2008120070 10800 3600 604800 86400

;; AUTHORITY SECTION:
www.facebook.com.       900     IN      NS      glb2.facebook.com.
www.facebook.com.       900     IN      NS      glb1.facebook.com.

;; ADDITIONAL SECTION:
glb1.facebook.com.      3460    IN      A       69.171.239.10
glb2.facebook.com.      3460    IN      A       69.171.255.10

;; Query time: 94 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 26 21:35:47 2012
;; MSG SIZE  rcvd: 144

rune@naqi ~ $