Dns-operations mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

I ran your queries below and compared the serial for facebook.com
between what my server answers, and what I got from google's own open
dns servers (8.8.8.8 and 8.8.4.4).  I'm sorry to say that the
information I got in both cases does match... 2008120070.  What this
means to me is that your ISP's replies are highly suspect.  It is
possible they are one of many who redirect traffic from popular sites to
collect ad revenue for themselves.

For what it's worth, and you can verify this yourself by reading the
root zone, when I rebuild the root zone every hour I read all of the
public TLD's directly from ICANN, and use that information to build up
the new file.  When you query a .com domain with opennic's root zone,
you are directed straight to the .com nameservers, exactly the same as
when you are using most other DNS services.  Comparing your results to
google's replies is probably the most reliable third-party source that
you can compare to right now, and should give you a good idea of if your
own server is returning good results or not.


On 09/26/2012 02:46 PM, Simon wrote:
> Thanks for both of your replies. My servers are all Linux, Bind 9.7.4.
> All of the hosts on my home network are configured to use one of these
> servers directly in resolv.conf.
>
> On 09/26/12 20:19, Jeff Taylor wrote:
>> Also check the date and serial on your root zone.  The zone is
>> regenerated every hour, and sent out if there are any changes.  I am
>> currently holding serial 2012092601.
> The serial I have is 2012092602.
>
>> I am curious what you are referring to when you say you have a T1
>> opennic server?  The T1 servers do not resolve queries, they only
>> transfer zone files.  If you are actually get dns queries answered by
>> one of the T1 servers, it is only because they are misconfigured.
> I should be more clear. My three servers are configured as T1 servers as
> per the guide in the Wiki. They are not currently integrated into
> Opennic as T1 servers. The reason for this is I am intending at some
> point to propose a new TLD and host the zone for this on my servers.
> Because I control these servers, I can run recursive queries on them. I
> allow one of them (the one hosted at my home on my ADSL line) to be used
> recursively by hosts inside my own network.
>
>
>> One other item of note... I have been noticing outages between Level3
>> and other providers periodically this week.  In fact, there's one
>> occurring right now, so my servers are not currently reachable.  In case
>> you're not familiar with them, Level3 is one of a handful of companies
>> that provide the backbone trunk lines for all internet communications...
>> when they go down, everybody is affected.
> Yep, I'm familiar with Level 3. However, my issues have been been
> apparent since Friday and are resolved by using my ISPs name servers in
> place of my own (excuse the pun ;-) ).
>
> As you can see from below, the results I am getting from my ISP and from
> my servers is noticeably different. In fact the serial I get from my ISP
> suggests the last change on 2012. The results I get from my servers
> suggest 2008.
>
> Flushing the bind cache has no effect.
>
> Suggestions appreciated ;-)
>
> <dns queries for comparison below>
>
> rune@naqi ~ $ dig  -t SOA www.facebook.com @2001:8b0::2020
>
> ; <<>> DiG 9.8.1 <<>> -t SOA www.facebook.com @2001:8b0::2020
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11563
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.facebook.com.              IN      SOA
>
> ;; ANSWER SECTION:
> www.facebook.com.       238     IN      CNAME   www.c10r.facebook.com.
>
> ;; AUTHORITY SECTION:
> c10r.facebook.com.      288     IN      SOA     a.ns.c10r.facebook.com.
> dns.facebook.com. 2012040900 300 600 600 300
>
> ;; Query time: 154 msec
> ;; SERVER: 2001:8b0::2020#53(2001:8b0::2020)
> ;; WHEN: Wed Sep 26 21:35:41 2012
> ;; MSG SIZE  rcvd: 102
>
> rune@naqi ~ $ dig  -t SOA www.facebook.com
>
> ; <<>> DiG 9.8.1 <<>> -t SOA www.facebook.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7240
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;www.facebook.com.              IN      SOA
>
> ;; ANSWER SECTION:
> www.facebook.com.       500     IN      SOA     glb1.facebook.com.
> dns.facebook.com. 2008120070 10800 3600 604800 86400
>
> ;; AUTHORITY SECTION:
> www.facebook.com.       900     IN      NS      glb2.facebook.com.
> www.facebook.com.       900     IN      NS      glb1.facebook.com.
>
> ;; ADDITIONAL SECTION:
> glb1.facebook.com.      3460    IN      A       69.171.239.10
> glb2.facebook.com.      3460    IN      A       69.171.255.10
>
> ;; Query time: 94 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Wed Sep 26 21:35:47 2012
> ;; MSG SIZE  rcvd: 144
>
> rune@naqi ~ $
>
>
> ----
> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org