[vox-tech] Strange DNS lookup failures (Ubuntu Fiesty)

Rick Moen rick at linuxmafia.com
Mon Oct 1 08:18:25 PDT 2007 

Quoting Gandalf Parker (gandalf at community.net):

> You might pay Sonic, and they are great for service and being a 
> go-between, but technically SBC is your DNS. The SBC DNS servers might be 
> closer to being "on a direct path" to you than running off the path to get 
> to Sonic's. [...]
> You might find that both of Sonic's DNS servers are your best bet.

Even closer, though, is one you operate on your local LAN.  

No offence intended towards quality local ISPs such as Sonic, but
personally I'd _much_ rather run my own recursive-resolver nameserver
than rely on one at an ISP.  The latter will inherently tend to be
vulnerable to cache-poisoning attack, for one thing, which I can prevent
locally through several means including accepting recursive queries only
from my own local IPs.

Also, it's extremely common for ISP nameservers to play games with TTL
(time to live) values, e.g., extending those values far past what was
actually published by the domains, in order to artificially save ISP
bandwidth.  _Something_ odd is happening at one of the Sonic
nameservers, in this regard (though not prolonging TTLs, but rather the
reverse).  Compare the correct TTL of 86400 for my domain, when querying
my own master nameserver:

$ dig linuxmafia.com @ns1.linuxmafia.com

; <<>> DiG 9.3.2 <<>> linuxmafia.com @ns1.linuxmafia.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44760
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2

;; QUESTION SECTION:
;linuxmafia.com.                        IN      A

;; ANSWER SECTION:
linuxmafia.com.         86400   IN      A       198.144.195.186
                        ^^^^^ (this value)

;; AUTHORITY SECTION:
linuxmafia.com.         86400   IN      NS      ns1.thecoop.net.
linuxmafia.com.         86400   IN      NS      ns1.linuxmafia.com.
linuxmafia.com.         86400   IN      NS      ns2.linuxmafia.com.
linuxmafia.com.         86400   IN      NS      ns.tx.primate.net.
linuxmafia.com.         86400   IN      NS      ns.primate.net.

;; ADDITIONAL SECTION:
ns1.linuxmafia.com.     86400   IN      A       198.144.195.186
ns2.linuxmafia.com.     86400   IN      A       63.193.123.122

;; Query time: 292 msec
;; SERVER: 198.144.195.186#53(198.144.195.186)
;; WHEN: Mon Oct  1 08:07:46 2007
;; MSG SIZE  rcvd: 190

$

...against the return value when querying NS2.SONIC.NET:

$ dig linuxmafia.com @ns2.sonic.net

; <<>> DiG 9.3.2 <<>> linuxmafia.com @ns2.sonic.net
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14643
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;linuxmafia.com.                        IN      A

;; ANSWER SECTION:
linuxmafia.com.         13306   IN      A       198.144.195.186
                        ^^^^^ (this value)

;; Query time: 1143 msec
;; SERVER: 208.201.224.33#53(208.201.224.33)
;; WHEN: Mon Oct  1 08:11:42 2007
;; MSG SIZE  rcvd: 48

$ 

Now, I'm not sure _why_ that's happening at NS2.SONIC.NET, and I'm sure
it's nothing nefarious, but I know for certain that nothing like that
happens at my own nameservers.

More information about the vox-tech mailing list