[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

.gov registrar problem

Subject: .gov registrar problem
From: aharrison at gmail.com (Andy Harrison)
Date: Thu, 23 Dec 2010 18:12:17 -0500

In case anyone else notices spotty problems resolving .gov names, I
just sent the following message to?registrar at dotgov.gov:

----

I started investigating a dns issue after we received a few customer
complaints regarding intermittent problems resolving hostnames under
noaa.gov.? After some in-depth investigation, I believe I?ve
identified the issue.

First, the query to see the list of authoritative name servers for .gov:

        # dig NS gov @c.root-servers.net

        ; <<>> DiG 9.6.1-P3 <<>> NS gov @c.root-servers.net
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53495
        ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 7
        ;; WARNING: recursion requested but not available

        ;; QUESTION SECTION:
        ;gov.?????????????????????????? IN????? NS

        ;; AUTHORITY SECTION:
        gov.??????????????????? 172800? IN????? NS????? f.usadotgov.net.
        gov.??????????????? ????172800? IN????? NS????? a.usadotgov.net.
        gov.??????????????????? 172800? IN????? NS????? g.usadotgov.net.
        gov.??????????????????? 172800? IN????? NS????? b.usadotgov.net.
        gov.??????????????????? 172800? IN????? NS????? d.usadotgov.net.
        gov.??????????? ????????172800? IN????? NS????? e.usadotgov.net.
        gov.??????????????????? 172800? IN????? NS????? c.usadotgov.net.

        ;; ADDITIONAL SECTION:
        a.usadotgov.net.??????? 172800? IN????? A?????? 74.208.172.129
        b.usadotgov.net.??????? 172800? IN????? A?????? 206.204.217.151
        c.usadotgov.net.??????? 172800? IN????? A?????? 69.72.142.35
        d.usadotgov.net.??????? 172800? IN????? A?????? 204.168.112.71
        e.usadotgov.net.??????? 172800? IN????? A?????? 213.165.80.240
        f.usadotgov.net.??????? 172800? IN????? A?????? 66.207.175.172
        g.usadotgov.net.??????? 172800? IN????? A?????? 64.62.200.134

        ;; Query time: 9 msec
        ;; SERVER: 192.33.4.12#53(192.33.4.12)
        ;; WHEN: Thu Dec 23 17:37:59 2010
        ;; MSG SIZE? rcvd: 258

The glue records show a.usadotgov.net with an ip of 74.208.172.129.

Next, using one of the authoritative name servers for usadotgov.net,
we resolve the a.usadotgov.net name:

        # dig a.usadotgov.net @DNSSEC7.DATAMTN.COM

        ; <<>> DiG 9.6.1-P3 <<>> a.usadotgov.net @DNSSEC7.DATAMTN.COM
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61276
        ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 10
        ;; WARNING: recursion requested but not available

        ;; QUESTION SECTION:
        ;a.usadotgov.net.?????????????? IN????? A

        ;; ANSWER SECTION:
        a.usadotgov.net.??????? 86400?? IN????? A?????? 76.73.18.236


You can see that the ip address is incorrect for that hostname.? This
is going to cause an issue where some responses for .gov addresses
will come from a non-authoritative source and should be taken care of
as soon as possible as this could potentially affect all .gov domains.


--
Andy Harrison
Lead Systems Engineer
Metrocast Cablevision

Follow-Ups:
- .gov registrar problem
  - From: marka at isc.org (Mark Andrews)

Prev by Date: Good MPLS/VPLS book?
Next by Date: Router only speaks IGP in BGP network
Previous by thread: Good MPLS/VPLS book?
Next by thread: .gov registrar problem
Index(es):
- Date
- Thread