Date: Fri, 5 Nov 2010 18:28:27 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Jon Radel <jon@radel.com> Cc: kline <kline@thought.org>, freebsd-questions@freebsd.org Subject: Re: ATTN GARY KLINE Message-ID: <20101105174858.X16633@sola.nimnet.asn.au> In-Reply-To: <20101105053844.71239106577C@hub.freebsd.org> References: <20101105053844.71239106577C@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 335, Issue 8, Message: 29 On Fri, 05 Nov 2010 01:32:11 -0400 Jon Radel <jon@radel.com> wrote: > On 11/5/10 12:22 AM, kline wrote: [..] > > It is time to get this stuff arrow-straight, so hoping that someone > > on-list can clue me in. [..] > > http://www.dnscog.com/report/thought.org/1288928790 > If your parents, the nameservers authoritative for .org, tell the world > that one of the nameservers for thought.org is ns1.thought.org, they > also have to tell the world what the IP address for ns1.thought.org is > using an A record. That A record is glue. Otherwise you get a machine > conversation something like: > > Resolving nameserver trying to find a record in the thought.org zone > (RN): Please Mr. root server, I'd like to know about www.thought.org.... > Root: See the .org folks over there.... > RN: Please Mr. top-level dude, about that www.thought.org.... > Org: Well, see ns1.thought.org.... > RN: Ahem, I'm trying to find out basic stuff about thought.org and I > don't know the address for ns1.thought.org in order to ask it > Org: Well, ask ns1.thought.org what the address for ns1.thought.org is... > RN: But, but, but....followed by petulant stomping off > > Glue A records fix that problem. Lovely description Jon :) But you don't always have any control of what parent nameservers do; eg we do DNS for a .com but both NS are in .au so DNS reports always whinge about lack of glue .. nonetheless it works, though only after a hunt down through the .au servers, until cached. > BTW, the fact that a glue record isn't returned for ns2.everydns.net in > response to a query about NS records for thought.org really isn't a > problem; note the "info" rather than "fail" from DNSCog. > > Biggest problem I still see is that ns2.everydns.net refuses to respond > to queries about thought.org. You sure your account there is still > active and functional and that you're allowing zone transfers to them? Confirmed here, no response at all after a good long wait; worse than reyrning 'we don't do thought.org' % dig @ns2.everydns.net. thought.org ; <<>> DiG 9.3.4-P1 <<>> @ns2.everydns.net. thought.org ; (1 server found) ;; global options: printcmd ;; connection timed out; no servers could be reached where they really should be quickly issuing a REFUSED response. 'dig @ns2.everydns.net. everydns.net' works fine, so I'm reaching it ok. > I note that you don't allow transfers from arbitrary addresses, and > http://www.everydns.com/faq/secondary-domain/example-setup does warn > that the source address for transfer requests was/will/did change. > > Some of the problems reported by DNSCog appear to be bogus. They've got > some bugs related to cases where a nameserver has a name in the domain > in question. (And also some bugs related to nameservers which are > reachable by both ipv4 and ipv6, but that doesn't apply to you.) Bogus indeed. Tested one local domain there and got whinging about not accepting <> and postmaster@ mail; odd, thought I, but maillog shows: Nov 4 22:43:43 xxxx sm-mta[81227]: ruleset=check_relay, arg1=[216.146.46.136], arg2=216.146.46.136, relay=[216.146.46.136], reject=550 5.7.1 Fix reverse DNS for 216.146.46.136 % dig -x 216.146.46.136 [..] ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18278 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;136.46.146.216.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 46.146.216.in-addr.arpa. 1800 IN SOA ns1.mydyndns.org. zone-admin.dyndns.com. 2008082768 10800 1800 604800 1800 Seems a bit amateurish to me, running a service like that on a dynamic address without reverse resolution, then expecting mail to work .. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101105174858.X16633>