ipv6 reverse delegation

Jeroen Massar jeroen@unfix.org
Thu, 9 Aug 2001 19:30:17 +0200

Previous message: ipv6 reverse delegation
Next message: ipv6 reverse delegation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bill Manning <bmanning@isi.edu> wrote:

> 
> 	A repair from ddos attack on nameservers.  Only one
> 	on munnari's addresses added.  fixed.

I just did some more 'testing':

8<---------------------
jeroen@purgatory:~$ dig @ns.nextra.sk. ip6.int soa

; <<>> DiG 9.1.1 <<>> @ns.nextra.sk. ip6.int soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2462
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 7

;; QUESTION SECTION:
;ip6.int.                       IN      SOA

;; ANSWER SECTION:
ip6.int.                80018   IN      SOA     z.ip6.int.
hostmaster.ep.net. 1925658 10800 900 604800 129600

;; AUTHORITY SECTION:
ip6.int.                75977   IN      NS      flag.ep.net.
ip6.int.                75977   IN      NS      munnari.oz.au.
ip6.int.                75977   IN      NS      imag.imag.fr.
ip6.int.                75977   IN      NS      ns3.nic.fr.
ip6.int.                75977   IN      NS      z.ip6.int.
ip6.int.                75977   IN      NS      y.ip6.int.

;; ADDITIONAL SECTION:
flag.ep.net.            109681  IN      A       198.32.4.13
munnari.oz.au.          169430  IN      A       128.250.1.21
munnari.oz.au.          169430  IN      A       128.250.22.2
imag.imag.fr.           284005  IN      A       129.88.30.1
ns3.nic.fr.             109678  IN      A       192.134.0.49
z.ip6.int.              71884   IN      A       198.32.2.66
z.ip6.int.              80018   IN      AAAA    3ffe:0:1::c620:242

;; Query time: 124 msec
;; SERVER: 195.168.1.2#53(ns.nextra.sk.)
;; WHEN: Thu Aug  9 18:36:38 2001
;; MSG SIZE  rcvd: 328
--------------------->8

The serial number is right..... But there is one nono: ns.nextra.sk
itself is missing from the NS's (on ns.nextra.sk itself :)... (compared
to flag.ep.net's output)

8<---------------------
jeroen@purgatory:~$ dig @ns3.nic.fr. ip6.int soa

; <<>> DiG 9.1.1 <<>> @ns3.nic.fr. ip6.int soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24268
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ip6.int.                       IN      SOA

;; Query time: 82 msec
;; SERVER: 192.134.0.49#53(ns3.nic.fr.)
;; WHEN: Thu Aug  9 18:43:48 2001
;; MSG SIZE  rcvd: 25
--------------------->8

Which kinda means that (at this moment) ns3.nic.fr doesn't seem to be up

Another interresting 'fact' between munnari.oz.au. and flag.ep.net are
the differences in TTL's, ns.nextra.sk is off there too...

www.foobar.tm/dns thinks that y.ip6.int is failing simply because it
hasn't got IPv6 support... ah well it does a good job at the rest of the
things..
Though I wonder what other resolvers think of the fact that the NS entry
has no A RR's....

8<----------
y.ip6.int.              86400   IN      AAAA    3ffe:50e::1
z.ip6.int.              86400   IN      A       198.32.2.66
z.ip6.int.              86400   IN      A6      0 3ffe:0:1::c620:242
z.ip6.int.              86400   IN      AAAA    3ffe:0:1::c620:242
----------->8
Oeee... A6 chains.... but y.ip6.int. doesn't have one :(

Hope this little info helps you a bit more on fixing things...

Greets,
 Jeroen

Previous message: ipv6 reverse delegation
Next message: ipv6 reverse delegation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]