gTLD root nameserver anomaly
Something weird seems afoot in the root nameservers. I am noticing that the root nameservers are handing out extra info with TTLs much longer than those delineated in the respective zone file on the authoritative nameserver for that zone. Case in point: I asked my local DNS server for ns2.gamespy.com and it went directly to a gtld server (f.gtld-servers.net.): 08:25:27.541627 IP 172.19.2.15.45505 > 192.35.51.30.domain: 42289% [1au] A? ns2.gamespy.com. (44) 08:25:27.544415 IP 192.35.51.30.domain > 172.19.2.15.45505: 42289- 1/5/3 A 207.38.0.11 (229) and returned an answer with the larger TTL: dig ns2.gamespy.com ; <<>> DiG 9.2.4 <<>> ns2.gamespy.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37167 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 7 ;; QUESTION SECTION: ;ns2.gamespy.com. IN A ;; ANSWER SECTION: ns2.gamespy.com. 172800 IN A 207.38.0.11 ;; AUTHORITY SECTION: gamespy.com. 172800 IN NS pdns4.ultradns.org. gamespy.com. 172800 IN NS pdns5.ultradns.info. gamespy.com. 172800 IN NS pdns1.ultradns.net. gamespy.com. 172800 IN NS pdns2.ultradns.net. gamespy.com. 172800 IN NS pdns3.ultradns.org. ;; ADDITIONAL SECTION: pdns1.ultradns.net. 131158 IN A 204.74.108.1 pdns1.ultradns.net. 44758 IN AAAA 2001:502:f3ff::1 pdns2.ultradns.net. 131158 IN A 204.74.109.1 pdns3.ultradns.org. 44758 IN A 199.7.68.1 pdns4.ultradns.org. 44758 IN A 199.7.69.1 pdns4.ultradns.org. 44758 IN AAAA 2001:502:4612::1 pdns5.ultradns.info. 44758 IN A 204.74.114.1 ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Aug 6 08:25:27 2008 ;; MSG SIZE rcvd: 322 but if I ask an UltraDNS server directly...it returns the correct TTL dig @204.74.108.1 ns2.gamespy.com ; <<>> DiG 9.2.4 <<>> @204.74.108.1 ns2.gamespy.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23978 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns2.gamespy.com. IN A ;; ANSWER SECTION: ns2.gamespy.com. 300 IN A 207.38.0.11 ;; AUTHORITY SECTION: gamespy.com. 300 IN NS PDNS6.ULTRADNS.CO.UK. gamespy.com. 300 IN NS PDNS5.ULTRADNS.INFO. gamespy.com. 300 IN NS PDNS4.ULTRADNS.ORG. gamespy.com. 300 IN NS PDNS3.ULTRADNS.ORG. gamespy.com. 300 IN NS PDNS2.ULTRADNS.NET. gamespy.com. 300 IN NS PDNS1.ULTRADNS.NET. but unfortunately, my nameserver honors (as expected) the TTL that came back from the initial request ;; ANSWER SECTION: ns2.gamespy.com. 172493 IN A 207.38.0.11 Another example would be 'gss1.foxtv.com'. I changed the IP for that server on Sunday night, and if you ask the authoritative nameservers (for IGN), they give you the correct response. However, when you do a trace, once can see that the gTLD server gives out its own info, which is not correct, and no one ever seems to get to the authoritative nameserver to get the appropriate information. -bash-2.05b$ dig +trace gss1.foxtv.com ; <<>> DiG 9.2.4 <<>> +trace gss1.foxtv.com ;; global options: printcmd . 1796 IN NS f.root-servers.net. . 1796 IN NS g.root-servers.net. . 1796 IN NS h.root-servers.net. . 1796 IN NS i.root-servers.net. . 1796 IN NS j.root-servers.net. . 1796 IN NS k.root-servers.net. . 1796 IN NS l.root-servers.net. . 1796 IN NS m.root-servers.net. . 1796 IN NS a.root-servers.net. . 1796 IN NS b.root-servers.net. . 1796 IN NS c.root-servers.net. . 1796 IN NS d.root-servers.net. . 1796 IN NS e.root-servers.net. ;; Received 332 bytes from 10.1.100.100#53(10.1.100.100) in 1 ms com. 172800 IN NS L.GTLD-SERVERS.NET. com. 172800 IN NS A.GTLD-SERVERS.NET. com. 172800 IN NS J.GTLD-SERVERS.NET. com. 172800 IN NS G.GTLD-SERVERS.NET. com. 172800 IN NS C.GTLD-SERVERS.NET. com. 172800 IN NS H.GTLD-SERVERS.NET. com. 172800 IN NS E.GTLD-SERVERS.NET. com. 172800 IN NS K.GTLD-SERVERS.NET. com. 172800 IN NS I.GTLD-SERVERS.NET. com. 172800 IN NS D.GTLD-SERVERS.NET. com. 172800 IN NS F.GTLD-SERVERS.NET. com. 172800 IN NS M.GTLD-SERVERS.NET. com. 172800 IN NS B.GTLD-SERVERS.NET. ;; Received 492 bytes from 192.5.5.241#53(f.root-servers.net) in 5 ms gss1.foxtv.com. 172800 IN A 63.241.173.211 foxtv.com. 172800 IN NS ns1.ign.com. foxtv.com. 172800 IN NS ns2.gamespy.com. foxtv.com. 172800 IN NS ns4.ign.com. ;; Received 162 bytes from 192.41.162.30#53(L.GTLD-SERVERS.NET) in 81 ms Anyone have any ideas of why I am seeing this? Any info would be greatly appreciated. Ross S. Dmochowski | Sr. Linux Administrator | Fox Interactive Media Desk: (415) 508-2230 | Cell: (415) 279-3761 | Fax: (415) 508-2001 | AIM: rossfim
sorry, nm. glue records in the rootzones, that no one should have put. I'll go back in my corner now. -----Original Message----- From: Ross Dmochowski Sent: Wednesday, August 06, 2008 12:33 PM To: nanog@nanog.org Subject: gTLD root nameserver anomaly Importance: High Something weird seems afoot in the root nameservers. I am noticing that the root nameservers are handing out extra info with TTLs much longer than those delineated in the respective zone file on the authoritative nameserver for that zone. Case in point: I asked my local DNS server for ns2.gamespy.com and it went directly to a gtld server (f.gtld-servers.net.): 08:25:27.541627 IP 172.19.2.15.45505 > 192.35.51.30.domain: 42289% [1au] A? ns2.gamespy.com. (44) 08:25:27.544415 IP 192.35.51.30.domain > 172.19.2.15.45505: 42289- 1/5/3 A 207.38.0.11 (229) and returned an answer with the larger TTL: dig ns2.gamespy.com ; <<>> DiG 9.2.4 <<>> ns2.gamespy.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37167 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 7 ;; QUESTION SECTION: ;ns2.gamespy.com. IN A ;; ANSWER SECTION: ns2.gamespy.com. 172800 IN A 207.38.0.11 ;; AUTHORITY SECTION: gamespy.com. 172800 IN NS pdns4.ultradns.org. gamespy.com. 172800 IN NS pdns5.ultradns.info. gamespy.com. 172800 IN NS pdns1.ultradns.net. gamespy.com. 172800 IN NS pdns2.ultradns.net. gamespy.com. 172800 IN NS pdns3.ultradns.org. ;; ADDITIONAL SECTION: pdns1.ultradns.net. 131158 IN A 204.74.108.1 pdns1.ultradns.net. 44758 IN AAAA 2001:502:f3ff::1 pdns2.ultradns.net. 131158 IN A 204.74.109.1 pdns3.ultradns.org. 44758 IN A 199.7.68.1 pdns4.ultradns.org. 44758 IN A 199.7.69.1 pdns4.ultradns.org. 44758 IN AAAA 2001:502:4612::1 pdns5.ultradns.info. 44758 IN A 204.74.114.1 ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Aug 6 08:25:27 2008 ;; MSG SIZE rcvd: 322 but if I ask an UltraDNS server directly...it returns the correct TTL dig @204.74.108.1 ns2.gamespy.com ; <<>> DiG 9.2.4 <<>> @204.74.108.1 ns2.gamespy.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23978 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns2.gamespy.com. IN A ;; ANSWER SECTION: ns2.gamespy.com. 300 IN A 207.38.0.11 ;; AUTHORITY SECTION: gamespy.com. 300 IN NS PDNS6.ULTRADNS.CO.UK. gamespy.com. 300 IN NS PDNS5.ULTRADNS.INFO. gamespy.com. 300 IN NS PDNS4.ULTRADNS.ORG. gamespy.com. 300 IN NS PDNS3.ULTRADNS.ORG. gamespy.com. 300 IN NS PDNS2.ULTRADNS.NET. gamespy.com. 300 IN NS PDNS1.ULTRADNS.NET. but unfortunately, my nameserver honors (as expected) the TTL that came back from the initial request ;; ANSWER SECTION: ns2.gamespy.com. 172493 IN A 207.38.0.11 Another example would be 'gss1.foxtv.com'. I changed the IP for that server on Sunday night, and if you ask the authoritative nameservers (for IGN), they give you the correct response. However, when you do a trace, once can see that the gTLD server gives out its own info, which is not correct, and no one ever seems to get to the authoritative nameserver to get the appropriate information. -bash-2.05b$ dig +trace gss1.foxtv.com ; <<>> DiG 9.2.4 <<>> +trace gss1.foxtv.com ;; global options: printcmd . 1796 IN NS f.root-servers.net. . 1796 IN NS g.root-servers.net. . 1796 IN NS h.root-servers.net. . 1796 IN NS i.root-servers.net. . 1796 IN NS j.root-servers.net. . 1796 IN NS k.root-servers.net. . 1796 IN NS l.root-servers.net. . 1796 IN NS m.root-servers.net. . 1796 IN NS a.root-servers.net. . 1796 IN NS b.root-servers.net. . 1796 IN NS c.root-servers.net. . 1796 IN NS d.root-servers.net. . 1796 IN NS e.root-servers.net. ;; Received 332 bytes from 10.1.100.100#53(10.1.100.100) in 1 ms com. 172800 IN NS L.GTLD-SERVERS.NET. com. 172800 IN NS A.GTLD-SERVERS.NET. com. 172800 IN NS J.GTLD-SERVERS.NET. com. 172800 IN NS G.GTLD-SERVERS.NET. com. 172800 IN NS C.GTLD-SERVERS.NET. com. 172800 IN NS H.GTLD-SERVERS.NET. com. 172800 IN NS E.GTLD-SERVERS.NET. com. 172800 IN NS K.GTLD-SERVERS.NET. com. 172800 IN NS I.GTLD-SERVERS.NET. com. 172800 IN NS D.GTLD-SERVERS.NET. com. 172800 IN NS F.GTLD-SERVERS.NET. com. 172800 IN NS M.GTLD-SERVERS.NET. com. 172800 IN NS B.GTLD-SERVERS.NET. ;; Received 492 bytes from 192.5.5.241#53(f.root-servers.net) in 5 ms gss1.foxtv.com. 172800 IN A 63.241.173.211 foxtv.com. 172800 IN NS ns1.ign.com. foxtv.com. 172800 IN NS ns2.gamespy.com. foxtv.com. 172800 IN NS ns4.ign.com. ;; Received 162 bytes from 192.41.162.30#53(L.GTLD-SERVERS.NET) in 81 ms Anyone have any ideas of why I am seeing this? Any info would be greatly appreciated. Ross S. Dmochowski | Sr. Linux Administrator | Fox Interactive Media Desk: (415) 508-2230 | Cell: (415) 279-3761 | Fax: (415) 508-2001 | AIM: rossfim
Handled directly. The problem was glue records within the .com TLD for the nameserver that needed to be changed as well as the zonefile. On Aug 6, 2008, at 12:32 PM, Ross Dmochowski wrote:
Something weird seems afoot in the root nameservers. I am noticing that the root nameservers are handing out extra info with TTLs much longer than those delineated in the respective zone file on the authoritative nameserver for that zone.
Case in point: I asked my local DNS server for ns2.gamespy.com and it went directly to a gtld server (f.gtld-servers.net.):
08:25:27.541627 IP 172.19.2.15.45505 > 192.35.51.30.domain: 42289% [1au] A? ns2.gamespy.com. (44) 08:25:27.544415 IP 192.35.51.30.domain > 172.19.2.15.45505: 42289- 1/5/3 A 207.38.0.11 (229)
and returned an answer with the larger TTL:
dig ns2.gamespy.com
; <<>> DiG 9.2.4 <<>> ns2.gamespy.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37167 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 7
;; QUESTION SECTION: ;ns2.gamespy.com. IN A
;; ANSWER SECTION: ns2.gamespy.com. 172800 IN A 207.38.0.11
;; AUTHORITY SECTION: gamespy.com. 172800 IN NS pdns4.ultradns.org. gamespy.com. 172800 IN NS pdns5.ultradns.info. gamespy.com. 172800 IN NS pdns1.ultradns.net. gamespy.com. 172800 IN NS pdns2.ultradns.net. gamespy.com. 172800 IN NS pdns3.ultradns.org.
;; ADDITIONAL SECTION: pdns1.ultradns.net. 131158 IN A 204.74.108.1 pdns1.ultradns.net. 44758 IN AAAA 2001:502:f3ff::1 pdns2.ultradns.net. 131158 IN A 204.74.109.1 pdns3.ultradns.org. 44758 IN A 199.7.68.1 pdns4.ultradns.org. 44758 IN A 199.7.69.1 pdns4.ultradns.org. 44758 IN AAAA 2001:502:4612::1 pdns5.ultradns.info. 44758 IN A 204.74.114.1
;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Aug 6 08:25:27 2008 ;; MSG SIZE rcvd: 322
but if I ask an UltraDNS server directly...it returns the correct TTL
dig @204.74.108.1 ns2.gamespy.com
; <<>> DiG 9.2.4 <<>> @204.74.108.1 ns2.gamespy.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23978 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 0
;; QUESTION SECTION: ;ns2.gamespy.com. IN A
;; ANSWER SECTION: ns2.gamespy.com. 300 IN A 207.38.0.11
;; AUTHORITY SECTION: gamespy.com. 300 IN NS PDNS6.ULTRADNS.CO.UK. gamespy.com. 300 IN NS PDNS5.ULTRADNS.INFO. gamespy.com. 300 IN NS PDNS4.ULTRADNS.ORG. gamespy.com. 300 IN NS PDNS3.ULTRADNS.ORG. gamespy.com. 300 IN NS PDNS2.ULTRADNS.NET. gamespy.com. 300 IN NS PDNS1.ULTRADNS.NET.
but unfortunately, my nameserver honors (as expected) the TTL that came back from the initial request
;; ANSWER SECTION: ns2.gamespy.com. 172493 IN A 207.38.0.11
Another example would be 'gss1.foxtv.com'. I changed the IP for that server on Sunday night, and if you ask the authoritative nameservers (for IGN), they give you the correct response. However, when you do a trace, once can see that the gTLD server gives out its own info, which is not correct, and no one ever seems to get to the authoritative nameserver to get the appropriate information.
-bash-2.05b$ dig +trace gss1.foxtv.com
; <<>> DiG 9.2.4 <<>> +trace gss1.foxtv.com ;; global options: printcmd . 1796 IN NS f.root-servers.net. . 1796 IN NS g.root-servers.net. . 1796 IN NS h.root-servers.net. . 1796 IN NS i.root-servers.net. . 1796 IN NS j.root-servers.net. . 1796 IN NS k.root-servers.net. . 1796 IN NS l.root-servers.net. . 1796 IN NS m.root-servers.net. . 1796 IN NS a.root-servers.net. . 1796 IN NS b.root-servers.net. . 1796 IN NS c.root-servers.net. . 1796 IN NS d.root-servers.net. . 1796 IN NS e.root-servers.net. ;; Received 332 bytes from 10.1.100.100#53(10.1.100.100) in 1 ms
com. 172800 IN NS L.GTLD-SERVERS.NET. com. 172800 IN NS A.GTLD-SERVERS.NET. com. 172800 IN NS J.GTLD-SERVERS.NET. com. 172800 IN NS G.GTLD-SERVERS.NET. com. 172800 IN NS C.GTLD-SERVERS.NET. com. 172800 IN NS H.GTLD-SERVERS.NET. com. 172800 IN NS E.GTLD-SERVERS.NET. com. 172800 IN NS K.GTLD-SERVERS.NET. com. 172800 IN NS I.GTLD-SERVERS.NET. com. 172800 IN NS D.GTLD-SERVERS.NET. com. 172800 IN NS F.GTLD-SERVERS.NET. com. 172800 IN NS M.GTLD-SERVERS.NET. com. 172800 IN NS B.GTLD-SERVERS.NET. ;; Received 492 bytes from 192.5.5.241#53(f.root-servers.net) in 5 ms
gss1.foxtv.com. 172800 IN A 63.241.173.211 foxtv.com. 172800 IN NS ns1.ign.com. foxtv.com. 172800 IN NS ns2.gamespy.com. foxtv.com. 172800 IN NS ns4.ign.com. ;; Received 162 bytes from 192.41.162.30#53(L.GTLD-SERVERS.NET) in 81 ms
Anyone have any ideas of why I am seeing this? Any info would be greatly appreciated.
Ross S. Dmochowski | Sr. Linux Administrator | Fox Interactive Media Desk: (415) 508-2230 | Cell: (415) 279-3761 | Fax: (415) 508-2001 | AIM: rossfim
participants (2)
-
Rodney Joffe
-
Ross Dmochowski