How not to set up your DNS (part 19)

It's been quite a while since the last installment, but today's is an interesting although simple case. Presented in the traditional illustrated format:

; sdig ns xing121.cn
dns1.dns-dns.com.cn.
dns2.dns-dns.com.cn.
; sdig a dns1.dns-dns.com.cn.
127.0.0.1
; sdig a dns2.dns-dns.com.cn.
127.0.0.1

As they say, 'I don't think so'. If you run a caching resolving nameserver that does not have 127.0.0.1 in its access ACLs, this sort of thing is a great way to have mysterious messages show up in your logs about:

client 127.0.0.1#21877: query (cache) 'www.xing121.cn/A/IN' denied

(Guess how I noticed this particular problem.)

Judging from our logs, there seem to be a number of Chinese domains that have this problem (with the same DNS servers), assuming that it is a problem and not something deliberate.

Less straightforward is this case:

; sdig ns edetsa.com.
ns1.hn.org.
tucuman.edetsa.com.
; sdig a ns1.hn.org.
127.0.0.1
; sdig a tucuman.edetsa.com.
200.45.171.226

One possible theory is that hn.org no longer wishes to be a DNS server for edetsa.com but can't get edetsa.com's cooperation, so they've just changed the A record for that name to something that makes people go away. (hn.org has real working DNS servers of its own.)

These are my WanderingThoughts
(About the blog)

GettingAround
Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.

* * *

Atom feeds are available; see the bottom of most pages.

This is a DWiki.
(Help)

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

Search:
Written on 26 June 2009.
(Previous | Next)
Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.
Last modified: Fri Jun 26 15:43:24 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.