From scott.rose at nist.gov Tue Jun 16 16:20:17 2015 From: scott.rose at nist.gov (Rose, Scott W.) Date: Tue, 16 Jun 2015 12:20:17 -0400 Subject: [getdns-users] Strange behavior with query ordering Message-ID: <528F2646-1D19-4495-ABD0-0823B2EE87D5@nist.gov> We're seeing some strange behavior in python depending on the order of queries. This code: import getdns extensions = {"dnssec_return_validation_chain" : getdns.EXTENSION_TRUE} ctx = getdns.Context() hostname = "_443._tcp.301ss.tlsa.good.test.had-pilot.biz" for request_type in [getdns.RRTYPE_A,getdns.RRTYPE_TLSA]: print "hostname=",hostname,"request_type=",request_type,"extensions=",extensions results = ctx.general(name=hostname,request_type=request_type,extensions=extensions) for reply in results.replies_tree: for a in reply['answer']: if a['type'] == request_type: print a Works, but if we change it to remove the A query, it doesn't: import getdns extensions = {"dnssec_return_validation_chain" : getdns.EXTENSION_TRUE} ctx = getdns.Context() hostname = "_443._tcp.301ss.tlsa.good.test.had-pilot.biz" for request_type in [getdns.RRTYPE_TLSA]: print "hostname=",hostname,"request_type=",request_type,"extensions=",extensions results = ctx.general(name=hostname,request_type=request_type,extensions=extensions) for reply in results.replies_tree: for a in reply['answer']: if a['type'] == request_type: print a This doesn't return the result ('a'). This isn't for all names either (_443._tcp.www.had-pilot.com works). The name above does contain empty non-terminals (the "tlsa.good.test" are all ENT's). Could that be it? It seems to work if you query for qtype=A first, then TLSA, but not just TLSA. Scott =================================== Scott Rose NIST scott.rose at nist.gov +1 301-975-8439 Google Voice: +1 571-249-3671 http://www.dnsops.gov/ https://www.had-pilot.com/ =================================== From willem at nlnetlabs.nl Tue Jun 16 19:31:07 2015 From: willem at nlnetlabs.nl (Willem Toorop) Date: Tue, 16 Jun 2015 21:31:07 +0200 Subject: [getdns-users] Strange behavior with query ordering In-Reply-To: <528F2646-1D19-4495-ABD0-0823B2EE87D5@nist.gov> References: <528F2646-1D19-4495-ABD0-0823B2EE87D5@nist.gov> Message-ID: <5580797B.8040503@nlnetlabs.nl> Hi Scott, Sorry, I cannot reproduce. I do get answers in both cases. These are the version I'm using (latest): Python 2.7.9 (default, Apr 2 2015, 15:33:21) [GCC 4.9.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import getdns >>> getdns.__version__ '0.3.1' >>> getdns.Context().get_api_information()['version_string'] '0.2.0' >>> >>> res = getdns.Context().general("_443._tcp.301ss.tlsa.good.test.had-pilot.biz", getdns.RRTYPE_TLSA, {"dnssec_return_validation_chain" : getdns.EXTENSION_TRUE}) >>> [a for reply in res.replies_tree for a in reply['answer'] if a['type'] == getdns.RRTYPE_TLSA] [{'ttl': 600, 'rdata': {'rdata_raw': , 'certificate_usage': 3, 'certificate_association_data': , 'matching_type': 1, 'selector': 0}, 'type': 52, 'class': 1, 'name': '_443._tcp.301ss.tlsa.good.test.had-pilot.biz.'}] >>> If you do have the issue even with these latest versions, I would be very interested in packet captures from both cases. Regards, -- Willem Op 16-06-15 om 18:20 schreef Rose, Scott W.: > We're seeing some strange behavior in python depending on the order of queries. This code: > > import getdns > extensions = {"dnssec_return_validation_chain" : getdns.EXTENSION_TRUE} > ctx = getdns.Context() > > hostname = "_443._tcp.301ss.tlsa.good.test.had-pilot.biz" > for request_type in [getdns.RRTYPE_A,getdns.RRTYPE_TLSA]: > print "hostname=",hostname,"request_type=",request_type,"extensions=",extensions > results = ctx.general(name=hostname,request_type=request_type,extensions=extensions) > for reply in results.replies_tree: > for a in reply['answer']: > if a['type'] == request_type: > print a > > > Works, but if we change it to remove the A query, it doesn't: > > import getdns > extensions = {"dnssec_return_validation_chain" : getdns.EXTENSION_TRUE} > ctx = getdns.Context() > > hostname = "_443._tcp.301ss.tlsa.good.test.had-pilot.biz" > for request_type in [getdns.RRTYPE_TLSA]: > print "hostname=",hostname,"request_type=",request_type,"extensions=",extensions > results = ctx.general(name=hostname,request_type=request_type,extensions=extensions) > for reply in results.replies_tree: > for a in reply['answer']: > if a['type'] == request_type: > print a > > This doesn't return the result ('a'). This isn't for all names either (_443._tcp.www.had-pilot.com works). The name above does contain empty non-terminals (the "tlsa.good.test" are all ENT's). Could that be it? It seems to work if you query for qtype=A first, then TLSA, but not just TLSA. > > Scott > > =================================== > Scott Rose > NIST > scott.rose at nist.gov > +1 301-975-8439 > Google Voice: +1 571-249-3671 > http://www.dnsops.gov/ > https://www.had-pilot.com/ > =================================== > > > _______________________________________________ > Users mailing list > Users at getdnsapi.net > http://getdnsapi.net/mailman/listinfo/users > From melinda.shore at nomountain.net Wed Jun 17 03:22:15 2015 From: melinda.shore at nomountain.net (Melinda Shore) Date: Tue, 16 Jun 2015 19:22:15 -0800 Subject: [getdns-users] Strange behavior with query ordering In-Reply-To: <5580797B.8040503@nlnetlabs.nl> References: <528F2646-1D19-4495-ABD0-0823B2EE87D5@nist.gov> <5580797B.8040503@nlnetlabs.nl> Message-ID: <5580E7E7.7040709@nomountain.net> I'm actually not getting an A record in either case, and dig also returns 0 answers. Can you confirm that you can retrieve the record not using the API? Thanks, Melinda From scott.rose at nist.gov Wed Jun 17 13:52:29 2015 From: scott.rose at nist.gov (Rose, Scott W.) Date: Wed, 17 Jun 2015 09:52:29 -0400 Subject: [getdns-users] Strange behavior with query ordering In-Reply-To: <5580E7E7.7040709@nomountain.net> References: <528F2646-1D19-4495-ABD0-0823B2EE87D5@nist.gov> <5580797B.8040503@nlnetlabs.nl> <5580E7E7.7040709@nomountain.net> Message-ID: <3B475554-68AC-48C7-9030-8EE8DD62E9DF@nist.gov> I can - but looking at some outside open resolvers, some get it, some don't. Something seems to be up with our provider. I wouldn't be the first time. I was using http://www.digwebinterface.com/ and see that some work, but some (some of the ones outside of the US) don't. Problem seems to be solved by upgrading to getdns-0.2.0 (was using 0.1.8). Not sure what it was, but now it seems to work. Scott On Jun 16, 2015, at 11:22 PM, Melinda Shore wrote: > I'm actually not getting an A record in either case, and dig > also returns 0 answers. Can you confirm that you can retrieve > the record not using the API? > > Thanks, > > Melinda > _______________________________________________ > Users mailing list > Users at getdnsapi.net > http://getdnsapi.net/mailman/listinfo/users =================================== Scott Rose NIST scott.rose at nist.gov +1 301-975-8439 Google Voice: +1 571-249-3671 http://www.dnsops.gov/ https://www.had-pilot.com/ =================================== From melinda.shore at nomountain.net Wed Jun 17 14:59:59 2015 From: melinda.shore at nomountain.net (Melinda Shore) Date: Wed, 17 Jun 2015 06:59:59 -0800 Subject: [getdns-users] Strange behavior with query ordering In-Reply-To: <3B475554-68AC-48C7-9030-8EE8DD62E9DF@nist.gov> References: <528F2646-1D19-4495-ABD0-0823B2EE87D5@nist.gov> <5580797B.8040503@nlnetlabs.nl> <5580E7E7.7040709@nomountain.net> <3B475554-68AC-48C7-9030-8EE8DD62E9DF@nist.gov> Message-ID: <55818B6F.1080200@nomountain.net> On 6/17/15 5:52 AM, Rose, Scott W. wrote: > Problem seems to be solved by upgrading to getdns-0.2.0 (was using > 0.1.8). Not sure what it was, but now it seems to work. I'm still not getting any answers from dig or getdns, if that's at all helpful. Melinda -- Melinda Shore No Mountain Software melinda.shore at nomountain.net "Software longa, hardware brevis." From willem at nlnetlabs.nl Thu Jun 18 08:16:20 2015 From: willem at nlnetlabs.nl (Willem Toorop) Date: Thu, 18 Jun 2015 10:16:20 +0200 Subject: [getdns-users] Strange behavior with query ordering In-Reply-To: <55818B6F.1080200@nomountain.net> References: <528F2646-1D19-4495-ABD0-0823B2EE87D5@nist.gov> <5580797B.8040503@nlnetlabs.nl> <5580E7E7.7040709@nomountain.net> <3B475554-68AC-48C7-9030-8EE8DD62E9DF@nist.gov> <55818B6F.1080200@nomountain.net> Message-ID: <55827E54.8010109@nlnetlabs.nl> Haven't checked yet, but these sort of unpredictable responses smell like servers being out of sync to me... Op 17-06-15 om 16:59 schreef Melinda Shore: > On 6/17/15 5:52 AM, Rose, Scott W. wrote: >> Problem seems to be solved by upgrading to getdns-0.2.0 (was using >> 0.1.8). Not sure what it was, but now it seems to work. > > I'm still not getting any answers from dig or getdns, > if that's at all helpful. > > Melinda > > From willem at nlnetlabs.nl Thu Jun 18 15:09:40 2015 From: willem at nlnetlabs.nl (Willem Toorop) Date: Thu, 18 Jun 2015 17:09:40 +0200 Subject: [getdns-users] Strange behavior with query ordering In-Reply-To: <3B475554-68AC-48C7-9030-8EE8DD62E9DF@nist.gov> References: <528F2646-1D19-4495-ABD0-0823B2EE87D5@nist.gov> <5580797B.8040503@nlnetlabs.nl> <5580E7E7.7040709@nomountain.net> <3B475554-68AC-48C7-9030-8EE8DD62E9DF@nist.gov> Message-ID: <5582DF34.2050508@nlnetlabs.nl> Op 17-06-15 om 15:52 schreef Rose, Scott W.: > I can - but looking at some outside open resolvers, some get it, some don't. Something seems to be up with our provider. I wouldn't be the first time. I was using http://www.digwebinterface.com/ and see that some work, but some (some of the ones outside of the US) don't. > > Problem seems to be solved by upgrading to getdns-0.2.0 (was using 0.1.8). Not sure what it was, but now it seems to work. Hi Scott, Definitely something wrong with your provider yes. The name servers on 129.6.100.200 and 129.6.100.201 (sometimes known as ns1.had-pilot.biz. and ns2.had-pilot.biz., but at other times known as had1.had-pilot.com. and ns2.had-pilot.com.) serve a zone with SOA serial 20131045 some of the time and with SOA serial 20111556 some other times. Interestingly on both occasions they have up-to-date DNSSEC signatures! So I suspect a setup where 129.6.100.200 and 129.6.100.201 are load-balancers handing out requests to slave servers which do their own signing. One of the slave servers is stale at SOA serial 20111556 though. See the output of the two dig commands below and notice the different values for NS and for the SOA serial: willem at bonobo:~/repos/getdns/src$ dig @129.6.100.201 had-pilot.biz. soa +dnssec +cd ; <<>> DiG 9.10.2rc2 <<>> @129.6.100.201 had-pilot.biz. soa +dnssec +cd ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29540 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 5 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 3072 ;; QUESTION SECTION: ;had-pilot.biz. IN SOA ;; ANSWER SECTION: had-pilot.biz. 3600 IN SOA ns2.had-pilot.biz. no-reply.had-pilot.biz. 20111556 43200 43200 1209600 600 had-pilot.biz. 3600 IN RRSIG SOA 8 2 3600 20150625030023 20150618020023 24186 had-pilot.biz. bN57c7bfeK+XfxcN5FcRVot404oEOq3kb/3b6bY2/Zh7RiNmfNtWiqrZ tZ6gGnJqf0wUrjyYtN2u4v3mLLVGjYPmrSH01WqVVuQ+oXNicvQMCDrd 2PZMxjrj2W4jkYmGw2PHoB1T/VhaKBKvSsPlWBUvql6ZB8q3rmC7WNtr L/w= ;; AUTHORITY SECTION: had-pilot.biz. 3600 IN NS ns1.had-pilot.biz. had-pilot.biz. 3600 IN NS ns2.had-pilot.biz. had-pilot.biz. 3600 IN RRSIG NS 8 2 3600 20150625030023 20150618020023 24186 had-pilot.biz. bprJ1BOrEmtftlhWaplvQsVbv3gpBXX1/US8cPXImFNNMJSeHeOuz8VE Ms/z6GxUqO/v9lz5kNPItgOlfz8ti4MlllpKEkaNUSCkN1am7h3qI3Sg AfvtMMEu0zpq80p5zf7/Oxucsttrq2QmEHgiXj7C3BdiRyeFdwuEQ0gn LOk= ;; ADDITIONAL SECTION: ns1.had-pilot.biz. 3600 IN A 129.6.100.200 ns1.had-pilot.biz. 3600 IN RRSIG A 8 3 3600 20150625030023 20150618020023 24186 had-pilot.biz. JXOX8kbnBSwVTeGw41hjUrRXuf/m5EIlfyiCEZEAp56xA8YTRzqZR2mo aqO/PiIXyuedrQqUIzR5/yRsx35bSkG3ubi3ShabsyFGVsoNp6q3uonH FzHmIdyJyVrJtei/KlzUB7DObxqX4vxy1vcsoEL2jA3DBQpoSZGkbvdm iWE= ns2.had-pilot.biz. 3600 IN A 129.6.100.201 ns2.had-pilot.biz. 3600 IN RRSIG A 8 3 3600 20150625030023 20150618020023 24186 had-pilot.biz. jqjrmN8Oq9p/7oeWlQ5W3IMaHDndcOoB8PSDMRT1qVAoMfp0fZcLZsH0 gMe0EHXBp5HA6ycpiUH/su4u6lQAqsE5Wmch6AfbHfkg21b7hRCy3+6I G+Xtpgtx+t9XUw8hdsgwK3XohsqlLd/4MI3kGn6R3MFdRuiFgk3E9Ds3 qbo= ;; Query time: 335 msec ;; SERVER: 129.6.100.201#53(129.6.100.201) ;; WHEN: Thu Jun 18 15:15:59 CEST 2015 ;; MSG SIZE rcvd: 847 willem at bonobo:~$ dig @129.6.100.201 ns1.had-pilot.com. a +dnssec +cd ; <<>> DiG 9.10.2rc2 <<>> @129.6.100.201 ns1.had-pilot.com. a +dnssec +cd ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40502 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 3072 ;; QUESTION SECTION: ;ns1.had-pilot.com. IN A ;; AUTHORITY SECTION: had5.had-pilot.com. 3600 IN NSEC ns2.had-pilot.com. A RRSIG NSEC had5.had-pilot.com. 3600 IN RRSIG NSEC 8 3 3600 20150625030024 20150618020024 28335 had-pilot.com. bHX8Y2Y8nr3p+kuHBTe9FIBebbXIoZhGCJIKGvQCYpojKNFY4fE4drgb 3+M5Vn0RF2xRpPBA4oackMiljSivnUH1WeFpnyJZkwtB3mBqiwN7swZV 3KsEWYtdwiY8FdfG4tEVlTkvHpxJzaC9PcvuxAoE2H2ACYXwYpF/i2uC GhI= had-pilot.com. 3600 IN NSEC had1.had-pilot.com. NS SOA MX TXT RRSIG NSEC DNSKEY SPF had-pilot.com. 3600 IN RRSIG NSEC 8 2 3600 20150625030024 20150618020024 28335 had-pilot.com. HV6/69+uNEUc3AJuhR/j1s/5pXHAPmwIzdygrubTGwowUCWAzNJYdq5c t8jfMp0U2jEhfX3lEPaPiM1GbgC8GW0A5zHcUdl7AatiTpQGWWHVPzL+ L/+YIUMPodGkGNWV24jajN0zRRfsP4lQZbiE+y2cAgeWbU+7kFEfdKtb CME= had-pilot.com. 3600 IN SOA ns2.had-pilot.com. scottr.nist.gov. 20131045 43200 43200 1209600 3600 had-pilot.com. 3600 IN RRSIG SOA 8 2 3600 20150625030024 20150618020024 28335 had-pilot.com. DpQUH88je0FfSFFF0Mf4W9YBAvLBKAqn6hZ5c9GSH/ONDQzbmcUUXms4 rSZ9+J24fk8IpI3mNEQ0ItUZBMCw39oi6f1rq/4WRpOoAv9XpuDPg0d3 oSWw5fME2MDmCIYiC/B1wUC+w59f97NaZ1eIaZNMkjqKMzm7xWJOgvcD 1Xk= ;; Query time: 93 msec ;; SERVER: 129.6.100.201#53(129.6.100.201) ;; WHEN: Thu Jun 18 13:58:02 CEST 2015 ;; MSG SIZE rcvd: 711 > > Scott > > On Jun 16, 2015, at 11:22 PM, Melinda Shore wrote: > >> I'm actually not getting an A record in either case, and dig >> also returns 0 answers. Can you confirm that you can retrieve >> the record not using the API? >> >> Thanks, >> >> Melinda >> _______________________________________________ >> Users mailing list >> Users at getdnsapi.net >> http://getdnsapi.net/mailman/listinfo/users > > =================================== > Scott Rose > NIST > scott.rose at nist.gov > +1 301-975-8439 > Google Voice: +1 571-249-3671 > http://www.dnsops.gov/ > https://www.had-pilot.com/ > =================================== > > > _______________________________________________ > Users mailing list > Users at getdnsapi.net > http://getdnsapi.net/mailman/listinfo/users > From scott.rose at nist.gov Thu Jun 18 16:49:31 2015 From: scott.rose at nist.gov (Rose, Scott W.) Date: Thu, 18 Jun 2015 12:49:31 -0400 Subject: [getdns-users] Strange behavior with query ordering In-Reply-To: <5582DF34.2050508@nlnetlabs.nl> References: <528F2646-1D19-4495-ABD0-0823B2EE87D5@nist.gov> <5580797B.8040503@nlnetlabs.nl> <5580E7E7.7040709@nomountain.net> <3B475554-68AC-48C7-9030-8EE8DD62E9DF@nist.gov> <5582DF34.2050508@nlnetlabs.nl> Message-ID: <81F77521-DBB9-4D65-A416-D7E049EC99FD@nist.gov> Hmm, I'll look into that too. Thanks, Scott On Jun 18, 2015, at 11:09 AM, Willem Toorop wrote: > Op 17-06-15 om 15:52 schreef Rose, Scott W.: >> I can - but looking at some outside open resolvers, some get it, some don't. Something seems to be up with our provider. I wouldn't be the first time. I was using http://www.digwebinterface.com/ and see that some work, but some (some of the ones outside of the US) don't. >> >> Problem seems to be solved by upgrading to getdns-0.2.0 (was using 0.1.8). Not sure what it was, but now it seems to work. > > Hi Scott, > > Definitely something wrong with your provider yes. > > The name servers on 129.6.100.200 and 129.6.100.201 (sometimes known as > ns1.had-pilot.biz. and ns2.had-pilot.biz., but at other times known as > had1.had-pilot.com. and ns2.had-pilot.com.) serve a zone with SOA serial > 20131045 some of the time and with SOA serial 20111556 some other times. > > Interestingly on both occasions they have up-to-date DNSSEC signatures! > > So I suspect a setup where 129.6.100.200 and 129.6.100.201 are > load-balancers handing out requests to slave servers which do their own > signing. One of the slave servers is stale at SOA serial 20111556 though. > > See the output of the two dig commands below and notice the different > values for NS and for the SOA serial: > > willem at bonobo:~/repos/getdns/src$ dig @129.6.100.201 had-pilot.biz. soa > +dnssec +cd > > ; <<>> DiG 9.10.2rc2 <<>> @129.6.100.201 had-pilot.biz. soa +dnssec +cd > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29540 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 5 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 3072 > ;; QUESTION SECTION: > ;had-pilot.biz. IN SOA > > ;; ANSWER SECTION: > had-pilot.biz. 3600 IN SOA ns2.had-pilot.biz. no-reply.had-pilot.biz. > 20111556 43200 43200 1209600 600 > had-pilot.biz. 3600 IN RRSIG SOA 8 2 3600 20150625030023 20150618020023 > 24186 had-pilot.biz. > bN57c7bfeK+XfxcN5FcRVot404oEOq3kb/3b6bY2/Zh7RiNmfNtWiqrZ > tZ6gGnJqf0wUrjyYtN2u4v3mLLVGjYPmrSH01WqVVuQ+oXNicvQMCDrd > 2PZMxjrj2W4jkYmGw2PHoB1T/VhaKBKvSsPlWBUvql6ZB8q3rmC7WNtr L/w= > > ;; AUTHORITY SECTION: > had-pilot.biz. 3600 IN NS ns1.had-pilot.biz. > had-pilot.biz. 3600 IN NS ns2.had-pilot.biz. > had-pilot.biz. 3600 IN RRSIG NS 8 2 3600 20150625030023 20150618020023 > 24186 had-pilot.biz. > bprJ1BOrEmtftlhWaplvQsVbv3gpBXX1/US8cPXImFNNMJSeHeOuz8VE > Ms/z6GxUqO/v9lz5kNPItgOlfz8ti4MlllpKEkaNUSCkN1am7h3qI3Sg > AfvtMMEu0zpq80p5zf7/Oxucsttrq2QmEHgiXj7C3BdiRyeFdwuEQ0gn LOk= > > ;; ADDITIONAL SECTION: > ns1.had-pilot.biz. 3600 IN A 129.6.100.200 > ns1.had-pilot.biz. 3600 IN RRSIG A 8 3 3600 20150625030023 > 20150618020023 24186 had-pilot.biz. > JXOX8kbnBSwVTeGw41hjUrRXuf/m5EIlfyiCEZEAp56xA8YTRzqZR2mo > aqO/PiIXyuedrQqUIzR5/yRsx35bSkG3ubi3ShabsyFGVsoNp6q3uonH > FzHmIdyJyVrJtei/KlzUB7DObxqX4vxy1vcsoEL2jA3DBQpoSZGkbvdm iWE= > ns2.had-pilot.biz. 3600 IN A 129.6.100.201 > ns2.had-pilot.biz. 3600 IN RRSIG A 8 3 3600 20150625030023 > 20150618020023 24186 had-pilot.biz. > jqjrmN8Oq9p/7oeWlQ5W3IMaHDndcOoB8PSDMRT1qVAoMfp0fZcLZsH0 > gMe0EHXBp5HA6ycpiUH/su4u6lQAqsE5Wmch6AfbHfkg21b7hRCy3+6I > G+Xtpgtx+t9XUw8hdsgwK3XohsqlLd/4MI3kGn6R3MFdRuiFgk3E9Ds3 qbo= > > ;; Query time: 335 msec > ;; SERVER: 129.6.100.201#53(129.6.100.201) > ;; WHEN: Thu Jun 18 15:15:59 CEST 2015 > ;; MSG SIZE rcvd: 847 > > > > willem at bonobo:~$ dig @129.6.100.201 ns1.had-pilot.com. a +dnssec +cd > > ; <<>> DiG 9.10.2rc2 <<>> @129.6.100.201 ns1.had-pilot.com. a +dnssec +cd > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40502 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 3072 > ;; QUESTION SECTION: > ;ns1.had-pilot.com. IN A > > ;; AUTHORITY SECTION: > had5.had-pilot.com. 3600 IN NSEC ns2.had-pilot.com. A RRSIG NSEC > had5.had-pilot.com. 3600 IN RRSIG NSEC 8 3 3600 20150625030024 > 20150618020024 28335 had-pilot.com. > bHX8Y2Y8nr3p+kuHBTe9FIBebbXIoZhGCJIKGvQCYpojKNFY4fE4drgb > 3+M5Vn0RF2xRpPBA4oackMiljSivnUH1WeFpnyJZkwtB3mBqiwN7swZV > 3KsEWYtdwiY8FdfG4tEVlTkvHpxJzaC9PcvuxAoE2H2ACYXwYpF/i2uC GhI= > had-pilot.com. 3600 IN NSEC had1.had-pilot.com. NS SOA MX TXT RRSIG > NSEC DNSKEY SPF > had-pilot.com. 3600 IN RRSIG NSEC 8 2 3600 20150625030024 > 20150618020024 28335 had-pilot.com. > HV6/69+uNEUc3AJuhR/j1s/5pXHAPmwIzdygrubTGwowUCWAzNJYdq5c > t8jfMp0U2jEhfX3lEPaPiM1GbgC8GW0A5zHcUdl7AatiTpQGWWHVPzL+ > L/+YIUMPodGkGNWV24jajN0zRRfsP4lQZbiE+y2cAgeWbU+7kFEfdKtb CME= > had-pilot.com. 3600 IN SOA ns2.had-pilot.com. scottr.nist.gov. 20131045 > 43200 43200 1209600 3600 > had-pilot.com. 3600 IN RRSIG SOA 8 2 3600 20150625030024 20150618020024 > 28335 had-pilot.com. > DpQUH88je0FfSFFF0Mf4W9YBAvLBKAqn6hZ5c9GSH/ONDQzbmcUUXms4 > rSZ9+J24fk8IpI3mNEQ0ItUZBMCw39oi6f1rq/4WRpOoAv9XpuDPg0d3 > oSWw5fME2MDmCIYiC/B1wUC+w59f97NaZ1eIaZNMkjqKMzm7xWJOgvcD 1Xk= > > ;; Query time: 93 msec > ;; SERVER: 129.6.100.201#53(129.6.100.201) > ;; WHEN: Thu Jun 18 13:58:02 CEST 2015 > ;; MSG SIZE rcvd: 711 > > > >> >> Scott >> >> On Jun 16, 2015, at 11:22 PM, Melinda Shore wrote: >> >>> I'm actually not getting an A record in either case, and dig >>> also returns 0 answers. Can you confirm that you can retrieve >>> the record not using the API? >>> >>> Thanks, >>> >>> Melinda >>> _______________________________________________ >>> Users mailing list >>> Users at getdnsapi.net >>> http://getdnsapi.net/mailman/listinfo/users >> >> =================================== >> Scott Rose >> NIST >> scott.rose at nist.gov >> +1 301-975-8439 >> Google Voice: +1 571-249-3671 >> http://www.dnsops.gov/ >> https://www.had-pilot.com/ >> =================================== >> >> >> _______________________________________________ >> Users mailing list >> Users at getdnsapi.net >> http://getdnsapi.net/mailman/listinfo/users >> > > _______________________________________________ > Users mailing list > Users at getdnsapi.net > http://getdnsapi.net/mailman/listinfo/users =================================== Scott Rose NIST scott.rose at nist.gov +1 301-975-8439 Google Voice: +1 571-249-3671 http://www.dnsops.gov/ https://www.had-pilot.com/ ===================================