[getdns-users] Strange behavior with query ordering

Rose, Scott W. scott.rose at nist.gov
Thu Jun 18 16:49:31 UTC 2015 

Hmm, I'll look into that too.  

Thanks,
Scott

On Jun 18, 2015, at 11:09 AM, Willem Toorop <willem at nlnetlabs.nl> wrote:

> Op 17-06-15 om 15:52 schreef Rose, Scott W.:
>> I can - but looking at some outside open resolvers, some get it, some don't.  Something seems to be up with our provider.  I wouldn't be the first time.  I was using http://www.digwebinterface.com/ and see that some work, but some (some of the ones outside of the US) don't.  
>> 
>> Problem seems to be solved by upgrading to getdns-0.2.0  (was using 0.1.8).  Not sure what it was, but now it seems to work.
> 
> Hi Scott,
> 
> Definitely something wrong with your provider yes.
> 
> The name servers on 129.6.100.200 and 129.6.100.201 (sometimes known as
> ns1.had-pilot.biz. and ns2.had-pilot.biz., but at other times known as
> had1.had-pilot.com. and ns2.had-pilot.com.) serve a zone with SOA serial
> 20131045 some of the time and with SOA serial 20111556 some other times.
> 
> Interestingly on both occasions they have up-to-date DNSSEC signatures!
> 
> So I suspect a setup where 129.6.100.200 and 129.6.100.201 are
> load-balancers handing out requests to slave servers which do their own
> signing.  One of the slave servers is stale at SOA serial 20111556 though.
> 
> See the output of the two dig commands below and notice the different
> values for NS and for the SOA serial:
> 
> willem at bonobo:~/repos/getdns/src$ dig @129.6.100.201 had-pilot.biz. soa
> +dnssec +cd
> 
> ; <<>> DiG 9.10.2rc2 <<>> @129.6.100.201 had-pilot.biz. soa +dnssec +cd
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29540
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 5
> ;; WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 3072
> ;; QUESTION SECTION:
> ;had-pilot.biz.			IN	SOA
> 
> ;; ANSWER SECTION:
> had-pilot.biz.		3600	IN	SOA	ns2.had-pilot.biz. no-reply.had-pilot.biz.
> 20111556 43200 43200 1209600 600
> had-pilot.biz.		3600	IN	RRSIG	SOA 8 2 3600 20150625030023 20150618020023
> 24186 had-pilot.biz.
> bN57c7bfeK+XfxcN5FcRVot404oEOq3kb/3b6bY2/Zh7RiNmfNtWiqrZ
> tZ6gGnJqf0wUrjyYtN2u4v3mLLVGjYPmrSH01WqVVuQ+oXNicvQMCDrd
> 2PZMxjrj2W4jkYmGw2PHoB1T/VhaKBKvSsPlWBUvql6ZB8q3rmC7WNtr L/w=
> 
> ;; AUTHORITY SECTION:
> had-pilot.biz.		3600	IN	NS	ns1.had-pilot.biz.
> had-pilot.biz.		3600	IN	NS	ns2.had-pilot.biz.
> had-pilot.biz.		3600	IN	RRSIG	NS 8 2 3600 20150625030023 20150618020023
> 24186 had-pilot.biz.
> bprJ1BOrEmtftlhWaplvQsVbv3gpBXX1/US8cPXImFNNMJSeHeOuz8VE
> Ms/z6GxUqO/v9lz5kNPItgOlfz8ti4MlllpKEkaNUSCkN1am7h3qI3Sg
> AfvtMMEu0zpq80p5zf7/Oxucsttrq2QmEHgiXj7C3BdiRyeFdwuEQ0gn LOk=
> 
> ;; ADDITIONAL SECTION:
> ns1.had-pilot.biz.	3600	IN	A	129.6.100.200
> ns1.had-pilot.biz.	3600	IN	RRSIG	A 8 3 3600 20150625030023
> 20150618020023 24186 had-pilot.biz.
> JXOX8kbnBSwVTeGw41hjUrRXuf/m5EIlfyiCEZEAp56xA8YTRzqZR2mo
> aqO/PiIXyuedrQqUIzR5/yRsx35bSkG3ubi3ShabsyFGVsoNp6q3uonH
> FzHmIdyJyVrJtei/KlzUB7DObxqX4vxy1vcsoEL2jA3DBQpoSZGkbvdm iWE=
> ns2.had-pilot.biz.	3600	IN	A	129.6.100.201
> ns2.had-pilot.biz.	3600	IN	RRSIG	A 8 3 3600 20150625030023
> 20150618020023 24186 had-pilot.biz.
> jqjrmN8Oq9p/7oeWlQ5W3IMaHDndcOoB8PSDMRT1qVAoMfp0fZcLZsH0
> gMe0EHXBp5HA6ycpiUH/su4u6lQAqsE5Wmch6AfbHfkg21b7hRCy3+6I
> G+Xtpgtx+t9XUw8hdsgwK3XohsqlLd/4MI3kGn6R3MFdRuiFgk3E9Ds3 qbo=
> 
> ;; Query time: 335 msec
> ;; SERVER: 129.6.100.201#53(129.6.100.201)
> ;; WHEN: Thu Jun 18 15:15:59 CEST 2015
> ;; MSG SIZE  rcvd: 847
> 
> 
> 
> willem at bonobo:~$ dig @129.6.100.201 ns1.had-pilot.com. a +dnssec +cd
> 
> ; <<>> DiG 9.10.2rc2 <<>> @129.6.100.201 ns1.had-pilot.com. a +dnssec +cd
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40502
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 3072
> ;; QUESTION SECTION:
> ;ns1.had-pilot.com.		IN	A
> 
> ;; AUTHORITY SECTION:
> had5.had-pilot.com.	3600	IN	NSEC	ns2.had-pilot.com. A RRSIG NSEC
> had5.had-pilot.com.	3600	IN	RRSIG	NSEC 8 3 3600 20150625030024
> 20150618020024 28335 had-pilot.com.
> bHX8Y2Y8nr3p+kuHBTe9FIBebbXIoZhGCJIKGvQCYpojKNFY4fE4drgb
> 3+M5Vn0RF2xRpPBA4oackMiljSivnUH1WeFpnyJZkwtB3mBqiwN7swZV
> 3KsEWYtdwiY8FdfG4tEVlTkvHpxJzaC9PcvuxAoE2H2ACYXwYpF/i2uC GhI=
> had-pilot.com.		3600	IN	NSEC	had1.had-pilot.com. NS SOA MX TXT RRSIG
> NSEC DNSKEY SPF
> had-pilot.com.		3600	IN	RRSIG	NSEC 8 2 3600 20150625030024
> 20150618020024 28335 had-pilot.com.
> HV6/69+uNEUc3AJuhR/j1s/5pXHAPmwIzdygrubTGwowUCWAzNJYdq5c
> t8jfMp0U2jEhfX3lEPaPiM1GbgC8GW0A5zHcUdl7AatiTpQGWWHVPzL+
> L/+YIUMPodGkGNWV24jajN0zRRfsP4lQZbiE+y2cAgeWbU+7kFEfdKtb CME=
> had-pilot.com.		3600	IN	SOA	ns2.had-pilot.com. scottr.nist.gov. 20131045
> 43200 43200 1209600 3600
> had-pilot.com.		3600	IN	RRSIG	SOA 8 2 3600 20150625030024 20150618020024
> 28335 had-pilot.com.
> DpQUH88je0FfSFFF0Mf4W9YBAvLBKAqn6hZ5c9GSH/ONDQzbmcUUXms4
> rSZ9+J24fk8IpI3mNEQ0ItUZBMCw39oi6f1rq/4WRpOoAv9XpuDPg0d3
> oSWw5fME2MDmCIYiC/B1wUC+w59f97NaZ1eIaZNMkjqKMzm7xWJOgvcD 1Xk=
> 
> ;; Query time: 93 msec
> ;; SERVER: 129.6.100.201#53(129.6.100.201)
> ;; WHEN: Thu Jun 18 13:58:02 CEST 2015
> ;; MSG SIZE  rcvd: 711
> 
> 
> 
>> 
>> Scott
>> 
>> On Jun 16, 2015, at 11:22 PM, Melinda Shore <melinda.shore at nomountain.net> wrote:
>> 
>>> I'm actually not getting an A record in either case, and dig
>>> also returns 0 answers.  Can you confirm that you can retrieve
>>> the record not using the API?
>>> 
>>> Thanks,
>>> 
>>> Melinda
>>> _______________________________________________
>>> Users mailing list
>>> Users at getdnsapi.net
>>> http://getdnsapi.net/mailman/listinfo/users
>> 
>> ===================================
>> Scott Rose
>> NIST
>> scott.rose at nist.gov
>> +1 301-975-8439
>> Google Voice: +1 571-249-3671
>> http://www.dnsops.gov/
>> https://www.had-pilot.com/
>> ===================================
>> 
>> 
>> _______________________________________________
>> Users mailing list
>> Users at getdnsapi.net
>> http://getdnsapi.net/mailman/listinfo/users
>> 
> 
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> http://getdnsapi.net/mailman/listinfo/users

===================================
Scott Rose
NIST
scott.rose at nist.gov
+1 301-975-8439
Google Voice: +1 571-249-3671
http://www.dnsops.gov/
https://www.had-pilot.com/
===================================

More information about the Users mailing list