Feeds:
Posts
Comments

Posts Tagged ‘DNS’

DNS-checking tools

Posted in Informatica e reti, tagged on 21 September 2010| Leave a Comment »

Un utile elenco dei tool online disponibili, con alcune considerazioni all’intorno

http://www.bortzmeyer.org/tests-dns.html

Read Full Post »

Check out your glue

Posted in Informatica e reti, tagged , on 1 September 2010| Leave a Comment »

Bind 9.7 si sta rivelando estremamente schizzinoso per quanto riguarda deleghe e glue record delle zone che risolve.

Se il record A fornito dal parent non batte con quello fornito dalla zona child, bind bellamente lo cassa.

Ergo: se tutte le deleghe sono a farfalle, rifiuta di risolvere la zona, dato che non rimangono record NS a cui fare affidamento.

Questo, ad esempio, quello che mi è capitato sotto il naso quest’oggi:

zarathustra:~ skull$ dig ns +trace aroma-polifarma.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> ns +trace aroma-polifarma.com
;; global options: +cmd
[…]
aroma-polifarma.com.    172800  IN      NS      ns5.ticariyer.com.
aroma-polifarma.com.    172800  IN      NS      ns6.ticariyer.com.
;; Received 115 bytes from 192.31.80.30#53(d.gtld-servers.net) in 141 ms

aroma-polifarma.com.    86400   IN      NS      ns6.ticariyer.com.
aroma-polifarma.com.    86400   IN      NS      ns5.ticariyer.com.
;; Received 115 bytes from 85.153.27.39#53(ns5.ticariyer.com) in 65 ms

Ora: se domandiamo chi siano i DNS alla zona parent otteniamo una risposta:

zarathustra:~ skull$ dig +noall +norec +authority +answer +additional ns aroma-polifarma.com @d.gtld-servers.net
aroma-polifarma.com.    172800  IN      NS      ns5.ticariyer.com.
aroma-polifarma.com.    172800  IN      NS      ns6.ticariyer.com.
ns5.ticariyer.com.      172800  IN      A       85.153.27.41
ns6.ticariyer.com.      172800  IN      A       85.153.27.42

Se invece domandiamo alla zona child…

zarathustra:~ skull$ dig +noall +norec +authority +answer +additional ns aroma-polifarma.com @85.153.27.41
aroma-polifarma.com.    31876   IN      NS      ns5.ticariyer.com.
aroma-polifarma.com.    31876   IN      NS      ns6.ticariyer.com.
ns5.ticariyer.com.      6767    IN      A       85.153.27.39
ns6.ticariyer.com.      9863    IN      A       85.153.27.40

…ne otteniamo un’altra.

Come risultato:

zarathustra:~ skull$ dig ns aroma-polifarma.com @dns2.spin.it

; <<>> DiG 9.6.0-APPLE-P2 <<>> ns aroma-polifarma.com @dns2.spin.it
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 9114
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;aroma-polifarma.com.           IN      NS

;; Query time: 135 msec
;; SERVER: 2a02:9a8:1::ff03#53(2a02:9a8:1::ff03)
;; WHEN: Wed Sep  1 18:03:49 2010
;; MSG SIZE  rcvd: 37

Mentre nei log del resolver:

Sep  1 18:03:49 dns2 named[32465]: DNS format error from 85.153.27.41#53 resolving aroma-polifarma.com/NS for client 2a02:9a8:1:100::ff3c#53124: sideways referral
Sep  1 18:03:49 dns2 named[32465]: DNS format error from 85.153.27.42#53 resolving aroma-polifarma.com/NS for client 2a02:9a8:1:100::ff3c#53124: sideways referral

Verificate le vostre zone DNS, che è meglio… 😉

Read Full Post »

[IPv6] Una perla (o un pirla?)

Posted in Informatica e reti, tagged , on 8 July 2010| Leave a Comment »

Vista passare in una mailing-list, e riporto qui immediatamente.

Da http://www.dnsexit.com/:

Our DNS still keeps 100% uptime history since we started in 1998.

Da dig:

; <<>> DiG 9.6.0-APPLE-P2 <<>> ns dnsexit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25673
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;dnsexit.com.                   IN      NS

;; ANSWER SECTION:
dnsexit.com.            28800   IN      NS      ns1.dnsexit.com.
dnsexit.com.            28800   IN      NS      ns3.dnsexit.com.
dnsexit.com.            28800   IN      NS      ns4.dnsexit.com.
dnsexit.com.            28800   IN      NS      ns2.dnsexit.com.

;; ADDITIONAL SECTION:
ns1.dnsexit.com.        28800   IN      AAAA    ::1
ns2.dnsexit.com.        59400   IN      AAAA    ::1
ns3.dnsexit.com.        57600   IN      AAAA    ::1
ns4.dnsexit.com.        57600   IN      AAAA    ::1

;; Query time: 182 msec
;; SERVER: 2a02:9a8:1:100::ff16#53(2a02:9a8:1:100::ff16)
;; WHEN: Thu Jul  8 09:47:43 2010
;; MSG SIZE  rcvd: 213

E anche se indubbiamente la loro zona sarà irraggiungibile a chiunque abbia connettvità IPv6, possono sempre dire che in effetti ::1 non è alcuno dei loro DNS…

Dei genii, non c’è che dire…

Read Full Post »

%d bloggers like this: