Poor DNS setup from Idea ISP
DNS Lesson time!
Today, I was just looking into website - ideaisp.net
This site is overall pretty interesting as it’s showing various upstream links of IDEA Cellular ISP backbone. Seems like they are just using Cable & Wireless for most of International bandwidth although IDEA ISP is not functional yet. Anyways, this post is not about their geeky upstream peers & routing tables but how bad one can setup DNS! :)
Looking at DNS servers of domain name ideaisp.net
Check from whois:
Domain Name: IDEAISP.NET
Registrar: NET 4 INDIA LIMITED
Whois Server: whois.net4domains.com
Referral URL: http://www.net4.in
Name Server: NS1.IDEAISP.NET Name Server: NS2.IDEAISP.NET
Status: ok
Updated Date: 24-jun-2011
Creation Date: 06-jun-2011
Expiration Date: 06-jun-2012
All seem pretty much normal but next, check from normal dig (which digs DNS servers):
root@server7:~# dig ideaisp.net ns
; <<>> DiG 9.7.1-P2 <<>> ideaisp.net ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26015
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ideaisp.net. IN NS
;; ANSWER SECTION:
ideaisp.net. 3317 IN NS isp-mum-dns1.
;; Query time: 11 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sat Nov 26 20:48:44 2011
;; MSG SIZE rcvd: 55
Only one nameservers and that too isp-mum-dns1. huh?!!
Since I had (very) bad day, I decided to dig further into it to keep myself busy.
Here’s the SOA zone file:
;; QUESTION SECTION:
;ideaisp.net. IN SOA
;; ANSWER SECTION:
ideaisp.net. 3600 IN SOA isp-mum-dns1. hostmaster. 5 900 600 86400 3600
Again - clearly wrong nameserver in SOA too.
So how exactly website is working? What’s really wrong?
Digging further into two nameservers ns1.ideaisp.net and ns2.ideaisp.net (as shown from whois), here’s what we see:
root@server7:~# dig @ns1.ideaisp.net ideaisp.net ns
; <<>> DiG 9.7.1-P2 <<>> @ns1.ideaisp.net ideaisp.net ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60975
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ideaisp.net. IN NS
;; ANSWER SECTION:
ideaisp.net. 3600 IN NS isp-mum-dns1.
;; Query time: 127 msec
;; SERVER: 223.196.3.235#53(223.196.3.235)
;; WHEN: Sat Nov 26 20:57:29 2011
;; MSG SIZE rcvd: 55
root@server7:~# dig @ns2.ideaisp.net ideaisp.net ns
; <<>> DiG 9.7.1-P2 <<>> @ns2.ideaisp.net ideaisp.net ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20103
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ideaisp.net. IN NS
;; ANSWER SECTION:
ideaisp.net. 3600 IN NS isp-mum-dns1.
;; Query time: 127 msec
;; SERVER: 223.196.3.236#53(223.196.3.236)
;; WHEN: Sat Nov 26 20:57:35 2011
;; MSG SIZE rcvd: 55
Clearly there’s no mismatch in records on both servers.
Here’s what’s wrong:
- Wrong nameserver - rather then isp-mum-dns1. it should be ns1.ideaisp.net
- Missing secondary nameservers - ns2.ideaisp.net “NS record” is missing from zone delegation
Let’s hope someone @ IdeaCellular might read this post and considers fixing these issues.
Thanks for reading, have good day ahead!
Updates
Based on recent comment from Mr Sumit Menaria, from IDEA Cellular - this issue has been fixed.
Quick check to verify:
DNS servers at root:
Domain Name: IDEAISP.NET
Registrar: NET 4 INDIA LIMITED
Whois Server: whois.net4domains.com
Referral URL: http://www.net4.in
Name Server: NS1.IDEAISP.NET
Name Server: NS2.IDEAISP.NET
Status: ok
Updated Date: 04-may-2012
Creation Date: 06-jun-2011
Expiration Date: 06-jun-2012
Next, checking each of them for NS records:
anurag@laptop ~ $ dig ideaisp.net @NS1.IDEAISP.NET ns +short
ns1.ideaisp.net.
ns2.ideaisp.net.
anurag@laptop ~ $ dig ideaisp.net @NS2.IDEAISP.NET ns +short
ns2.ideaisp.net.
ns1.ideaisp.net.
Looks good. Verifying SOA and finally A record:
anurag@laptop ~ $ dig ideaisp.net @NS1.IDEAISP.NET soa +short
ns1.ideaisp.net. hostmaster. 8 900 600 86400 3600
anurag@laptop ~ $ dig ideaisp.net @NS2.IDEAISP.NET soa +short
isp-mum-dns2. hostmaster. 8 900 600 86400 3600
anurag@laptop ~ $ dig ideaisp.net @NS1.IDEAISP.NET a +short
223.196.3.234
anurag@laptop ~ $ dig ideaisp.net @NS2.IDEAISP.NET a +short
223.196.3.234
All looks good and well. Good job Mr Sumit! :)