Dns

Boring exam days, anyways time for a quick blog post to keep taste in life. :)

One of my good friend informed me about eNom DNS servers failing randomly. He gave clothdiaperrevival.com as sample domain name for testing.

Quick Check from my home connection:

anurag@laptop ~ $ dig clothdiaperrevival.com a @dns1.name-services.com +short  
216.239.32.21  
216.239.34.21  
216.239.36.21  
216.239.38.21

anurag@laptop ~ $ dig clothdiaperrevival.com a @dns2.name-services.com +short  
216.239.36.21  
216.239.32.21  
216.239.38.21  
216.239.34.21

anurag@laptop ~ $ dig clothdiaperrevival.com a @dns3.name-services.com +short  
216.239.38.21  
216.239.34.21  
216.239.32.21  
216.239.36.21

anurag@laptop ~ $ dig clothdiaperrevival.com a @dns4.name-services.com +short  
216.239.32.21  
216.239.38.21  
216.239.34.21  
216.239.36.21

anurag@laptop ~ $ dig clothdiaperrevival.com a @dns5.name-services.com +short  
216.239.32.21  
216.239.34.21  
216.239.36.21  
216.239.38.21

Next, checking from my EU located server:

anurag@server7:~$ dig clothdiaperrevival.com a @dns1.name-services.com +short  
216.239.32.21  
216.239.34.21  
216.239.36.21  
216.239.38.21

anurag@server7:~$ dig clothdiaperrevival.com a @dns2.name-services.com +short

anurag@server7:~$ dig clothdiaperrevival.com a @dns3.name-services.com +short  
216.239.36.21  
216.239.38.21  
216.239.32.21  
216.239.34.21

anurag@server7:~$ dig clothdiaperrevival.com a @dns4.name-services.com +short  
216.239.32.21  
216.239.38.21  
216.239.36.21  
216.239.34.21

anurag@server7:~$ dig clothdiaperrevival.com a @dns5.name-services.com +short  
216.239.32.21  
216.239.34.21  
216.239.36.21  
216.239.38.21

dns2.name-services.com is failing when reached my EU based server.

In last few days, I have been pushing discussion on APNIC & NANOG mailing lists about poor DNS infrastructure in India.

Thought to put a quick blog post on the issue.

So what’s exactly wrong?

To understand what’s wrong, let’s understand how DNS works at core level. DNS relies on a hierarchy model with . (dot) on top which is Root and TLD i.e Top Level Domains below Root, which further  follow 2nd level domains which are popularly domain names we use. So e.g mail.google.com is actually like

 

Few days back I mentioned how reverse DNS setup of Airtel was incorrect. Sad to say it has not been fixed yet. In meanwhile I was looking at domain name - airtel.in the main domain which runs website for Bharti Airtel’s Indian operations. I am little surprised to find that DNS server of airtel.in are failing randomly!  

Problem:

airtel.in uses 4 DNS servers from Mantra Online - a small ISP which Bharti took over years back. Here are the DNS servers used by domain name: aaadel.mantraonline.com. dnsbom.mantraonline.com. dnsdel.mantraonline.com. dnsblr.mantraonline.com.   Now interesting part here is that out of these 4, only 1 behaves normally. DNS server - dnsblr.mantraonline.com. seems working fine but rest all are rejecting queries “randomly” which is interesting. I have mostly seen DNS servers being up or down. This is probably first case when I can see DNS servers failing in random fashion.

This is a very popular mistake admins make - it’s missing . i.e dot in the end of hostname. This causes serious problems (and lot of frustration!).

E.g taking example of popular Google’s cname record ghs.google.com. As we know if one would like to use mail.domain.com., he has to point the CNAME record to “ghs.google.com”. Now here if one misses dot in the end of ghs.google.com. - it will give a real value like:

Seems like k-root servers are having issue again. This is not the first time BSNL is having such issues. Last year I reported issue with K root server (which was actually because of downtime at Delhi node).  

Here’s some data for today’s case:

PING 193.0.14.129 (193.0.14.129) 56(84) bytes of data. 
64 bytes from 193.0.14.129: 
icmp_req=1 ttl=44 time=309 ms 
64 bytes from 193.0.14.129: icmp_req=2 ttl=44 time=312 ms 
64 bytes from 193.0.14.129: icmp_req=3 ttl=44 time=312 ms 
64 bytes from 193.0.14.129: icmp_req=4 ttl=44 time=312 ms 
64 bytes from 193.0.14.129: icmp_req=5 ttl=44 time=313 ms 
--- 193.0.14.129 ping statistics --- 
5 packets transmitted, 5 received, 0% packet loss, time 4001ms 
rtt min/avg/max/mdev = 309.687/312.019/313.333/1.289 ms  

 

One of my friend asked me an interesting question about relating IPv4 with IPv6. His question was: in dual stack setup, if we have IPv4 of a router/host, how can we find IPv6 associated with it?

Well, as far as I know there’s no direct way to relate IPv4 with IPv6 but there’s a nice trick out. Say e.g we have Google Public DNS operating at IPv4 - 8.8.8.8. To find IPv6 address of same server (if it exists at all), we can lookup for reverse DNS to get hostname, 

Yesterday I called MTS Data Card support but their IVRS system was failing in giving me my balance details. Eventually I decided to email their support and glad to say support email was also easily available on their website.

Today I saw acknowledgement mail in spam. No big deal but I usually dig around genuine mails which go in spam to find exact cause. In this case I found mail was sent to me from  customercare.del@mtsindia.in and the server which relayed this mail was:

Yesterday I had a very interesting discussion with our senior administrator.

I was configuring reverse DNS records for our /24 block and I decided to use format - IP.static.domain.com thus if for IP 1.2.3.4, I pointed reverse DNS (PTR) to 1.2.3.4.static.domain.com

When I got chance to show my work to my senior administrator, he said - It’s wrong to use 1.2.3.4.static.domain.com in a hostname. Too many dots will make DNS resolution very slow (forward - reverse - again forward). And I should have used 1-2-3-4.static.domain.com

Which DNS resolver is better - ISP’s (default) DNS resolver, or Google Public DNS or the pioneer of DNS openDNS or even a local DNS server?

Let’s try to find out! I am sitting on a BSNL data link, and I will try to perform few tests to find that out: Available DNS resolvers to me:

1. BSNL DNS resolvers - 218.248.255.194 & 218.248.255.196
2. Google Public DNS - 8.8.8.8 & 8.8.4.4
3. OpenDNS - 208.67.222.222 & 208.67.220.220
4. Local DNS Server - BIND running on localhost - 127.0.0.1

Observing ping time:

BSNL DNS resolver:

--- 218.248.255.194 ping statistics ---

5 packets transmitted, 4 received, 20% packet loss, time 4001ms

rtt min/avg/max/mdev = 26.978/27.754/29.122/0.897 ms

--- 218.248.255.194 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4001ms
rtt min/avg/max/mdev = 26.978/**27.754**/29.122/0.897 ms

Google Public DNS:

--- 8.8.8.8 ping statistics --- 5 packets transmitted, 
5 received, 0% packet loss, 
time 4001ms rtt min/avg/max/mdev = 121.147/121.878/122.951/0.783 ms

OpenDNS:

--- 208.67.222.222 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4005ms

rtt min/avg/max/mdev = 217.678/**219.528**/222.034/1.717 ms

Next, localhost? :)

Few days back I visited Official Google Apps forum (one of my favorite places) and answered many questions. It was quite after some time i was there and found few cases/questions/problems as really interesting. Here’s one of the questions asked there by a admin named aol985 about SPF records.

His question:

As described in http://www.google.com/support/a/bin/answer.py?hl=en&answer=33786 , I set SPF record for mashfilm.ru domain to “v=spf1 include:aspmx.googlemail.com ~all”. But aspmx.googlemail.com currently does not resolves. Is it correct?