[Gllug] DNS verification (slightly OT)

Robert McKay robert at mckay.com
Fri Apr 17 12:20:00 UTC 2009 

On Fri, Apr 17, 2009 at 9:48 AM, Henrik Morsing <henrik at morsing.cc> wrote:
> On Fri, Apr 17, 2009 at 09:25:05AM +0100, Andy Millar wrote:
>>
>> "mydomain.foo. IN NS 12.34.38.82." to comply with the required format?
>
> If I do that I get:
>
> Mar 31 09:47:02 emil named[30288]: dns_rdata_fromtext: morsing.cc:21: near '195.10.223.76.': bad dotted quad

This is invalid. NS records must point to a DNS name, not an IP.

> Just going through my logs now and I have a tonne of messages like:
>
> Apr 17 09:31:14 emil named[12433]: too many timeouts resolving '74.72-79.220.30.189.in-addr.arpa/PTR' (in '72-79.220.30.189.in-addr.arpa'?): reducing the advertised EDNS UDP packet size to 512 octets
>
> Some sort of DOS or poison attack? Could this be causing the Verisign problems?

This was probably caused because 189.30.220.74 has a large number of
PTR records associated with it.

dig @ns1.alcidesmaya.com.br. 74.72-79.220.30.189.in-addr.arpa. ptr
; <<>> DiG 9.3.4-P1 <<>> @ns1.alcidesmaya.com.br. 74.72-79.220.30.189.in-addr.ar
pa. ptr
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9790
;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;74.72-79.220.30.189.in-addr.arpa. IN   PTR

;; ANSWER SECTION:
74.72-79.220.30.189.in-addr.arpa. 86400 IN PTR  msdnaa.alcidesmaya.com.br.
74.72-79.220.30.189.in-addr.arpa. 86400 IN PTR  mail.alcidesmaya.com.br.
74.72-79.220.30.189.in-addr.arpa. 86400 IN PTR  ns1.alcidesmaya.com.br.
74.72-79.220.30.189.in-addr.arpa. 86400 IN PTR  atlas.alcidesmaya.com.br.
74.72-79.220.30.189.in-addr.arpa. 86400 IN PTR  www.alcidesmaya.com.br.
74.72-79.220.30.189.in-addr.arpa. 86400 IN PTR  smtp.alcidesmaya.com.br.
74.72-79.220.30.189.in-addr.arpa. 86400 IN PTR  pop.alcidesmaya.com.br.
74.72-79.220.30.189.in-addr.arpa. 86400 IN PTR  imap.alcidesmaya.com.br.
74.72-79.220.30.189.in-addr.arpa. 86400 IN PTR  ftp.alcidesmaya.com.br.

;; AUTHORITY SECTION:
72-79.220.30.189.in-addr.arpa. 86400 IN NS      ns1.alcidesmaya.com.br.
72-79.220.30.189.in-addr.arpa. 86400 IN NS      ns2.alcidesmaya.com.br.

;; ADDITIONAL SECTION:
ns1.alcidesmaya.com.br. 38400   IN      A       189.30.220.74
ns2.alcidesmaya.com.br. 38400   IN      A       189.30.220.75

;; Query time: 1374 msec
;; SERVER: 189.30.220.74#53(189.30.220.74)
;; WHEN: Fri Apr 17 14:18:22 2009
;; MSG SIZE  rcvd: 302

It doesn't really mean anything - although I suppose you might
question why your nameserver was trying to resolve 189.30.220.74.

Rob.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list