Misconfigured DNS

Author	Message
computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert Send message Joined: 28 Jul 16 Posts: 473 Credit: 389,411 RAC: 62	Message 4876 - Posted: 1 May 2017, 9:31:59 UTC When resolving names like .gridpp.rl.ac.uk my DNS cache logs a lot of errors like: "skipping nameserver 'srsgsv.dl.ac.uk' because it is a CNAME" Resolving that nameserver itself shows that it is indeed a CNAME and that's a common DNS misconfiguration. dig srsgsv.dl.ac.uk. @nserv1.dl.ac.uk ; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> srsgsv.dl.ac.uk. @nserv1.dl.ac.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63531 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;srsgsv.dl.ac.uk. IN A ;; ANSWER SECTION: srsgsv.dl.ac.uk. 86400 IN CNAME nserv4.dl.ac.uk.* nserv4.dl.ac.uk. 86400 IN A 148.79.80.70 ;; AUTHORITY SECTION: dl.ac.uk. 86400 IN NS ns2.rl.ac.uk. dl.ac.uk. 86400 IN NS nserv1.dl.ac.uk. dl.ac.uk. 86400 IN NS ns1.rl.ac.uk. dl.ac.uk. 86400 IN NS nserv4.dl.ac.uk. ;; ADDITIONAL SECTION: nserv1.dl.ac.uk. 86400 IN A 148.79.80.78 ns1.rl.ac.uk. 7200 IN A 130.246.135.153 ns2.rl.ac.uk. 7200 IN A 130.246.11.148 ;; Query time: 50 msec ;; SERVER: 148.79.80.78#53(148.79.80.78) ;; WHEN: Mon May 01 11:24:14 CEST 2017 ;; MSG SIZE rcvd: 203 Be so kind as fo forward this post to your partner institute. ID: 4876 · Rating: 0 · rate: / Reply Quote

ivan Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 20 Jan 15 Posts: 1129 Credit: 7,874,101 RAC: 172	Message 4877 - Posted: 1 May 2017, 12:51:59 UTC - in response to Message 4876. I've notified Andrew. Hopefully he'll know who to alert. Thanks for the report. ID: 4877 · Rating: 0 · rate: / Reply Quote

computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert Send message Joined: 28 Jul 16 Posts: 473 Credit: 389,411 RAC: 62	Message 4878 - Posted: 1 May 2017, 13:25:29 UTC - in response to Message 4877. Thank you Ivan. Be so kind as to also forward the following DNS issue. If you query lcgft-atlas.gridpp.rl.ac.uk the answer gives you a couple of nameservers that will be asked in random order. One of them is nnsa.dl.ac.uk. This nameserver seems to be misconfigured ("lame") as it gives no IP for lcgft-atlas.gridpp.rl.ac.uk. Correct answer from ns1.rl.ac.uk ; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> lcgft-atlas.gridpp.rl.ac.uk. @ns1.rl.ac.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32925 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 6, ADDITIONAL: 6 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;lcgft-atlas.gridpp.rl.ac.uk. IN A ;; ANSWER SECTION: lcgft-atlas.gridpp.rl.ac.uk. 2 IN A 130.246.183.175 lcgft-atlas.gridpp.rl.ac.uk. 2 IN A 130.246.223.196 lcgft-atlas.gridpp.rl.ac.uk. 2 IN A 130.246.181.128 lcgft-atlas.gridpp.rl.ac.uk. 2 IN A 130.246.183.174 ;; AUTHORITY SECTION: rl.ac.uk. 7200 IN NS srsgsv.dl.ac.uk. rl.ac.uk. 7200 IN NS nnsa.dl.ac.uk. rl.ac.uk. 7200 IN NS ns1.rl.ac.uk. rl.ac.uk. 7200 IN NS ns3.rl.ac.uk. rl.ac.uk. 7200 IN NS nserv1.dl.ac.uk. rl.ac.uk. 7200 IN NS ns2.rl.ac.uk. ;; ADDITIONAL SECTION: ns1.rl.ac.uk. 7200 IN A 130.246.135.153 ns2.rl.ac.uk. 7200 IN A 130.246.11.148 ns3.rl.ac.uk. 3600 IN A 148.79.80.70 nnsa.dl.ac.uk. 86400 IN A 193.62.115.16 nserv1.dl.ac.uk. 86400 IN A 148.79.80.78 ;; Query time: 45 msec ;; SERVER: 130.246.135.153#53(130.246.135.153) ;; WHEN: Mon May 01 15:08:19 CEST 2017 ;; MSG SIZE rcvd: 318 No answer from nnsa.dl.ac.uk causing a new query to one of the other nameservers. This happens very often as the TTL is only 2 seconds. dig lcgft-atlas.gridpp.rl.ac.uk. @nnsa.dl.ac.uk ;; Query time: 50 msec ;; SERVER: 193.62.115.16#53(193.62.115.16) ;; WHEN: Mon May 01 15:09:18 CEST 2017 ;; MSG SIZE rcvd: 56 ; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> lcgft-atlas.gridpp.rl.ac.uk. @nnsa.dl.ac.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 11892 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;lcgft-atlas.gridpp.rl.ac.uk. IN A ;; Query time: 50 msec ;; SERVER: 193.62.115.16#53(193.62.115.16) ;; WHEN: Mon May 01 15:09:18 CEST 2017 ;; MSG SIZE rcvd: 56 ID: 4878 · Rating: 0 · rate: / Reply Quote

ivan Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 20 Jan 15 Posts: 1129 Credit: 7,874,101 RAC: 172	Message 4879 - Posted: 1 May 2017, 14:17:00 UTC - in response to Message 4877. Response: "Thanks for this, I've forwarded it on to the appropriate people in STFC." ID: 4879 · Rating: 0 · rate: / Reply Quote

ivan Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 20 Jan 15 Posts: 1129 Credit: 7,874,101 RAC: 172	Message 4880 - Posted: 1 May 2017, 14:20:15 UTC - in response to Message 4878. Done. I take it May 1st isn't a holiday where you are? :-) ID: 4880 · Rating: 0 · rate: / Reply Quote

computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert Send message Joined: 28 Jul 16 Posts: 473 Credit: 389,411 RAC: 62	Message 4881 - Posted: 1 May 2017, 14:41:01 UTC - in response to Message 4880. Done. I take it May 1st isn't a holiday where you are? :-) It is. And very quiet. So it's enough time to dig a bit deeper in the logfiles. ;-) ID: 4881 · Rating: 0 · rate: / Reply Quote

ivan Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 20 Jan 15 Posts: 1129 Credit: 7,874,101 RAC: 172	Message 4882 - Posted: 1 May 2017, 17:09:18 UTC - in response to Message 4881. Fair enough! ID: 4882 · Rating: 0 · rate: / Reply Quote

ivan Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 20 Jan 15 Posts: 1129 Credit: 7,874,101 RAC: 172	Message 4886 - Posted: 3 May 2017, 19:07:58 UTC - in response to Message 4878. New response from Andrew: "It should be fixed now. The nameservers with problems were not actually meant to be in use :-)" ID: 4886 · Rating: 0 · rate: / Reply Quote

computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert Send message Joined: 28 Jul 16 Posts: 473 Credit: 389,411 RAC: 62	Message 4887 - Posted: 3 May 2017, 19:26:49 UTC - in response to Message 4886. Great! Looks good now. This measure could save about 8 ms per DNS query to that zone. Hmmm, in 100,000,000 years ... :-D ID: 4887 · Rating: 0 · rate: / Reply Quote

ivan Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 20 Jan 15 Posts: 1129 Credit: 7,874,101 RAC: 172	Message 4892 - Posted: 4 May 2017, 9:10:02 UTC - in response to Message 4887. [Sirius Cybernetics Corporation] Glad to be of service! [/Sirius Cybernetics Corporation] ID: 4892 · Rating: 0 · rate: / Reply Quote

computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert Send message Joined: 28 Jul 16 Posts: 473 Credit: 389,411 RAC: 62	Message 4897 - Posted: 8 May 2017, 11:33:03 UTC Sorry to bother again. There is still (or again?) a "lame" nameserver in the query chain for *.rl.ac.uk. nnsa.dl.ac.uk. 193.62.115.16 ID: 4897 · Rating: 0 · rate: / Reply Quote

Development for LHC@home