From: "Lewis G Rosenthal" Received: from [192.168.100.201] (account lgrosenthal@2rosenthals.com HELO [192.168.100.28]) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPSA id 7174455 for ecs-isp@2rosenthals.com; Mon, 22 May 2023 12:02:16 -0400 Subject: Re: [eCS-ISP] Odd dig behavior To: eCS ISP Mailing List References: Organization: Rosenthal & Rosenthal, LLC Message-ID: <646B9204.3040806@2rosenthals.com> Date: Mon, 22 May 2023 12:02:12 -0400 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi... This intrigued me, but I was otherwise occupied yesterday. On 05/21/23 12:14 pm, Steven Levine wrote: > Hi all, > > As some of you know, Peter Moylan is working on DNS issues with his > pmoylan.org domain. While doing some testing with dig, I ran into some > unexpected behaviors which I would like others to double check. > Currently, I have DiG 9.11.28 installed. > > [d:\tmp]dig +nssearch pmoylan.org > > reports > > couldn't get address for 'ns1.wiz.net.au': failure > couldn't get address for 'ns2.wiz.net.au': failure > D:\usr2\bin\dig.exe: couldn't get address for 'ns1.wiz.net.au': no more > > Do any of you get differing responses? This command returns expected > results on OpenSuse and lists the SOA records. > {0}[j:\] dig -v DiG 9.8.1-OS2-9.8.1-1.oc00 {0}[j:\] dig +nssearch pmoylan.org SOA ns1.wiz.net.au. dns.wiz.net.au. 2019030902 10800 3600 604800 300 from server 203.30.197.11 in 213 ms. SOA ns1.wiz.net.au. dns.wiz.net.au. 2019030902 10800 3600 604800 300 from server 43.229.63.26 in 219 ms. (Yes, it's old, but it works.) > [d:\tmp]dig +short pmoylan.org > > returns nothing which is expected given the issues Peter is working on. Ditto. It should also be noted that: dig pmoylan.org returns data from my local DNS, though I can't rightly tell how long that may have been cached. > However, for bind 9.11.36 and 9.11.37, this command hangs. It can be > killed with top's forced kill (Ctrl-F), but not a normal kill (Ctrl-K). > > Do any of you get differing results. > > dig.exe from bind 9.12.4 seems work the same as 9.11.28 for these tests. > Interesting hang. I get the same results (list of servers, nothing short) with 9.16.38 on SuSE 15.4. Now, while pmoylan.org does not seem to have an A record or a CNAME (or an AAAA), mail.pmoylan.org does have a CNAME record, and this is listed as Peter's primary MX. (It is generally considered not good practice to have an MX record pointing to a CNAME rather than an A, but some systems allow it.) mail.pmoylan.org seems to be a CNAME for pmoylan.duckdns.org. Likewise, ftp.pmoylan.org is another CNAME for the same host. Now, it is not incorrect for there to not be an A or CNAME pointing to the domain itself (it's just sort of unusual these days). Without seeing a dump of his zonefile, it's impossible to tell what we should be seeing, but IAC, dig shouldn't hang, so I guess that's the point of this exercise. -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------