[AusNOG] AusRegistry

Chris Wright chris at ausregistry.com.au
Fri May 3 12:30:09 EST 2013


Hi James et al,

My team has reached out to you to request more information, it would have been helpful if you included this information in your post. We have looked into this and the problem can actually be resolved with your DNS hosting provider.

The problem is subtle and complicated, however in short due to the chain of delegation your hosting providers has created (sunatraffic.com.au is delegated to name servers in summitdns.com.au which is delegated to name servers in summithosting.com.au), some inconsistencies and what can only be put down to buggy resolvers your domain will not be working in certain circumstances (which is what you are experiencing).

In future I would request you either try to get in contact with us, or post questions to this list rather than posting definitive statements, with little to no useful information, inferring our services are broken in some way.

Below is the analysis:

If you ask ns1.summitdns.com.au it believes your name servers are:

$ dig -t ns sunatraffic.com.au @ns1.summitdns.com.au

; <<>> DiG 9.8.3-P1 <<>> -t ns sunatraffic.com.au @ns1.summitdns.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37495
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;sunatraffic.com.au.                     IN          NS

;; ANSWER SECTION:
sunatraffic.com.au.        3600      IN          NS          ns0.summitdns.com.au.
sunatraffic.com.au.        3600      IN          NS          ns3.summitdns.com.au.
sunatraffic.com.au.        3600      IN          NS          ns2.summitdns.com.au.
sunatraffic.com.au.        3600      IN          NS          ns1.summitdns.com.au.

;; Query time: 170 msec
;; SERVER: 199.195.193.95#53(199.195.193.95)
;; WHEN: Fri May  3 12:09:45 2013
;; MSG SIZE  rcvd: 118

However if you ask the ns1.summithosting.com.au it believes your name server are:

$ dig -t ns sunatraffic.com.au @ns1.summithosting.com.au

; <<>> DiG 9.8.3-P1 <<>> -t ns sunatraffic.com.au @ns1.summithosting.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63355
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;sunatraffic.com.au.                     IN          NS

;; ANSWER SECTION:
sunatraffic.com.au.        86400   IN          NS          ns0.summithosting.com.au.
sunatraffic.com.au.        86400   IN          NS          ns1.summithosting.com.au.
sunatraffic.com.au.        86400   IN          NS          ns2.summithosting.com.au.
sunatraffic.com.au.        86400   IN          NS          ns3.summithosting.com.au.

;; ADDITIONAL SECTION:
ns0.summithosting.com.au. 14400         IN          A            27.116.37.194
ns1.summithosting.com.au. 14400         IN          A            27.116.37.195
ns2.summithosting.com.au. 14400         IN          A            111.65.227.230
ns3.summithosting.com.au. 14400         IN          A            198.105.222.234

;; Query time: 36 msec
;; SERVER: 27.116.37.195#53(27.116.37.195)
;; WHEN: Fri May  3 12:10:38 2013
;; MSG SIZE  rcvd: 186

And the zone hosted on the summithosting.com.au name servers is different to the one hosted on the summitdns.com.au.

Now in normal circumstance, since the com.au zone has your domain delegated to ns[0-3].summitdns.com.au this wouldn't be a problem and the summithosting.com.au left over records wouldn't be a problem, however since summitdns.com.au is delegated to summithosting.com.au it appears some resolves are getting confused (perhaps they are buggy, I'm not sure why they are being confused and we haven't been able to replicate the problem and find any broken resolvers).

I suggest you need to get your DNS hosting company to look at this in more depth, instead of them taking the easy route out and blaming the registry. The registry is working as intended, and as it has been for the last ten years, there have been no changes, the name servers listed in the registration records are indeed published to the DNS. It is worth noting that the .au registry follows a narrow glue publishing policy and has done so since AusRegistry took over the operation 10 years ago. This is in contrast to the wide glue policy Verisign implements with .com domains. More information on narrow vs. wide glue can be found in the DNS RFCs.

Thanks

Chris Wright
Chief Technology Officer

AusRegistry Pty Ltd
Level 8, 10 Queens Road
Melbourne. Victoria. Australia. 3004.
P:   +61 3 9866 3710
M: +61 401 873 798
F:   +61 3 9866 1970
E:   chris at ausregistry.com.au<mailto:chris at ausregistry.com.au>
W: www.ausregistry.com.au<http://www.ausregistry.com.au>

The information contained in this communication is intended for the named recipients only. It is subject to copyright and may contain privileged and/or confidential information. If you are not an intended recipient you must not use, copy, distribute or take any action in reliance on it. If you have received this communication in error, please delete all copies from your system and notify us immediately.



From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of James Troy
Sent: Friday, 3 May 2013 11:17 AM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] AusRegistry

Just to let everyone know, AusRegistry lost some glue in its records at about 1:30am, as reported to us by our DNS hosting company and has been affecting us for our global clients accessing our systems. So for anyone chasing routing/firewalls this is likely the issue.

James Troy
.
Intelematics Australia : connected mobility
Systems Administrator
250 Swan Street, Richmond, VIC 3121

Main:     +61 3 8415 9000
Fax:        +61 3 8415 9001
e: jtroy at intelematics.com.au<mailto:jtroy at intelematics.com.au>
w: www.intelematics.com.au<http://www.intelematics.com.au/> and www.sunatraffic.com.au<http://www.sunatraffic.com.au/>

**This message and any attachment are confidential to the ordinary user of the email address to which it is addressed and may contain copyright and/or legally privileged information. If you are not the intended recipient, please telephone or email the sender and delete the message and any attachment from your system. It is your responsibility to scan this communication and any files attached for computer viruses and other defects.**

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130503/46d04d92/attachment.html>


More information about the AusNOG mailing list