Spark/Telecom DNS issue
FYI - looks like there is an issue with telecom authoritative DNS. Short version: it's currently broken. Long version: there is a whois/NS loop $ whois telecom.co.nz. ... domain_datelastmodified: 2014-07-28T13:54:33+12:00 ... ns_name_01: ns1.spark.co.nz ns_name_02: ns2.spark.co.nz ns_name_03: ns3.spark.co.nz $ whois spark.co.nz ... domain_datelastmodified: 2014-06-10T10:08:28+12:00 ... ns_name_01: ish4.telecom.co.nz ns_name_02: ish5.telecom.co.nz No glue records, so no way to resolve the NS IP's FYI: ish4.telecom.co.nz. A 146.171.13.195 ish5.telecom.co.nz. A 146.171.13.194 ns1.spark.co.nz. A 146.171.13.195 ns2.spark.co.nz. A 146.171.247.25 ns3.spark.co.nz. A 146.171.13.194 -- Daniel
On 29/07/14 09:31, Daniel Siva wrote:
FYI - looks like there is an issue with telecom authoritative DNS.
Short version: it's currently broken.
Long version: there is a whois/NS loop
$ whois telecom.co.nz http://telecom.co.nz. ... domain_datelastmodified: 2014-07-28T13:54:33+12:00 ... ns_name_01: ns1.spark.co.nz http://ns1.spark.co.nz ns_name_02: ns2.spark.co.nz http://ns2.spark.co.nz ns_name_03: ns3.spark.co.nz http://ns3.spark.co.nz
$ whois spark.co.nz http://spark.co.nz ... domain_datelastmodified: 2014-06-10T10:08:28+12:00 ... ns_name_01: ish4.telecom.co.nz http://ish4.telecom.co.nz ns_name_02: ish5.telecom.co.nz http://ish5.telecom.co.nz
No glue records, so no way to resolve the NS IP's
Just to add some details, the problem is related to the cyclic dependency between telecom.co.nz and spark.co.nz. When a cache tries to resolver telecom.co.nz, because the absence of glue records in the parent zone (co.nz), it will try to resolve spark.co.nz, which to be completed needs to resolve telecom.co.nz. Without a hint, there is no way to bootstrap the resolution process, so it fails. It's up to Telecom to have it fixed, hopefully it will be done sometime soon. Cheers,
FYI: ish4.telecom.co.nz http://ish4.telecom.co.nz. A 146.171.13.195 ish5.telecom.co.nz http://ish5.telecom.co.nz. A 146.171.13.194
ns1.spark.co.nz http://ns1.spark.co.nz. A 146.171.13.195 ns2.spark.co.nz http://ns2.spark.co.nz. A 146.171.247.25 ns3.spark.co.nz http://ns3.spark.co.nz. A 146.171.13.194
-- Daniel
-- Sebastian Castro Technical Research Manager .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535
Just to add some details, the problem is related to the cyclic dependency between telecom.co.nz and spark.co.nz. When a cache tries to resolver telecom.co.nz, because the absence of glue records in the parent zone (co.nz), it >will try to resolve spark.co.nz, which to be completed needs to resolve telecom.co.nz. Without a hint, there is no way to bootstrap the resolution process, so it fails.
It's up to Telecom to have it fixed, hopefully it will be done sometime soon.
It's quite an impressive balls up to be frank. I am assuming this will have a flow on effect for other Telecom hosted sites as well.
It's taken down all of Chorus's client facing systems etc also... if you're internal to Telecom's network it's fine however. Gives me an excuse not to process any Wireline orders though. -- Lance HD NET On 29/07/2014 9:31 a.m., Daniel Siva wrote:
FYI - looks like there is an issue with telecom authoritative DNS.
Short version: it's currently broken.
Long version: there is a whois/NS loop
$ whois telecom.co.nz http://telecom.co.nz. ... domain_datelastmodified: 2014-07-28T13:54:33+12:00 ... ns_name_01: ns1.spark.co.nz http://ns1.spark.co.nz ns_name_02: ns2.spark.co.nz http://ns2.spark.co.nz ns_name_03: ns3.spark.co.nz http://ns3.spark.co.nz
$ whois spark.co.nz http://spark.co.nz ... domain_datelastmodified: 2014-06-10T10:08:28+12:00 ... ns_name_01: ish4.telecom.co.nz http://ish4.telecom.co.nz ns_name_02: ish5.telecom.co.nz http://ish5.telecom.co.nz
No glue records, so no way to resolve the NS IP's
FYI: ish4.telecom.co.nz http://ish4.telecom.co.nz. A 146.171.13.195 ish5.telecom.co.nz http://ish5.telecom.co.nz. A 146.171.13.194
ns1.spark.co.nz http://ns1.spark.co.nz. A 146.171.13.195 ns2.spark.co.nz http://ns2.spark.co.nz. A 146.171.247.25 ns3.spark.co.nz http://ns3.spark.co.nz. A 146.171.13.194
-- Daniel
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- HD Net Limited http://www.hd.net.nz Lance Hope Network and Systems Engineer lance(a)hd.net.nz mailto:lance(a)hd.net.nz HD Net Limited 092804135 11C Piermark Drive, Albany, Auckland http://www.hd.net.nz This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. HD Net Limited is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company.
Now with more glue records (as at 1000 zone push):
ns_ip4_01: 146.171.13.195
ns_name_01: ns1.spark.co.nz
ns_ip4_02: 146.171.247.25
ns_name_02: ns2.spark.co.nz
ns_ip4_03: 146.171.13.194
ns_name_03: ns3.spark.co.nz
%
On Tue, Jul 29, 2014 at 10:03 AM, Lance Hope
It's taken down all of Chorus's client facing systems etc also... if you're internal to Telecom's network it's fine however. Gives me an excuse not to process any Wireline orders though.
-- Lance HD NET
On 29/07/2014 9:31 a.m., Daniel Siva wrote:
FYI - looks like there is an issue with telecom authoritative DNS.
Short version: it's currently broken.
Long version: there is a whois/NS loop
$ whois telecom.co.nz. ... domain_datelastmodified: 2014-07-28T13:54:33+12:00 ... ns_name_01: ns1.spark.co.nz ns_name_02: ns2.spark.co.nz ns_name_03: ns3.spark.co.nz
$ whois spark.co.nz ... domain_datelastmodified: 2014-06-10T10:08:28+12:00 ... ns_name_01: ish4.telecom.co.nz ns_name_02: ish5.telecom.co.nz
No glue records, so no way to resolve the NS IP's
FYI: ish4.telecom.co.nz. A 146.171.13.195 ish5.telecom.co.nz. A 146.171.13.194
ns1.spark.co.nz. A 146.171.13.195 ns2.spark.co.nz. A 146.171.247.25 ns3.spark.co.nz. A 146.171.13.194
-- Daniel
_______________________________________________ NZNOG mailing listNZNOG(a)list.waikato.ac.nzhttp://list.waikato.ac.nz/mailman/listinfo/nznog
--
[image: HD Net Limited] http://www.hd.net.nz
Lance Hope Network and Systems Engineer lance(a)hd.net.nz
HD Net Limited 092804135 11C Piermark Drive, Albany, Auckland http://www.hd.net.nz
This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. HD Net Limited is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company.
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On 29/07/14 10:04, Mike Cooper wrote:
Now with more glue records (as at 1000 zone push):
Whois != DNS The Whois reflects the current status of the registry. The DNS takes a snapshot of the registry every hour on the hour, and publishes that. The change is on the registry for spark.co.nz, but it didn't make it on time for the DNS: dig ns spark.co.nz @ns1.dns.net.nz ; <<>> DiG 9.8.1-P1 <<>> ns spark.co.nz @ns1.dns.net.nz ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40576 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;spark.co.nz. IN NS ;; AUTHORITY SECTION: spark.co.nz. 86400 IN NS ish4.telecom.co.nz. spark.co.nz. 86400 IN NS ish5.telecom.co.nz. ;; Query time: 2 msec ;; SERVER: 2001:dce:2000:2::130#53(2001:dce:2000:2::130) ;; WHEN: Tue Jul 29 10:22:16 2014 ;; MSG SIZE rcvd: 75 The change will definitely make it to the 11:00AM zone push. Cheers,
ns_ip4_01: 146.171.13.195
ns_name_01: ns1.spark.co.nz http://ns1.spark.co.nz
ns_ip4_02: 146.171.247.25
ns_name_02: ns2.spark.co.nz http://ns2.spark.co.nz
ns_ip4_03: 146.171.13.194
ns_name_03: ns3.spark.co.nz http://ns3.spark.co.nz
%
On Tue, Jul 29, 2014 at 10:03 AM, Lance Hope
mailto:lance(a)hd.net.nz> wrote: It's taken down all of Chorus's client facing systems etc also... if you're internal to Telecom's network it's fine however. Gives me an excuse not to process any Wireline orders though.
-- Lance HD NET
On 29/07/2014 9:31 a.m., Daniel Siva wrote:
FYI - looks like there is an issue with telecom authoritative DNS.
Short version: it's currently broken.
Long version: there is a whois/NS loop
$ whois telecom.co.nz http://telecom.co.nz. ... domain_datelastmodified: 2014-07-28T13:54:33+12:00 ... ns_name_01: ns1.spark.co.nz http://ns1.spark.co.nz ns_name_02: ns2.spark.co.nz http://ns2.spark.co.nz ns_name_03: ns3.spark.co.nz http://ns3.spark.co.nz
$ whois spark.co.nz http://spark.co.nz ... domain_datelastmodified: 2014-06-10T10:08:28+12:00 ... ns_name_01: ish4.telecom.co.nz http://ish4.telecom.co.nz ns_name_02: ish5.telecom.co.nz http://ish5.telecom.co.nz
No glue records, so no way to resolve the NS IP's
FYI: ish4.telecom.co.nz http://ish4.telecom.co.nz. A 146.171.13.195 ish5.telecom.co.nz http://ish5.telecom.co.nz. A 146.171.13.194
ns1.spark.co.nz http://ns1.spark.co.nz. A 146.171.13.195 ns2.spark.co.nz http://ns2.spark.co.nz. A 146.171.247.25 ns3.spark.co.nz http://ns3.spark.co.nz. A 146.171.13.194
-- Daniel
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz mailto:NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
--
HD Net Limited http://www.hd.net.nz
Lance Hope Network and Systems Engineer lance(a)hd.net.nz mailto:lance(a)hd.net.nz
HD Net Limited 092804135 11C Piermark Drive, Albany, Auckland http://www.hd.net.nz
This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. HD Net Limited is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company.
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz mailto:NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Sebastian Castro Technical Research Manager .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535
participants (5)
-
Daniel Siva
-
Lance Hope
-
Mike Cooper
-
Sebastian Castro
-
Tony Wicks