gTLD root nameserver anomaly

Ross Dmochowski ross at ign.com
Wed Aug 6 15:02:03 CDT 2008


sorry, nm. glue records in the rootzones, that no one should have put. 
I'll go back in my corner now.  

-----Original Message-----
From: Ross Dmochowski 
Sent: Wednesday, August 06, 2008 12:33 PM
To: nanog at nanog.org
Subject: gTLD root nameserver anomaly
Importance: High

Something weird seems afoot in the root nameservers.
I am noticing that the root nameservers are handing out extra info with
TTLs much longer than those delineated in the respective zone file on
the authoritative nameserver for that zone.

Case in point:
I asked my local DNS server for ns2.gamespy.com and it went directly to
a gtld server (f.gtld-servers.net.):

	08:25:27.541627 IP 172.19.2.15.45505 > 192.35.51.30.domain:
42289% [1au] A? ns2.gamespy.com. (44)
	08:25:27.544415 IP 192.35.51.30.domain > 172.19.2.15.45505:
42289- 1/5/3 A 207.38.0.11 (229)

and returned an answer with the larger TTL:

	dig ns2.gamespy.com

	; <<>> DiG 9.2.4 <<>> ns2.gamespy.com
	;; global options:  printcmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37167
	;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5,
ADDITIONAL: 7

	;; QUESTION SECTION:
	;ns2.gamespy.com.               IN      A

	;; ANSWER SECTION:
	ns2.gamespy.com.        172800  IN      A       207.38.0.11

	;; AUTHORITY SECTION:
	gamespy.com.            172800  IN      NS
pdns4.ultradns.org.
	gamespy.com.            172800  IN      NS
pdns5.ultradns.info.
	gamespy.com.            172800  IN      NS
pdns1.ultradns.net.
	gamespy.com.            172800  IN      NS
pdns2.ultradns.net.
	gamespy.com.            172800  IN      NS
pdns3.ultradns.org.

	;; ADDITIONAL SECTION:
	pdns1.ultradns.net.     131158  IN      A       204.74.108.1
	pdns1.ultradns.net.     44758   IN      AAAA    2001:502:f3ff::1
	pdns2.ultradns.net.     131158  IN      A       204.74.109.1
	pdns3.ultradns.org.     44758   IN      A       199.7.68.1
	pdns4.ultradns.org.     44758   IN      A       199.7.69.1
	pdns4.ultradns.org.     44758   IN      AAAA    2001:502:4612::1
	pdns5.ultradns.info.    44758   IN      A       204.74.114.1

	;; Query time: 4 msec
	;; SERVER: 127.0.0.1#53(127.0.0.1)
	;; WHEN: Wed Aug  6 08:25:27 2008
	;; MSG SIZE  rcvd: 322

but if I ask an UltraDNS server directly...it returns the correct TTL
 
	dig @204.74.108.1 ns2.gamespy.com

	; <<>> DiG 9.2.4 <<>> @204.74.108.1 ns2.gamespy.com
	; (1 server found)
	;; global options:  printcmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23978
	;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6,
ADDITIONAL: 0

	;; QUESTION SECTION:
	;ns2.gamespy.com.               IN      A

	;; ANSWER SECTION:
	ns2.gamespy.com.        300     IN      A       207.38.0.11

	;; AUTHORITY SECTION:
	gamespy.com.            300     IN      NS
PDNS6.ULTRADNS.CO.UK.
	gamespy.com.            300     IN      NS
PDNS5.ULTRADNS.INFO.
	gamespy.com.            300     IN      NS
PDNS4.ULTRADNS.ORG.
	gamespy.com.            300     IN      NS
PDNS3.ULTRADNS.ORG.
	gamespy.com.            300     IN      NS
PDNS2.ULTRADNS.NET.
	gamespy.com.            300     IN      NS
PDNS1.ULTRADNS.NET.

but unfortunately, my nameserver honors (as expected) the TTL that came
back from the initial request

	;; ANSWER SECTION:
	ns2.gamespy.com.        172493  IN      A       207.38.0.11

Another example would be 'gss1.foxtv.com'. I changed the IP for that
server on Sunday night, and if you ask the authoritative nameservers
(for IGN), they give you the correct response.
However, when you do a trace, once can see that the gTLD server gives
out its own info, which is not correct, and no one ever seems to get to
the authoritative nameserver to get the appropriate information.

-bash-2.05b$ dig +trace gss1.foxtv.com

; <<>> DiG 9.2.4 <<>> +trace gss1.foxtv.com ;; global options:  printcmd
.                       1796    IN      NS      f.root-servers.net.
.                       1796    IN      NS      g.root-servers.net.
.                       1796    IN      NS      h.root-servers.net.
.                       1796    IN      NS      i.root-servers.net.
.                       1796    IN      NS      j.root-servers.net.
.                       1796    IN      NS      k.root-servers.net.
.                       1796    IN      NS      l.root-servers.net.
.                       1796    IN      NS      m.root-servers.net.
.                       1796    IN      NS      a.root-servers.net.
.                       1796    IN      NS      b.root-servers.net.
.                       1796    IN      NS      c.root-servers.net.
.                       1796    IN      NS      d.root-servers.net.
.                       1796    IN      NS      e.root-servers.net.
;; Received 332 bytes from 10.1.100.100#53(10.1.100.100) in 1 ms

com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
;; Received 492 bytes from 192.5.5.241#53(f.root-servers.net) in 5 ms

gss1.foxtv.com.         172800  IN      A       63.241.173.211
foxtv.com.              172800  IN      NS      ns1.ign.com.
foxtv.com.              172800  IN      NS      ns2.gamespy.com.
foxtv.com.              172800  IN      NS      ns4.ign.com.
;; Received 162 bytes from 192.41.162.30#53(L.GTLD-SERVERS.NET) in 81 ms


Anyone have any ideas of why I am seeing this?
Any info would be greatly appreciated.

Ross S. Dmochowski     |   Sr. Linux Administrator   |   Fox Interactive
Media
Desk: (415) 508-2230 | Cell: (415) 279-3761 | Fax: (415) 508-2001 | AIM:
rossfim





More information about the NANOG mailing list