Yet another Quadruple DNS?

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Mar 29 11:38:49 UTC 2018


On Thu, Mar 29, 2018 at 12:16:48PM +0100,
 Tony Finch <dot at dotat.at> wrote 
 a message of 15 lines which said:

> Also the very amusing
> 
> https://twitter.com/eastdakota/status/970359846548549632

Less amusing, for a DNS service, the brokenness of reverse service:

% dig -x 1.1.1.1

; <<>> DiG 9.10.3-P4-Debian <<>> -x 1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24536
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;1.1.1.1.in-addr.arpa.	IN PTR

;; Query time: 516 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 29 13:37:54 CEST 2018
;; MSG SIZE  rcvd: 49


% dig @ns1.apnic.net. NS 1.1.1.in-addr.arpa

; <<>> DiG 9.10.3-P4-Debian <<>> @ns1.apnic.net. NS 1.1.1.in-addr.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48493
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;1.1.1.in-addr.arpa.	IN NS

;; AUTHORITY SECTION:
1.1.1.in-addr.arpa.	86400 IN NS ns7.cloudflare.com.
1.1.1.in-addr.arpa.	86400 IN NS ns3.cloudflare.com.
1.1.1.in-addr.arpa.	172800 IN NSEC 113.1.1.in-addr.arpa. NS RRSIG NSEC
1.1.1.in-addr.arpa.	172800 IN RRSIG	NSEC 5 5 172800 (
				20180427150337 20180328140337 2371 1.in-addr.arpa.
				h44NAaTSpn5wvzTtddlUEKJ8+bikdaTDXnxh5M1bisO0
				/NibM7iWfwcuaaWPvNeOutMdA0OBxGwbmErattfyXbRI
				KWrBWopBkr8+uVo7BgBYBa2SqY7PdUyYIt40PTjwnsrl
				lxBgaHMe1yz6qvQh2oljUJL45HkJnVWoHnuTRq8= )

;; Query time: 317 msec
;; SERVER: 2001:dc0:2001:0:4608::25#53(2001:dc0:2001:0:4608::25)
;; WHEN: Thu Mar 29 13:38:05 CEST 2018
;; MSG SIZE  rcvd: 313


% dig @ns7.cloudflare.com -x 1.1.1.1

; <<>> DiG 9.10.3-P4-Debian <<>> @ns7.cloudflare.com -x 1.1.1.1
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 10538
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;1.1.1.1.in-addr.arpa.	IN PTR

;; Query time: 7 msec
;; SERVER: 2400:cb00:2049:1::a29f:606#53(2400:cb00:2049:1::a29f:606)
;; WHEN: Thu Mar 29 13:38:25 CEST 2018
;; MSG SIZE  rcvd: 49


% dig @ns3.cloudflare.com -x 1.1.1.1

; <<>> DiG 9.10.3-P4-Debian <<>> @ns3.cloudflare.com -x 1.1.1.1
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 27962
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;1.1.1.1.in-addr.arpa.	IN PTR

;; Query time: 6 msec
;; SERVER: 2400:cb00:2049:1::a29f:21#53(2400:cb00:2049:1::a29f:21)
;; WHEN: Thu Mar 29 13:38:33 CEST 2018
;; MSG SIZE  rcvd: 49




More information about the NANOG mailing list