[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNSOP] DNSOP Digest, Vol 35, Issue 24

To: <dnsop at ietf.org>
Subject: Re: [DNSOP] DNSOP Digest, Vol 35, Issue 24
From: "keygold" <jinjian at cnnic.cn>
Date: Sat, 31 Oct 2009 03:45:30 +0800
Delivered-to: dnsop at core3.amsl.com
In-reply-to: <456929229.28143 at cnnic.cn>
List-archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-help: <mailto:dnsop-request@ietf.org?subject=help>
List-id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-post: <mailto:dnsop@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
References: <456929229.28143 at cnnic.cn>

good news and bad news.

I will check .cn TLD configuration and try to see what on earth happened.

NS.CERNET.NET as a node of .CN is indeed located in a independent ISPnetwork.


As far as I have known, it is not deliberate, I think.


Today's Topics:

  1.  Unusual behavior (wildcarding) on .cn TLD (Nicholas Weaver)


----------------------------------------------------------------------

Message: 1
Date: Fri, 30 Oct 2009 11:54:06 -0700
From: Nicholas Weaver <nweaver at ICSI.Berkeley.EDU>
Subject: [DNSOP] Unusual behavior (wildcarding) on .cn TLD
To: dnsop at ietf.org
Cc: Nicholas Weaver <nweaver at ICSI.Berkeley.EDU>
Message-ID: <DDC29F8F-CD6F-4A1C-826D-FB5FE6733CCA at ICSI.Berkeley.EDU>
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes

apologies if this isn't the correct list...


Has anyone else observed the following behavior for the .cn TLD, where
one authoritative server (NS.CERNET.NET) wildcards invalid domains,
but the others (a-e.dns.cn) do not?

Anyone know someone operationally involved with the .cn TLD to know if
this is deliberate and, if so, why?

The authority for .cn (in this case, from g.root-servers.net) is:

(reordered for readability)
cn.                     172800  IN      NS      A.DNS.cn.
cn.                     172800  IN      NS      B.DNS.cn.
cn.                     172800  IN      NS      C.DNS.cn.
cn.                     172800  IN      NS      D.DNS.cn.
cn.                     172800  IN      NS      E.DNS.cn.
cn.                     172800  IN      NS      NS.CERNET.NET.

with IPs 203.119.{25-29}.1 for {a-e}.dns.cn and 202.112.0.44 forns.cernet.net


A nice little foreach loop shows the behavior for me (from ICSI):

foreach foo ( 203.119.25.1 203.119.26.1 203.119.27.1 203.119.28.1
203.119.29.1 202.112.0.44 )
 foreach? echo "Looking up a bad name at $foo"
 foreach? dig +short +norecurse www.aoeuantoheuntahoeutn.cn @$foo
 foreach? end

Looking up a bad name at 203.119.25.1
Looking up a bad name at 203.119.26.1
Looking up a bad name at 203.119.27.1
;; connection timed out; no servers could be reached
Looking up a bad name at 203.119.28.1
Looking up a bad name at 203.119.29.1
;; connection timed out; no servers could be reached
Looking up a bad name at 202.112.0.44
159.226.7.162


NS.CERNET.NET seems to be deliberately wildcarding items which are
otherwise NXDOMAIN, and returning the a record of a server they
control.  But it is ONLY this nameserver, not all nameserver for .cn.



------------------------------

_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop


End of DNSOP Digest, Vol 35, Issue 24

*************************************

Prev by Date: [DNSOP] Unusual behavior (wildcarding) on .cn TLD
Next by Date: [DNSOP] draft-ietf-dnsop-resolver-priming-02
Previous by thread: [DNSOP] Unusual behavior (wildcarding) on .cn TLD
Next by thread: [DNSOP] draft-ietf-dnsop-resolver-priming-02
Index(es):
- Date
- Thread