• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

beginner question - confusing DNS results

Started by Popcorn6, March 24, 2011, 10:41:20 AM

Previous topic - Next topic

Popcorn6

Hi,

I'm hoping someone can guide me here. I've setup my tunnel, web server and mail server, but throughout I've been getting intermittent failures. Without changing any configuration services stop working then start again.

I registered a domain 'mycontactpoint dot info' and pointed it at the FreeDNS service.

On my tunnel information page I have the following:
Available DNS Resolvers
   Anycasted IPv6 Caching Nameserver:    2001:470:20::2
   Anycasted IPv4 Caching Nameserver:    74.82.42.42

When I 'dig any @2001:470:20::2 mycontactpoint dot info' I get consistent results as I expect.
When I 'dig any @74.82.42.42 mycontactpoint dot info' the results change between the same as @2001:470:20::2 and the original information submitted by my registrar.

I also tried  'dig any @8.8.8.8 mycontactpoint dot info' and these results are also correct.

What can I have done wrong that gets inconsistent results with 74.82.42.42?

Thanks in advance,
D.


cconn

trying to see what you are speaking of, what exactly are you getting as wrong info?

johnpoz

Ok -- that IPv4 address is the A record, the IPv6 would be AAAA records.. So if I query

; <<>> DiG 9.7.1-P2 <<>> @2001:470:20::2 mycontactpoint.info A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54656
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mycontactpoint.info.           IN      A

;; ANSWER SECTION:
mycontactpoint.info.    16      IN      A       67.55.9.20

;; Query time: 39 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Thu Mar 24 14:46:41 2011
;; MSG SIZE  rcvd: 53

Same as if I query that 74.82.42.42 server.

If I query the ipv4 for the AAAA record it gives the IPv6 address as well

; <<>> DiG 9.7.1-P2 <<>> @74.82.42.42 mycontactpoint.info AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13132
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mycontactpoint.info.           IN      AAAA

;; ANSWER SECTION:
mycontactpoint.info.    300     IN      AAAA    2001:470:1f06:be2::3

;; Query time: 110 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Thu Mar 24 14:48:14 2011
;; MSG SIZE  rcvd: 65


If you do not want an 'A' record then you should remove it.


Popcorn6

Sorry, I should have posted specific results to be clear.
I invoked dig twice with the same command. The first results are incorrect (this is the original information when the domain was registered before I updated the DNS hosting), the second is what I'm expecting. This only happens if I use the IPv4 Hurricane Electric nameserver provided in my tunnel configuration. I tried with googles nameservers and that give me the expected result every time.

I only registered the domain and updated the DNS hosts last night. Could that impact HE DNS and not Google?

Thanks for your help and sorry for the long post.
D.


-------1st try-----------------------------------------------------------------------------------------------------------------
# dig any @74.82.42.42 mycontactpoint.info

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc13 <<>> any @74.82.42.42 mycontactpoint.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62607
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mycontactpoint.info.           IN      ANY

;; ANSWER SECTION:
mycontactpoint.info.    10891   IN      MX      10 mx01.1and1.com.
mycontactpoint.info.    10891   IN      MX      10 mx00.1and1.com.
mycontactpoint.info.    55185   IN      SOA     ns51.1and1.com. hostmaster.1and1.com. 2011032302 28800 7200 604800 86400

;; ADDITIONAL SECTION:
mx00.1and1.com.         7200    IN      A       74.208.5.3
mx01.1and1.com.         7200    IN      A       74.208.5.21

;; Query time: 167 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Thu Mar 24 21:32:33 2011
;; MSG SIZE  rcvd: 172


-------2nd try (immediately after)-----------------------------------------------------------------------------------------------------------------
# dig any @74.82.42.42 mycontactpoint.info

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc13 <<>> any @74.82.42.42 mycontactpoint.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38426
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 10

;; QUESTION SECTION:
;mycontactpoint.info.           IN      ANY

;; ANSWER SECTION:
mycontactpoint.info.    300     IN      NS      ns3.he.net.
mycontactpoint.info.    300     IN      A       67.55.9.20
mycontactpoint.info.    86400   IN      SOA     ns1.he.net. hostmaster.he.net. 2011032405 10800 1800 604800 86400
mycontactpoint.info.    300     IN      AAAA    2001:470:1f06:be2::3
mycontactpoint.info.    300     IN      NS      ns2.he.net.
mycontactpoint.info.    300     IN      MX      10 mycontactpoint.info.
mycontactpoint.info.    300     IN      NS      ns5.he.net.
mycontactpoint.info.    300     IN      NS      ns4.he.net.

;; ADDITIONAL SECTION:
ns2.he.net.             86097   IN      AAAA    2001:470:200::2
ns3.he.net.             86097   IN      AAAA    2001:470:300::2
ns5.he.net.             86097   IN      AAAA    2001:470:500::2
mycontactpoint.info.    300     IN      A       67.55.9.20
ns4.he.net.             86097   IN      A       216.66.1.2
ns2.he.net.             86097   IN      A       216.218.131.2
mycontactpoint.info.    300     IN      AAAA    2001:470:1f06:be2::3
ns3.he.net.             86097   IN      A       216.218.132.2
ns4.he.net.             86097   IN      AAAA    2001:470:400::2
ns5.he.net.             86097   IN      A       216.66.80.18

;; Query time: 150 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Thu Mar 24 21:33:32 2011
;; MSG SIZE  rcvd: 446

-------3rd try (Google DNS)-----------------------------------------------------------------------------------------------------------------
# dig any @8.8.8.8 mycontactpoint.info

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc13 <<>> any @8.8.8.8 mycontactpoint.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34606
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mycontactpoint.info.           IN      ANY

;; ANSWER SECTION:
mycontactpoint.info.    300     IN      NS      ns5.he.net.
mycontactpoint.info.    86400   IN      SOA     ns1.he.net. hostmaster.he.net. 2011032405 10800 1800 604800 86400
mycontactpoint.info.    300     IN      NS      ns4.he.net.
mycontactpoint.info.    300     IN      AAAA    2001:470:1f06:be2::3
mycontactpoint.info.    300     IN      NS      ns2.he.net.
mycontactpoint.info.    300     IN      A       67.55.9.20
mycontactpoint.info.    300     IN      NS      ns3.he.net.
mycontactpoint.info.    300     IN      MX      10 mycontactpoint.info.

;; Query time: 99 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Mar 24 21:46:25 2011
;; MSG SIZE  rcvd: 226


johnpoz

Im not getting any such info from a any query.. I only see the authority info, ie NS records

; <<>> DiG 9.7.1-P2 <<>> any @74.82.42.42 mycontactpoint.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65348
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 8

;; QUESTION SECTION:
;mycontactpoint.info.           IN      ANY

;; ANSWER SECTION:
mycontactpoint.info.    24522   IN      NS      ns5.he.net.
mycontactpoint.info.    24522   IN      NS      ns3.he.net.
mycontactpoint.info.    24522   IN      NS      ns4.he.net.
mycontactpoint.info.    24522   IN      NS      ns2.he.net.

;; ADDITIONAL SECTION:
ns3.he.net.             78192   IN      A       216.218.132.2
ns5.he.net.             78192   IN      AAAA    2001:470:500::2
ns2.he.net.             78192   IN      AAAA    2001:470:200::2
ns2.he.net.             78192   IN      A       216.218.131.2
ns3.he.net.             78192   IN      AAAA    2001:470:300::2
ns4.he.net.             78192   IN      A       216.66.1.2
ns5.he.net.             78192   IN      A       216.66.80.18
ns4.he.net.             78192   IN      AAAA    2001:470:400::2

;; Query time: 17 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri Mar 25 07:53:19 2011
;; MSG SIZE  rcvd: 291

Popcorn6

I'm getting the same now, but if I put in a specific request (mx/a/aaaa) instead of 'any' I get an answer.

I'm trying to figure out whether this is something:

  • I've configured incorrectly  - most likely as I'm new to this
  • delays in DNS propagation  - the HE nameserver forwarding to different nameservers and relaying their different responses
  • some problem with the HE nameserver - Unlikely as others would be having problems

Thanks for your advice,
D.

# dig a @74.82.42.42 mycontactpoint.info

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc13 <<>> a @74.82.42.42 mycontactpoint.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9238
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mycontactpoint.info.           IN      A

;; ANSWER SECTION:
mycontactpoint.info.    300     IN      A       67.55.9.20

;; Query time: 148 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri Mar 25 09:59:03 2011
;; MSG SIZE  rcvd: 53

----------------------------------------------------------------------------------------------------------------------
# dig aaaa @74.82.42.42 mycontactpoint.info

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc13 <<>> aaaa @74.82.42.42 mycontactpoint.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48415
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mycontactpoint.info.           IN      AAAA

;; ANSWER SECTION:
mycontactpoint.info.    300     IN      AAAA    2001:470:1f06:be2::3

;; Query time: 76 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri Mar 25 09:59:08 2011
;; MSG SIZE  rcvd: 65

-----------------------------------------------------------------------------------------------------------------------------
# dig any @74.82.42.42 mycontactpoint.info

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc13 <<>> any @74.82.42.42 mycontactpoint.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2971
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 8

;; QUESTION SECTION:
;mycontactpoint.info.           IN      ANY

;; ANSWER SECTION:
mycontactpoint.info.    41943   IN      NS      ns4.he.net.
mycontactpoint.info.    41943   IN      NS      ns5.he.net.
mycontactpoint.info.    41943   IN      NS      ns2.he.net.
mycontactpoint.info.    10296   IN      SOA     ns51.1and1.com. hostmaster.1and1.com. 2011032302 28800 7200 604800 86400
mycontactpoint.info.    41943   IN      NS      ns3.he.net.

;; ADDITIONAL SECTION:
ns3.he.net.             82718   IN      AAAA    2001:470:300::2
ns5.he.net.             82718   IN      A       216.66.80.18
ns4.he.net.             82718   IN      A       216.66.1.2
ns2.he.net.             82718   IN      AAAA    2001:470:200::2
ns2.he.net.             82718   IN      A       216.218.131.2
ns3.he.net.             82718   IN      A       216.218.132.2
ns5.he.net.             82718   IN      AAAA    2001:470:500::2
ns4.he.net.             82718   IN      AAAA    2001:470:400::2

;; Query time: 55 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri Mar 25 10:00:41 2011
;; MSG SIZE  rcvd: 352

johnpoz

#6
still confused what your concerned about?

the returned A record?

;; ANSWER SECTION:
mycontactpoint.info.    300     IN      A       67.55.9.20

Do you have that record in your he dns config?

What do you have in your HE dns config??  

As to other nameservers??  You lost me on that - why would the HE dns forward to any other servers.. Your whois clearly shows what NS records are for your domain

Domain Name:MYCONTACTPOINT.INFO
Created On:23-Mar-2011 21:38:17 UTC
Last Updated On:24-Mar-2011 05:36:16 UTC
Expiration Date:23-Mar-2012 21:38:17 UTC

Name Server:NS3.HE.NET
Name Server:NS2.HE.NET
Name Server:NS4.HE.NET
Name Server:NS5.HE.NET

And a query to the root servers only respond with those NS records.

If I do a trace for your domain -- you get this

INFO.                   172800  IN      NS      a2.info.afilias-nst.INFO.
INFO.                   172800  IN      NS      b0.info.afilias-nst.org.
INFO.                   172800  IN      NS      c0.info.afilias-nst.INFO.
INFO.                   172800  IN      NS      d0.info.afilias-nst.org.
INFO.                   172800  IN      NS      a0.info.afilias-nst.INFO.
INFO.                   172800  IN      NS      b2.info.afilias-nst.org.
;; Received 440 bytes from 192.112.36.4#53(g.root-servers.net) in 164 ms

MYCONTACTPOINT.INFO.    86400   IN      NS      ns2.he.net.
MYCONTACTPOINT.INFO.    86400   IN      NS      ns5.he.net.
MYCONTACTPOINT.INFO.    86400   IN      NS      ns4.he.net.
MYCONTACTPOINT.INFO.    86400   IN      NS      ns3.he.net.

;; Received 115 bytes from 2001:500:1a::1#53(b0.info.afilias-nst.org) in 271 ms

MYCONTACTPOINT.INFO.    300     IN      A       67.55.9.20
;; Received 53 bytes from 2001:470:300::2#53(ns3.he.net) in 89 ms

Then ns3 returns that A record -- which you must of setup on their servers via the dns interface at https://dns.he.net/


Popcorn6

My initial concern was that querying 74.82.42.42 for mycontactpoint.info was sometimes returning

;; ANSWER SECTION:
mycontactpoint.info.    10891   IN      MX      10 mx01.1and1.com.
mycontactpoint.info.    10891   IN      MX      10 mx00.1and1.com.
mycontactpoint.info.    55185   IN      SOA     ns51.1and1.com. hostmaster.1and1.com. 2011032302 28800 7200 604800 86400

and othertimes

;; ANSWER SECTION:
mycontactpoint.info.    300     IN      NS      ns3.he.net.
mycontactpoint.info.    300     IN      A       67.55.9.20
mycontactpoint.info.    86400   IN      SOA     ns1.he.net. hostmaster.he.net. 2011032405 10800 1800 604800 86400
mycontactpoint.info.    300     IN      AAAA    2001:470:1f06:be2::3
mycontactpoint.info.    300     IN      NS      ns2.he.net.
mycontactpoint.info.    300     IN      MX      10 mycontactpoint.info.
mycontactpoint.info.    300     IN      NS      ns5.he.net.
mycontactpoint.info.    300     IN      NS      ns4.he.net.

This is no longer happening now. Could this have happened because the original DNS info was cached somewhere with a large TTL. If so, why would I sometimes get the correct answer and sometimes the old one?

The only thing I don't understand now is why I only get a list of nameservers in the ANSWER section when I do an 'any' query at 74.82.42.42. If I do an any query at 8.8.8.8 I get the complete list.

Thanks again for your help (and patience),
D.



johnpoz

I don't think it has to do with anything cached at all.

You have that A record in the he dns do you not?  And the MX, etc.

; <<>> DiG 9.7.1-P2 <<>> @ns3.he.net mycontactpoint.info any
;; QUESTION SECTION:
;mycontactpoint.info.           IN      ANY

;; ANSWER SECTION:
mycontactpoint.info.    300     IN      A       67.55.9.20
mycontactpoint.info.    300     IN      AAAA    2001:470:1f06:be2::3
mycontactpoint.info.    300     IN      MX      10 mycontactpoint.info.
mycontactpoint.info.    300     IN      NS      ns4.he.net.
mycontactpoint.info.    300     IN      NS      ns5.he.net.
mycontactpoint.info.    300     IN      NS      ns2.he.net.
mycontactpoint.info.    300     IN      NS      ns3.he.net.
mycontactpoint.info.    86400   IN      SOA     ns1.he.net. hostmaster.he.net. 2011032405 10800 1800 604800 86400

;; ADDITIONAL SECTION:
ns3.he.net.             86400   IN      A       216.218.132.2
ns5.he.net.             86400   IN      AAAA    2001:470:500::2
ns4.he.net.             86400   IN      AAAA    2001:470:400::2
ns2.he.net.             86400   IN      A       216.218.131.2
ns5.he.net.             86400   IN      A       216.66.80.18
ns2.he.net.             86400   IN      AAAA    2001:470:200::2
ns4.he.net.             86400   IN      A       216.66.1.2
ns3.he.net.             86400   IN      AAAA    2001:470:300::2

;; Query time: 94 msec
;; SERVER: 2001:470:300::2#53(2001:470:300::2)
;; WHEN: Fri Mar 25 13:57:22 2011
;; MSG SIZE  rcvd: 402

Are you saying you do NOT have that A record in he dns??