OT: lots of IPv6 DNS requests

Jon Radel jon at radel.com
Wed Jun 11 13:49:50 UTC 2008 

Wojciech Puchar wrote:
> 
>>
>> pearl# dig aaaa dns3.tensor.gdynia.pl
>> dns3.tensor.gdynia.pl.  21682   IN      AAAA    2001:4070:101:2::1
> 
> that's funny because i have in my domain:
> 
> dns3                    A       213.192.74.1
> dns3                    AAAA    2001:4070:101::1
> 
> not :2::1
> 
> 
> tried my secondary dns - the same.
> 
> 
> tried dig aaaa dns3.tensor.gdynia.pl from other server in poland - the 
> same!
> 
> any idea where this :2::1 can be kept. nowhere on my machines for sure.
> 
> i did grep 2001:4070:101:2::1 /etc/namedb/*/* on both my primary and 
> secondary dns - found only one position that defines 
> wojtek.tensor.gdynia.pl
> 
> nothing more.
> 
> 
> asked polish telecom DNS to look how it look from outside, got this
> dns3.tensor.gdynia.pl.  10800   IN      AAAA    2001:4070:101::1
> 
> which is OK.
> 
> 
> as you get :2::1 - any idea why?

Sure thing.  I know exactly why.  I keep telling you why.  You keep 
ignoring me.

Frankly, I'm beginning to suspect that you're only pretending that you 
know how DNS works.  You might want to research it a bit.

Run this:

$ dig @bilbo.nask.org.pl tensor.gdynia.pl ns

; <<>> DiG 9.4.2 <<>> @bilbo.nask.org.pl tensor.gdynia.pl ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45423
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;tensor.gdynia.pl.              IN      NS

;; AUTHORITY SECTION:
tensor.gdynia.pl.       28800   IN      NS      dns2.tensor.gdynia.pl.
tensor.gdynia.pl.       28800   IN      NS      dns.tensor.gdynia.pl.
tensor.gdynia.pl.       28800   IN      NS      dns3.tensor.gdynia.pl.

;; ADDITIONAL SECTION:
dns.tensor.gdynia.pl.   28800   IN      A       213.192.74.1
dns.tensor.gdynia.pl.   28800   IN      AAAA    2001:4070:101::1
dns2.tensor.gdynia.pl.  28800   IN      A       83.18.148.142
dns2.tensor.gdynia.pl.  28800   IN      AAAA    2001:4070:101::1
dns3.tensor.gdynia.pl.  28800   IN      A       83.12.228.78
dns3.tensor.gdynia.pl.  28800   IN      AAAA    2001:4070:101:2::1

;; Query time: 233 msec
;; SERVER: 195.187.245.51#53(195.187.245.51)
;; WHEN: Wed Jun 11 13:21:48 2008
;; MSG SIZE  rcvd: 222


over and over until you catch on to what it means.  Once you understand 
that, then run this:

$ dig @f-dns.pl. tensor.gdynia.pl ns

; <<>> DiG 9.4.2 <<>> @f-dns.pl. tensor.gdynia.pl ns
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13848
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;tensor.gdynia.pl.              IN      NS

;; AUTHORITY SECTION:
gdynia.pl.              86400   IN      NS      dns2.task.gda.pl.
gdynia.pl.              86400   IN      NS      bilbo.nask.org.pl.
gdynia.pl.              86400   IN      NS      ns-pl.tpnet.pl.
gdynia.pl.              86400   IN      NS      kirdan.warman.nask.pl.
gdynia.pl.              86400   IN      NS      dns.task.gda.pl.

;; ADDITIONAL SECTION:
dns.task.gda.pl.        86400   IN      A       153.19.250.100
dns2.task.gda.pl.       86400   IN      A       212.77.97.222

;; Query time: 131 msec
;; SERVER: 2001:1a68:0:10::189#53(2001:1a68:0:10::189)
;; WHEN: Wed Jun 11 13:30:16 2008
;; MSG SIZE  rcvd: 200

over and over until you realize why this means that the results of the 
first command actually matter.

Or you could skip a step and run:

$ dig @b-dns.pl. tensor.gdynia.pl ns

; <<>> DiG 9.4.2 <<>> @b-dns.pl. tensor.gdynia.pl ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10267
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;tensor.gdynia.pl.              IN      NS

;; AUTHORITY SECTION:
tensor.gdynia.pl.       28800   IN      NS      dns3.tensor.gdynia.pl.
tensor.gdynia.pl.       28800   IN      NS      dns2.tensor.gdynia.pl.
tensor.gdynia.pl.       28800   IN      NS      dns.tensor.gdynia.pl.

;; ADDITIONAL SECTION:
dns.tensor.gdynia.pl.   28800   IN      A       213.192.74.1
dns.tensor.gdynia.pl.   28800   IN      AAAA    2001:4070:101::1
dns2.tensor.gdynia.pl.  28800   IN      A       83.18.148.142
dns2.tensor.gdynia.pl.  28800   IN      AAAA    2001:4070:101::1
dns3.tensor.gdynia.pl.  28800   IN      A       83.12.228.78
dns3.tensor.gdynia.pl.  28800   IN      AAAA    2001:4070:101:2::1

;; Query time: 138 msec
;; SERVER: 80.50.50.10#53(80.50.50.10)
;; WHEN: Wed Jun 11 13:32:09 2008
;; MSG SIZE  rcvd: 222

Basically, according to the root servers, pl has 8 nameservers, a-dns.pl 
through h-dns.pl.  They give different answers when asked about 
gdynia.pl and tensor.gdynia.pl

a:  returns set of 5, including bilbo.nask.org.pl, which then returns 
the dreaded address

b:  returns set of 5 for gdynia.pl, BUT WHEN ASKED ABOUT 
TENSOR.GDYNIA.PL returns your 3 nameservers, with the dreaded address in 
glue (unlike all the other pl TLD servers)

c:  like a

d:  like a

e:  like a

f:  like a

g:  like a

h:  like a but less additional information

So, obviously, not all paths lead to the bad address, but there are 
plenty that do.  Is this your fault?  I haven't the foggiest.  I would 
suggest you go and talk to your parents about why they're making you so 
unhappy.  :-)

--Jon Radel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3283 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080611/28ff03c7/smime.bin

More information about the freebsd-questions mailing list