[GTER] Problema resolucao dns

Caio Zanolla zanolla at gmail.com
Tue Sep 25 20:36:21 -03 2012 

http://www.intodns.com/calcadoslupie.com.br


Atenciosamente,
Caio Zanolla


2012/9/25 Ricardo Rodrigues <rcr.listas at ig.com.br>:
> Aqui resolveu normalmente. Tente verificar nos logs ou via tcpdump o que
> seu servidor DNS está tentando fazer.
>
> De qualquer forma, aqui vale a mesma recomendação: não usar mesmo endereço
> IP para DNS e para servidor Web, mesmo que tudo esteja no mesmo servidor
> físico.
>
> Abs,
> Ricardo
>
> Em 25 de setembro de 2012 16:44, Network Operation Center AlfainfNet <
> noc at alfainfnet.com.br> escreveu:
>
>> Boa tarde.
>>
>>
>>
>> Estou com um stress de resolução dns a dias. Domínio “calcadoslupie.com.br
>> ”.
>>
>> Assim que o mesmo expira o ttl de cache,  server recursivo não resolve mais
>> o domínio somente forçando um DIG em cima de outro server, assim entrando
>> novamente em seu cache e então volta a resolver.
>>
>> Fiz várias análises, em outros server resolve normal, porem achei algo
>> estranho e entao resolvi trocar uma ideia com o grupo:
>>
>> Observem:
>>
>>
>>
>> [root at dns3 logs]# dig calcadoslupie.com.br @f.dns.br
>>
>> ; <<>> DiG 9.7.3-P3 <<>> calcadoslupie.com.br @f.dns.br
>>
>> ;; global options: +cmd
>>
>> ;; Got answer:
>>
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34529
>>
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
>>
>> ;; WARNING: recursion requested but not available
>>
>>
>>
>> ;; QUESTION SECTION:
>>
>> ;calcadoslupie.com.br.  IN A
>>
>>
>>
>> ;; AUTHORITY SECTION:
>>
>> calcadoslupie.com.br. 86400 IN NS ns1.interfacevirtual.com.
>>
>> calcadoslupie.com.br. 86400 IN NS ns2.interfacevirtual.com.
>>
>>
>>
>> ;; Query time: 22 msec
>>
>> ;; SERVER: 200.219.159.10#53(200.219.159.10)
>>
>> ;; WHEN: Tue Sep 25 16:22:48 2012
>>
>> ;; MSG SIZE  rcvd: 94
>>
>>
>>
>> ===========================================================
>>
>>
>>
>> [root at dns3 logs]# dig interfacevirtual.com @a.gtld-servers.net
>>
>> ; <<>> DiG 9.7.3-P3 <<>> interfacevirtual.com @a.gtld-servers.net
>>
>> ;; global options: +cmd
>>
>> ;; Got answer:
>>
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39838
>>
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
>>
>> ;; WARNING: recursion requested but not available
>>
>>
>>
>> ;; QUESTION SECTION:
>>
>> ;interfacevirtual.com.  IN A
>>
>>
>>
>> ;; AUTHORITY SECTION:
>>
>> interfacevirtual.com. 172800 IN NS ns1.meta358.org.
>>
>> interfacevirtual.com. 172800 IN NS ns2.meta358.org.
>>
>>
>>
>> ;; Query time: 128 msec
>>
>> ;; SERVER: 192.5.6.30#53(192.5.6.30)
>>
>> ;; WHEN: Tue Sep 25 16:35:16 2012
>>
>> ;; MSG SIZE  rcvd: 85
>>
>>
>>
>>
>>
>> [root at dns3 logs]# dig interfacevirtual.com @ns1.meta358.org
>>
>>
>>
>> ; <<>> DiG 9.7.3-P3 <<>> interfacevirtual.com @ns1.meta358.org
>>
>> ;; global options: +cmd
>>
>> ;; Got answer:
>>
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8950
>>
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>>
>> ;; WARNING: recursion requested but not available
>>
>>
>>
>> ;; QUESTION SECTION:
>>
>> ;interfacevirtual.com.  IN A
>>
>>
>>
>> ;; ANSWER SECTION:
>>
>> interfacevirtual.com. 14400 IN A 67.228.172.192
>>
>>
>>
>> ;; AUTHORITY SECTION:
>>
>> interfacevirtual.com. 86400 IN NS ns1.interfacevirtual.com.
>>
>> interfacevirtual.com. 86400 IN NS ns2.interfacevirtual.com.
>>
>>
>>
>> ;; ADDITIONAL SECTION:
>>
>> ns1.interfacevirtual.com. 14400 IN A 67.228.172.192
>>
>> ns2.interfacevirtual.com. 14400 IN A 67.228.172.193
>>
>>
>>
>> ;; Query time: 156 msec
>>
>> ;; SERVER: 67.228.172.192#53(67.228.172.192)
>>
>> ;; WHEN: Tue Sep 25 16:36:34 2012
>>
>> ;; MSG SIZE  rcvd: 122
>>
>>
>>
>>
>>
>> De fato o server autoritativo que responde pelo dominio
>> “interfacevirtual.com” eh o ns1/ns2.meta358.org, porem na zona no mesmo
>> constam outros NS, ns1/ns2.interfacevirtual.com. No meu entendimento
>> deveria
>> ter na zona interfacevirtual.com os NS ns1/ns2.meta358.org ou entao nos
>> GTLD-Servers deveria estar com NS e IP da zona interfacevirtual.com.
>>
>> Isto é um equívoco?
>>
>> Pode estar causando estas falhas de resolucao?
>>
>> Rodo dns recursivo com dnssec habilitado.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Gabriel V. Longo
>>
>> inoc-dba 262883:100
>>
>> noc at alfainfnet.com.br
>>
>> http://www.alfainfnet.com.br <http://www.alfainfnet.com.br/>
>>
>>
>>
>> --
>> gter list    https://eng.registro.br/mailman/listinfo/gter
>>
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter

More information about the gter mailing list