From Newsgroup: comp.protocols.dns.bind
--0000000000000a3b5805ad59e5c7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
As for Viettel, I don't know how they configure it.
But when I use a server on another network, the result is as follows:
; <<>> DiG 9.6-ESV-R8 <<>> @115.84.177.8 250.0-24.199.212.125.in-addr.arpa
ptr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52626
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;250.0-24.199.212.125.in-addr.arpa. IN PTR
;; ANSWER SECTION:
250.0-24.199.212.125.in-addr.arpa. 360 IN PTR smtp.vss.gov.vn. 250.0-24.199.212.125.in-addr.arpa. 360 IN PTR baohiemxahoi.gov.vn.
;; AUTHORITY SECTION:
199.212.125.in-addr.arpa. 360 IN NS ns.viettelidc.com.vn. 199.212.125.in-addr.arpa. 360 IN NS ns1.viettelidc.com.vn. 199.212.125.in-addr.arpa. 360 IN NS ns2.viettelidc.com.vn.
;; Query time: 26 msec
;; SERVER: 115.84.177.8#53(115.84.177.8)
;; WHEN: Fri Aug 21 09:18:35 2020
;; MSG SIZE rcvd: 175
Chinhlk
V=C3=A0o Th 4, 19 thg 8, 2020 va=CC=80o lu=CC=81c 22:25 Matus UHLAR - fanto= mas <
uhlar@fantomas.sk> =C4=91=C3=A3 vi=E1=BA=BFt:
On 20 Aug 2020, at 00:41, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas
<uhlar@fantomas.sk> wrote:
again, why you query for 250.0-24.199.212.125.in-addr.arpa
under normal circumstances there's no point of querying that name.
On 19.08.20 10:05, tale via bind-users wrote:
Well yes and no. While an individual user would typically not,
resolvers sure will. While trying to resolve
250.199.212.125.in-addr.arpa, it will eventually get to
250.199.212.125.in-addr.arpa CNAME 250.0-24.199.212.125.in-addr.arpa.
my question is why would anyone do this, as this apparently does not
make
sense.
On 20.08.20 00:59, Mark Andrews wrote:
Presumably because they don=E2=80=99t know that APNIC can delegate the /=
24s that
make
up the /17 independently of each other.
even if not, they can fetch whole /24 from their customer (requiring
customer to add their NSes as long).
but, yes, in case of very incompetent customer they can require such delegation.
someone (vietel) illogically delegated whole /24 subnet to broken
servers:
199.212.125.in-addr.arpa. 86400 IN NS dns2.vietel.com.vn.
199.212.125.in-addr.arpa. 86400 IN NS dns1.vietel.com.vn.
0.199.212.125.in-addr.arpa has address 125.235.4.59
1.199.212.125.in-addr.arpa is an alias for 1.0-24.199.212.125.in-addr.arpa.
...
255.199.212.125.in-addr.arpa is an alias for 255.0-24.199.212.125.in-addr.arpa.
delegation from apnic to vietel:
199.212.125.in-addr.arpa. 86400 IN NS dns2.vietel.com.vn. 199.212.125.in-addr.arpa. 86400 IN NS dns1.vietel.com.vn. 199.212.125.in-addr.arpa. 3600 IN NSEC 2.212.125.in-addr.arpa. N=
S
RRSIG NSEC
199.212.125.in-addr.arpa. 3600 IN RRSIG NSEC 13 5 3600
20200917160047 20200818150047 30887 125.in-addr.arpa. 5ixPuj/J+cDFSDwxy3MSMs1xkmpGrdzhrmjiodo6CkEBazwUxojGfIYU R5MNZCbDoMZEF4Fq8eL9lcsZgrBctA=3D=3D
;; Received 321 bytes from 203.119.95.53#53(ns2.apnic.net) in 255 ms
delegation from vietel to vietelidc:
0-24.199.212.125.in-addr.arpa. 86400 IN NS ns.viettelidc.com.vn. 0-24.199.212.125.in-addr.arpa. 86400 IN NS ns2.viettelidc.com.vn. 0-24.199.212.125.in-addr.arpa. 86400 IN NS ns1.viettelidc.com.vn.
;; Received 160 bytes from 203.113.188.2#53(dns2.vietel.com.vn) in 367 ms
zone 199.212.125.in-addr.arpa. at vietelidc who is supposed to provide 0-24.199.212.125.in-addr.arpa:
199.212.125.in-addr.arpa. 2560 IN SOA ns.viettelidc.com.vn. hostmaster.199.212.125.in-addr.arpa. 1597850355 16384 2048 1048576 2560
;; Received 129 bytes from 115.84.181.10#53(ns2.viettelidc.com.vn) in 291
ms
vietelidc is in this case the problem:
1. they block DNS over TCP
2. they should have configured zone 0-24.199.212.125.in-addr.arpa
although it's possible that viettelidc.com.vn asked vietel.com.vn to
delegate 199.212.125.in-addr.arpa.
and vietel.com.vn messed it up...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends? _______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--0000000000000a3b5805ad59e5c7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>
<span class=3D"gmail-tlid-translation gmail-translation" lang=3D"en"><span = title=3D"" class=3D"gmail-">As for Viettel, I don't know how they confi= gure it.</span><br><span title=3D"" class=3D"gmail-">But when I use a serve=
r on another network, the result is as follows:</span></span>
</div><div><br></div><div>; <<>> DiG 9.6-ESV-R8 <<>>=
; @1<span style=3D"background-color:rgb(255,255,0)">15.84.177.8 250.0-24.19= 9.212.125.in-addr.arpa ptr</span></div>; (1 server found)<br>;; global opti= ons: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, s= tatus: NOERROR, id: 52626<br>;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHO= RITY: 3, ADDITIONAL: 0<br>;; WARNING: recursion requested but not available= <br><br>;; QUESTION SECTION:<br>;250.0-24.199.212.125.in-addr.arpa. IN =C2= =A0PTR<br><br><span style=3D"background-color:rgb(255,255,0)">;; ANSWER SEC= TION:<br>250.0-24.199.212.125.in-addr.arpa. 360 IN PTR =C2=A0 <a href=3D"ht= tp://smtp.vss.gov.vn">smtp.vss.gov.vn</a>.<br>250.0-24.199.212.125.in-addr.= arpa. 360 IN PTR =C2=A0 <a href=3D"
http://baohiemxahoi.gov.vn">baohiemxahoi= .gov.vn</a>.</span><br><br>;; AUTHORITY SECTION:<br>199.212.125.in-addr.arp=
a. 360 =C2=A0 IN =C2=A0 =C2=A0 =C2=A0NS =C2=A0 =C2=A0 =C2=A0<a href=3D"http= ://ns.viettelidc.com.vn">ns.viettelidc.com.vn</a>.<br>199.212.125.in-addr.a= rpa. 360 =C2=A0 IN =C2=A0 =C2=A0 =C2=A0NS =C2=A0 =C2=A0 =C2=A0<a href=3D"ht= tp://ns1.viettelidc.com.vn">ns1.viettelidc.com.vn</a>.<br>199.212.125.in-ad= dr.arpa. 360 =C2=A0 IN =C2=A0 =C2=A0 =C2=A0NS =C2=A0 =C2=A0 =C2=A0<a href= =3D"
http://ns2.viettelidc.com.vn">ns2.viettelidc.com.vn</a>.<br><br>;; Quer=
y time: 26 msec<br>;; SERVER: 115.84.177.8#53(115.84.177.8)<br>;; WHEN: Fri=
Aug 21 09:18:35 2020<br><div>;; MSG SIZE =C2=A0rcvd: 175</div><div><br></d= iv><div>Chinhlk<br></div></div><br><div class=3D"gmail_quote"><div dir=3D"l= tr" class=3D"gmail_attr">V=C3=A0o Th 4, 19 thg 8, 2020 va=CC=80o lu=CC=81c = 22:25 Matus UHLAR - fantomas <<a href=3D"mailto:
uhlar@fantomas.sk">uhlar= @fantomas.sk</a>> =C4=91=C3=A3 vi=E1=BA=BFt:<br></div><blockquote class= =3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg= b(204,204,204);padding-left:1ex">>> On 20 Aug 2020, at 00:41, Matus U= HLAR - fantomas <<a href=3D"mailto:
uhlar@fantomas.sk" target=3D"_blank">=
uhlar@fantomas.sk</a>> wrote:<br>
>><br>
>>> On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas<br> >>> <<a href=3D"mailto:
uhlar@fantomas.sk" target=3D"_blank">uhl=
ar@fantomas.sk</a>> wrote:<br>
>>>> again, why you query for 250.0-24.199.212.125.in-addr.arpa=
>>>> under normal circumstances there's no point of queryin=
g that name.<br>
>><br>
>> On 19.08.20 10:05, tale via bind-users wrote:<br>
>>> Well yes and no.=C2=A0 =C2=A0While an individual user would ty= pically not,<br>
>>> resolvers sure will.=C2=A0 While trying to resolve<br> >>> 250.199.212.125.in-addr.arpa, it will eventually get to<br> >>> 250.199.212.125.in-addr.arpa CNAME 250.0-24.199.212.125.in-add= r.arpa.<br>
>><br>
>> my question is why would anyone do this, as this apparently does n=
ot make<br>
>> sense.<br>
On 20.08.20 00:59, Mark Andrews wrote:<br>
>Presumably because they don=E2=80=99t know that APNIC can delegate the = /24s that make<br>
>up the /17 independently of each other.<br>
even if not, they can fetch whole /24 from their customer (requiring<br> customer to add their NSes as long).<br>
but, yes, in case of very incompetent customer they can require such<br> delegation.<br>
>> someone (vietel) illogically delegated whole /24 subnet to broken = servers:<br>
>><br>
>> 199.212.125.in-addr.arpa. 86400 IN=C2=A0 =C2=A0 =C2=A0 NS=C2=A0 = =C2=A0 =C2=A0 <a href=3D"
http://dns2.vietel.com.vn" rel=3D"noreferrer" targ= et=3D"_blank">dns2.vietel.com.vn</a>.<br>
>> 199.212.125.in-addr.arpa. 86400 IN=C2=A0 =C2=A0 =C2=A0 NS=C2=A0 = =C2=A0 =C2=A0 <a href=3D"
http://dns1.vietel.com.vn" rel=3D"noreferrer" targ= et=3D"_blank">dns1.vietel.com.vn</a>.<br>
>><br>
>> 0.199.212.125.in-addr.arpa has address 125.235.4.59<br>
>> 1.199.212.125.in-addr.arpa is an alias for 1.0-24.199.212.125.in-a= ddr.arpa.<br>
>> ...<br>
>> 255.199.212.125.in-addr.arpa is an alias for 255.0-24.199.212.125.= in-addr.arpa.<br>
delegation from apnic to vietel:<br>
199.212.125.in-addr.arpa. 86400 IN=C2=A0 =C2=A0 =C2=A0 NS=C2=A0 =C2=A0 =C2=
=A0 <a href=3D"
http://dns2.vietel.com.vn" rel=3D"noreferrer" target=3D"_bla= nk">dns2.vietel.com.vn</a>.<br>
199.212.125.in-addr.arpa. 86400 IN=C2=A0 =C2=A0 =C2=A0 NS=C2=A0 =C2=A0 =C2=
=A0 <a href=3D"
http://dns1.vietel.com.vn" rel=3D"noreferrer" target=3D"_bla= nk">dns1.vietel.com.vn</a>.<br>
199.212.125.in-addr.arpa. 3600=C2=A0 IN=C2=A0 =C2=A0 =C2=A0 NSEC=C2=A0 =C2=
=A0 2.212.125.in-addr.arpa. NS RRSIG NSEC<br>
199.212.125.in-addr.arpa. 3600=C2=A0 IN=C2=A0 =C2=A0 =C2=A0 RRSIG=C2=A0 =C2= =A0NSEC 13 5 3600 20200917160047 20200818150047 30887 125.in-addr.arpa. 5ix= Puj/J+cDFSDwxy3MSMs1xkmpGrdzhrmjiodo6CkEBazwUxojGfIYU R5MNZCbDoMZEF4Fq8eL9l= csZgrBctA=3D=3D<br>
;; Received 321 bytes from 203.119.95.53#53(<a href=3D"
http://ns2.apnic.net=
" rel=3D"noreferrer" target=3D"_blank">ns2.apnic.net</a>) in 255 ms<br>
delegation from vietel to vietelidc:<br>
0-24.199.212.125.in-addr.arpa. 86400 IN NS=C2=A0 =C2=A0 =C2=A0 <a href=3D"h= ttp://ns.viettelidc.com.vn" rel=3D"noreferrer" target=3D"_blank">ns.viettel= idc.com.vn</a>.<br>
0-24.199.212.125.in-addr.arpa. 86400 IN NS=C2=A0 =C2=A0 =C2=A0 <a href=3D"h= ttp://ns2.viettelidc.com.vn" rel=3D"noreferrer" target=3D"_blank">ns2.viett= elidc.com.vn</a>.<br>
0-24.199.212.125.in-addr.arpa. 86400 IN NS=C2=A0 =C2=A0 =C2=A0 <a href=3D"h= ttp://ns1.viettelidc.com.vn" rel=3D"noreferrer" target=3D"_blank">ns1.viett= elidc.com.vn</a>.<br>
;; Received 160 bytes from 203.113.188.2#53(<a href=3D"
http://dns2.vietel.c= om.vn" rel=3D"noreferrer" target=3D"_blank">dns2.vietel.com.vn</a>) in 367 = ms<br>
zone 199.212.125.in-addr.arpa. at vietelidc who is supposed to provide<br> 0-24.199.212.125.in-addr.arpa:<br>
199.212.125.in-addr.arpa. 2560=C2=A0 IN=C2=A0 =C2=A0 =C2=A0 SOA=C2=A0 =C2=
=A0 =C2=A0<a href=3D"
http://ns.viettelidc.com.vn" rel=3D"noreferrer" target= =3D"_blank">ns.viettelidc.com.vn</a>. hostmaster.199.212.125.in-addr.arpa. = 1597850355 16384 2048 1048576 2560<br>
;; Received 129 bytes from 115.84.181.10#53(<a href=3D"
http://ns2.viettelid= c.com.vn" rel=3D"noreferrer" target=3D"_blank">ns2.viettelidc.com.vn</a>) i=
n 291 ms<br>
vietelidc is in this case the problem:<br>
1. they block DNS over TCP<br>
2. they should have configured zone 0-24.199.212.125.in-addr.arpa<br>
although it's possible that <a href=3D"
http://viettelidc.com.vn" rel=3D= "noreferrer" target=3D"_blank">viettelidc.com.vn</a> asked <a href=3D"http:= //vietel.com.vn" rel=3D"noreferrer" target=3D"_blank">vietel.com.vn</a> to = delegate 199.212.125.in-addr.arpa.<br>
and <a href=3D"
http://vietel.com.vn" rel=3D"noreferrer" target=3D"_blank">v= ietel.com.vn</a> messed it up...<br>
-- <br>
Matus UHLAR - fantomas, <a href=3D"mailto:
uhlar@fantomas.sk" target=3D"_bla= nk">
uhlar@fantomas.sk</a> ; <a href=3D"
http://www.fantomas.sk/" rel=3D"nore= ferrer" target=3D"_blank">
http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
If Barbie is so popular, why do you have to buy her friends?<br> _______________________________________________<br>
Please visit <a href=3D"
https://lists.isc.org/mailman/listinfo/bind-users" = rel=3D"noreferrer" target=3D"_blank">
https://lists.isc.org/mailman/listinfo= /bind-users</a> to unsubscribe from this list<br>
ISC funds the development of this software with paid support subscriptions.=
Contact us at <a href=3D"
https://www.isc.org/contact/" rel=3D"noreferrer" = target=3D"_blank">
https://www.isc.org/contact/</a> for more information.<br=
bind-users mailing list<br>
<a href=3D"mailto:
bind-users@lists.isc.org" target=3D"_blank">bind-users@li= sts.isc.org</a><br>
<a href=3D"
https://lists.isc.org/mailman/listinfo/bind-users" rel=3D"norefe= rrer" target=3D"_blank">
https://lists.isc.org/mailman/listinfo/bind-users</= a><br>
</blockquote></div>
--0000000000000a3b5805ad59e5c7--
--- Synchronet 3.18a-Linux NewsLink 1.113