Indeed, rdns for HamWAN is still broken (44.25.0.0/16). It appears to be because second level delegations were made on ARIN's DNS servers for every "44.x" label. Since that's at the same level as our delegation, DNS servers see it as an invalid "horizontal" delegation.
Can you please see that the "25.44.in-addr.arpa." record is updated in ARIN's DNS servers to point to:
a.ns.hamwan.net. b.ns.hamwan.net.
Thank you,
-Cory, NQ1E HamWAN
$ dig +trace 25.44.in-addr.arpa.
<snip>
44.in-addr.arpa. 86400 IN NS z.arin.net. 44.in-addr.arpa. 86400 IN NS x.arin.net. 44.in-addr.arpa. 86400 IN NS r.arin.net. ;; Received 92 bytes from 200.10.60.53#53(200.10.60.53) in 232 ms
25.44.in-addr.arpa. 86400 IN NS ns2.threshinc.com. 25.44.in-addr.arpa. 86400 IN NS ampr-dns.in-berlin.de. 25.44.in-addr.arpa. 86400 IN NS a.coreservers.uk. 25.44.in-addr.arpa. 86400 IN NS ampr.org. 25.44.in-addr.arpa. 86400 IN NS munnari.oz.au. ;; Received 181 bytes from 199.180.180.63#53(199.180.180.63) in 498 ms
25.44.in-addr.arpa. 3600 IN NS a.ns.hamwan.net. 25.44.in-addr.arpa. 3600 IN NS c.ns.hamwan.net. 25.44.in-addr.arpa. 3600 IN NS b.ns.hamwan.net. ;; BAD (HORIZONTAL) REFERRAL ;; Received 97 bytes from 192.109.42.4#53(192.109.42.4) in 269 ms
25.44.in-addr.arpa. 3600 IN SOA a.ns.hamwan.net. hostmaster.hamwan.net. 2019071706 900 180 604800 900 ;; Received 98 bytes from 44.24.245.2#53(44.24.245.2) in 11 ms
On Fri, Jul 19, 2019 at 7:40 AM Tom Hayward via 44Net < 44net@mailman.ampr.org> wrote:
---------- Forwarded message ---------- From: Tom Hayward esarfl@gmail.com To: AMPRNet working group 44net@mailman.ampr.org Cc: Bcc: Date: Fri, 19 Jul 2019 07:38:57 -0700 Subject: Re: [44net] Reverse DNS broken Seems 44.25.0.0/16 is still broken. It was previously delegated to [abc]. ns.hamwan.net.
Tom KD7LXL
On Fri, Jul 19, 2019, 05:07 Job Snijders job@ntt.net wrote:
I think this is resolved now.
On Fri, Jul 19, 2019 at 02:37 Job Snijders job@ntt.net wrote:
Some good debugging information was provided to me offlist , I've now been in touch with ARIN staff and some changes were made. It may take a few hours for the changes to be visible on the Internet, new zone file needs to be generated & pushed out.
My initial assessment is that the delegations for the remaining /10 and /9 towards AMPRnet DNS servers didnt exist. I don't know whose responsiblity it would've been to ensure that existed. I can't guess
why
they were missing, perhaps a coordination issue in the transfer process from the previous state to the current state.
The AMPRnet reverse DNS administators may want to verify that the authoritative dns servers are configured not for for 44.in-addr.arpa, but for the individual /16s within 44/8 that still are AMPRnet. I don't know who manages that so I hope this message finds them.
I'm running on fumes and only have 4 hours of sleep opportunity ahead
of
me - so signing off, I think things will probably restore in the next few hours.
Good luck!
Job
On Fri, Jul 19, 2019 at 05:27:27AM +0000, Job Snijders wrote:
To help speed up the resolution process, it would be beneficial if someone provides me with data what exactly is broken, and what the values / parameters previously were.
was 44.in-addr.arpa. previously delegated to z.arin.net, x.arin.net,
and
r.arin.net? If not, where was it delegated? Where should it be delegated?
Any tangible data about what the state currently is, and what it
should
be; will help speed up recovery.
Kind regards,
Job
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
---------- Forwarded message ---------- From: Tom Hayward via 44Net 44net@mailman.ampr.org To: AMPRNet working group 44net@mailman.ampr.org Cc: Tom Hayward esarfl@gmail.com Bcc: Date: Fri, 19 Jul 2019 07:38:57 -0700 Subject: Re: [44net] Reverse DNS broken _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On Fri, Jul 19, 2019 at 11:54:55AM -0700, Cory (NQ1E) wrote:
Indeed, rdns for HamWAN is still broken (44.25.0.0/16). It appears to be because second level delegations were made on ARIN's DNS servers for every "44.x" label. Since that's at the same level as our delegation, DNS servers see it as an invalid "horizontal" delegation.
same here,
$ i=0; while [ $i -lt 256 ]; do host 44.$i.0.0 ; i=$(($i+1)); done|grep SERVF Host 0.0.25.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.130.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.140.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.148.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.149.44.in-addr.arpa not found: 2(SERVFAIL)
(and: Host 0.0.224.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.225.44.in-addr.arpa not found: 2(SERVFAIL) ..forget about them)
140.44.in-addr.arpa is Sweden.
$ dig 60.100.130.44.in-addr.arpa ptr +trace ... 130.44.in-addr.arpa. 3600 IN NS db0fhn.efi.fh-nuernberg.de. 130.44.in-addr.arpa. 3600 IN NS db0res.de. 130.44.in-addr.arpa. 3600 IN NS ns.db0fhn.ampr.org. ;; BAD (HORIZONTAL) REFERRAL dig: too many lookups
=> 44.0.0.1 delegaes NS for 44.25, 44.130, 44.140, 44.148, 44.149 and that got broken. No glue issue (see db0res.de, or ns.ssvl.kth.se). Perhaps due to the fact that primary and secondary nameservers are configured to serve 44.in-addr.arpa, but in-addr.arpa has a smaller scope.
vy 73, - Thomas dl9sau
I have just sent a request to the ARIN hostmaster to correct these. I don't know how long it will take them to do so. - Brian
On Fri, Jul 19, 2019 at 09:52:45PM +0200, Thomas Osterried wrote:
On Fri, Jul 19, 2019 at 11:54:55AM -0700, Cory (NQ1E) wrote:
Indeed, rdns for HamWAN is still broken (44.25.0.0/16). It appears to be because second level delegations were made on ARIN's DNS servers for every "44.x" label. Since that's at the same level as our delegation, DNS servers see it as an invalid "horizontal" delegation.
same here,
$ i=0; while [ $i -lt 256 ]; do host 44.$i.0.0 ; i=$(($i+1)); done|grep SERVF Host 0.0.25.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.130.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.140.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.148.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.149.44.in-addr.arpa not found: 2(SERVFAIL)
(and: Host 0.0.224.44.in-addr.arpa not found: 2(SERVFAIL) Host 0.0.225.44.in-addr.arpa not found: 2(SERVFAIL) ..forget about them)
140.44.in-addr.arpa is Sweden.
$ dig 60.100.130.44.in-addr.arpa ptr +trace ... 130.44.in-addr.arpa. 3600 IN NS db0fhn.efi.fh-nuernberg.de. 130.44.in-addr.arpa. 3600 IN NS db0res.de. 130.44.in-addr.arpa. 3600 IN NS ns.db0fhn.ampr.org. ;; BAD (HORIZONTAL) REFERRAL dig: too many lookups
=> 44.0.0.1 delegaes NS for 44.25, 44.130, 44.140, 44.148, 44.149 and that got broken. No glue issue (see db0res.de, or ns.ssvl.kth.se). Perhaps due to the fact that primary and secondary nameservers are configured to serve 44.in-addr.arpa, but in-addr.arpa has a smaller scope.
vy 73,
- Thomas dl9sau
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
This was finally tracked down to a series of errors at ARIN, which appear now to be corrected. Please test and confirm. - Brian
On Fri, Jul 19, 2019 at 11:54:55AM -0700, Cory (NQ1E) wrote:
Indeed, rdns for HamWAN is still broken (44.25.0.0/16). It appears to be because second level delegations were made on ARIN's DNS servers for every "44.x" label. Since that's at the same level as our delegation, DNS servers see it as an invalid "horizontal" delegation.
Can you please see that the "25.44.in-addr.arpa." record is updated in ARIN's DNS servers to point to:
a.ns.hamwan.net. b.ns.hamwan.net.
Thank you,
-Cory, NQ1E HamWAN
$ dig +trace 25.44.in-addr.arpa.
<snip>
44.in-addr.arpa. 86400 IN NS z.arin.net. 44.in-addr.arpa. 86400 IN NS x.arin.net. 44.in-addr.arpa. 86400 IN NS r.arin.net. ;; Received 92 bytes from 200.10.60.53#53(200.10.60.53) in 232 ms
25.44.in-addr.arpa. 86400 IN NS ns2.threshinc.com. 25.44.in-addr.arpa. 86400 IN NS ampr-dns.in-berlin.de. 25.44.in-addr.arpa. 86400 IN NS a.coreservers.uk. 25.44.in-addr.arpa. 86400 IN NS ampr.org. 25.44.in-addr.arpa. 86400 IN NS munnari.oz.au. ;; Received 181 bytes from 199.180.180.63#53(199.180.180.63) in 498 ms
25.44.in-addr.arpa. 3600 IN NS a.ns.hamwan.net. 25.44.in-addr.arpa. 3600 IN NS c.ns.hamwan.net. 25.44.in-addr.arpa. 3600 IN NS b.ns.hamwan.net. ;; BAD (HORIZONTAL) REFERRAL ;; Received 97 bytes from 192.109.42.4#53(192.109.42.4) in 269 ms
25.44.in-addr.arpa. 3600 IN SOA a.ns.hamwan.net. hostmaster.hamwan.net. 2019071706 900 180 604800 900 ;; Received 98 bytes from 44.24.245.2#53(44.24.245.2) in 11 ms
On Fri, Jul 19, 2019 at 7:40 AM Tom Hayward via 44Net < 44net@mailman.ampr.org> wrote:
---------- Forwarded message ---------- From: Tom Hayward esarfl@gmail.com To: AMPRNet working group 44net@mailman.ampr.org Cc: Bcc: Date: Fri, 19 Jul 2019 07:38:57 -0700 Subject: Re: [44net] Reverse DNS broken Seems 44.25.0.0/16 is still broken. It was previously delegated to [abc]. ns.hamwan.net.
Tom KD7LXL
On Fri, Jul 19, 2019, 05:07 Job Snijders job@ntt.net wrote:
I think this is resolved now.
On Fri, Jul 19, 2019 at 02:37 Job Snijders job@ntt.net wrote:
Some good debugging information was provided to me offlist , I've now been in touch with ARIN staff and some changes were made. It may take a few hours for the changes to be visible on the Internet, new zone file needs to be generated & pushed out.
My initial assessment is that the delegations for the remaining /10 and /9 towards AMPRnet DNS servers didnt exist. I don't know whose responsiblity it would've been to ensure that existed. I can't guess
why
they were missing, perhaps a coordination issue in the transfer process from the previous state to the current state.
The AMPRnet reverse DNS administators may want to verify that the authoritative dns servers are configured not for for 44.in-addr.arpa, but for the individual /16s within 44/8 that still are AMPRnet. I don't know who manages that so I hope this message finds them.
I'm running on fumes and only have 4 hours of sleep opportunity ahead
of
me - so signing off, I think things will probably restore in the next few hours.
Good luck!
Job
On Fri, Jul 19, 2019 at 05:27:27AM +0000, Job Snijders wrote:
To help speed up the resolution process, it would be beneficial if someone provides me with data what exactly is broken, and what the values / parameters previously were.
was 44.in-addr.arpa. previously delegated to z.arin.net, x.arin.net,
and
r.arin.net? If not, where was it delegated? Where should it be delegated?
Any tangible data about what the state currently is, and what it
should
be; will help speed up recovery.
Kind regards,
Job
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
---------- Forwarded message ---------- From: Tom Hayward via 44Net 44net@mailman.ampr.org To: AMPRNet working group 44net@mailman.ampr.org Cc: Tom Hayward esarfl@gmail.com Bcc: Date: Fri, 19 Jul 2019 07:38:57 -0700 Subject: Re: [44net] Reverse DNS broken _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
The HamWAN delegation is now working. Thank you :)
$ dig ns 25.44.in-addr.arpa. @z.arin.net.
<snip>
;; AUTHORITY SECTION: 25.44.in-addr.arpa. 86400 IN NS b.ns.hamwan.net. 25.44.in-addr.arpa. 86400 IN NS c.ns.hamwan.net. 25.44.in-addr.arpa. 86400 IN NS a.ns.hamwan.net.
On Wed, Jul 24, 2019 at 10:24 AM Brian Kantor via 44Net < 44net@mailman.ampr.org> wrote:
This was finally tracked down to a series of errors at ARIN, which appear now to be corrected. Please test and confirm. - Brian
On Fri, Jul 19, 2019 at 11:54:55AM -0700, Cory (NQ1E) wrote:
Indeed, rdns for HamWAN is still broken (44.25.0.0/16). It appears to
be
because second level delegations were made on ARIN's DNS servers for
every
"44.x" label. Since that's at the same level as our delegation, DNS servers see it as an invalid "horizontal" delegation.
Can you please see that the "25.44.in-addr.arpa." record is updated in ARIN's DNS servers to point to:
a.ns.hamwan.net. b.ns.hamwan.net.
Thank you,
-Cory, NQ1E HamWAN
$ dig +trace 25.44.in-addr.arpa.
<snip>
44.in-addr.arpa. 86400 IN NS z.arin.net. 44.in-addr.arpa. 86400 IN NS x.arin.net. 44.in-addr.arpa. 86400 IN NS r.arin.net. ;; Received 92 bytes from 200.10.60.53#53(200.10.60.53) in 232 ms
25.44.in-addr.arpa. 86400 IN NS ns2.threshinc.com. 25.44.in-addr.arpa. 86400 IN NS ampr-dns.in-berlin.de. 25.44.in-addr.arpa. 86400 IN NS a.coreservers.uk. 25.44.in-addr.arpa. 86400 IN NS ampr.org. 25.44.in-addr.arpa. 86400 IN NS munnari.oz.au. ;; Received 181 bytes from 199.180.180.63#53(199.180.180.63) in 498 ms
25.44.in-addr.arpa. 3600 IN NS a.ns.hamwan.net. 25.44.in-addr.arpa. 3600 IN NS c.ns.hamwan.net. 25.44.in-addr.arpa. 3600 IN NS b.ns.hamwan.net. ;; BAD (HORIZONTAL) REFERRAL ;; Received 97 bytes from 192.109.42.4#53(192.109.42.4) in 269 ms
25.44.in-addr.arpa. 3600 IN SOA a.ns.hamwan.net. hostmaster.hamwan.net. 2019071706 900 180 604800 900 ;; Received 98 bytes from 44.24.245.2#53(44.24.245.2) in 11 ms
On Fri, Jul 19, 2019 at 7:40 AM Tom Hayward via 44Net < 44net@mailman.ampr.org> wrote:
---------- Forwarded message ---------- From: Tom Hayward esarfl@gmail.com To: AMPRNet working group 44net@mailman.ampr.org Cc: Bcc: Date: Fri, 19 Jul 2019 07:38:57 -0700 Subject: Re: [44net] Reverse DNS broken Seems 44.25.0.0/16 is still broken. It was previously delegated to
[abc].
ns.hamwan.net.
Tom KD7LXL
On Fri, Jul 19, 2019, 05:07 Job Snijders job@ntt.net wrote:
I think this is resolved now.
On Fri, Jul 19, 2019 at 02:37 Job Snijders job@ntt.net wrote:
Some good debugging information was provided to me offlist , I've
now
been in touch with ARIN staff and some changes were made. It may
take a
few hours for the changes to be visible on the Internet, new zone
file
needs to be generated & pushed out.
My initial assessment is that the delegations for the remaining
/10 and
/9 towards AMPRnet DNS servers didnt exist. I don't know whose responsiblity it would've been to ensure that existed. I can't
guess
why
they were missing, perhaps a coordination issue in the transfer
process
from the previous state to the current state.
The AMPRnet reverse DNS administators may want to verify that the authoritative dns servers are configured not for for
44.in-addr.arpa,
but for the individual /16s within 44/8 that still are AMPRnet. I
don't
know who manages that so I hope this message finds them.
I'm running on fumes and only have 4 hours of sleep opportunity
ahead
of
me - so signing off, I think things will probably restore in the
next
few hours.
Good luck!
Job
On Fri, Jul 19, 2019 at 05:27:27AM +0000, Job Snijders wrote:
To help speed up the resolution process, it would be beneficial
if
someone provides me with data what exactly is broken, and what
the
values / parameters previously were.
was 44.in-addr.arpa. previously delegated to z.arin.net,
x.arin.net,
and
r.arin.net? If not, where was it delegated? Where should it be delegated?
Any tangible data about what the state currently is, and what it
should
be; will help speed up recovery.
Kind regards,
Job
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
---------- Forwarded message ---------- From: Tom Hayward via 44Net 44net@mailman.ampr.org To: AMPRNet working group 44net@mailman.ampr.org Cc: Tom Hayward esarfl@gmail.com Bcc: Date: Fri, 19 Jul 2019 07:38:57 -0700 Subject: Re: [44net] Reverse DNS broken _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
Brian Kantor -
Cory (NQ1E) -
Thomas Osterried