[TriLUG] DIG and Nameservers
Aaron Joyner via TriLUG
trilug at trilug.org
Fri Feb 17 16:35:32 EST 2017
First, don't trust whois. You're on the right track using dig. Try "dig
+trace rentalventures.com" to see how a standard resolver walks the set of
NS authority records from the root nameservers down to the domain in
question.
When I make the same query against ns0.directnic.com. I get this answer:
$ dig +noall +answer -t any rentalventures.com @ns0.directnic.com.
rentalventures.com. 86400 IN SOA ns0.directnic.com.
hostmaster.ns0.directnic.com. 1320151988 28800 14400 604800 86400
rentalventures.com. 86400 IN NS ns0.directnic.com.
rentalventures.com. 86400 IN NS ns1.directnic.com.
rentalventures.com. 86400 IN MX 5 mx1.emailsrvr.com.
rentalventures.com. 86400 IN MX 25 mx2.emailsrvr.com.
Note the TTLs of 86400 (1 day). That's why, for example, if I ask Google
Public DNS, I don't yet see the additional MX record.
$ dig +noall +answer -t any rentalventures.com @8.8.8.8
rentalventures.com. 73853 IN SOA ns0.directnic.com.
hostmaster.ns0.directnic.com. 1320151988 28800 14400 604800 86400
rentalventures.com. 73853 IN MX 10 mx1.emailsrvr.com.
rentalventures.com. 73853 IN NS ns0.directnic.com.
rentalventures.com. 73853 IN NS ns1.directnic.com.
Also note that directnic doesn't seem to update the serial in the SOA, as
evidenced by the older response in Google Public DNS with one MX record,
but with the same serial... but that's their business. It's not strictly
required to advance the serial unless you're expecting to use BIND's
master/slave functionality.
Now onto the meat of your question, what are you doing wrong? Why don't
you see the TXT SPF record? You seem to be missing that DNS is strictly
hierarchical. You've added an SPF record for rentalventures.com, but
please forgive my intentionally misleading statement. What you've actually
done is add a name (a resource record) of the type TXT at the subdomain
_spf in the rentalventures.com subdomain. You then tried to ask for "any"
record matching the naked rentalventures.com subdomain. Naturally, this
does not include any subdomains, such as www.rentalventures.com, or _
spf.rentalventures.com.
To get the answer you're looking for, you must ask a slightly different
question:
$ dig +noall +answer -t any _spf.rentalventures.com @ns0.directnic.com.
_spf.rentalventures.com. 86400 IN TXT "v=spf1 mx ptr ~all"
Note that 86400 TTL again. Caching resolvers will keep that record for 1
day*, and continue to serve the old response until the cache expires.
Remember to ask @ns0.directnic.com to see the latest and greatest answer
which the Internet will gradually converge on over the next day.
Happy resolving!
Aaron S. Joyner
* - Depending on your definition of "1 day" that might be modulo a second,
near the boundary of a leap second.
On Fri, Feb 17, 2017 at 3:34 PM, Brian McCullough via TriLUG <
trilug at trilug.org> wrote:
> I think that I am asking the right questions, but I am not getting the
> answers that I expect.
>
> I started with whois for "rentalventures.com," which is one of our ( my
> client's ) domain names.
>
> Whois says that directnic.com is the Authoritative Nameserver ( a couple
> of host names at directnic.com ).
>
> I log on to their web site, and try to add a TXT record for the SPF
> record. Apparently I am successful.
>
> I use DIG, and say "dig rentalventures.com any" and get back the SOA
> record, the two nameserver records, and ONE of the two MX records.
>
> The SOA Serial number does not appear to be human-readable, so I can't
> tell whether my edits made any difference.
>
> OK, I have just changed the Priority of each of the two MX records, and,
> if I do "dig @ns0.directnic.com rentalventures.com any" I see one of the
> MX records, with the new value. The SOA serial number has not changed.
>
> I know that there are several A records, as well as the TXT record that
> I added.
>
> If I do "dig -t txt ... " it does not respond with anything.
>
> If I do "dig -t mx ... " it does not respond with anything different.
>
>
> I am sure that I am doing something wrong, but what is it?
>
>
> Thank you,
> Brian ( one of the other ones! )
>
>
> --
> This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/
> options/trilug/aaron%40joyner.ws
> Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list