[TriLUG] DIG and Nameservers
David Brain via TriLUG
trilug at trilug.org
Sat Feb 18 12:19:43 EST 2017
Another potentially useful 'trick' is dig +trace - which resolves from
the roots down, and so can excludes any local/isp caching. It can
also reveal problems with intermediary hosts.
So for this case:
$ dig +trace txt rentalventures.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> +trace txt rentalventures.com
;; global options: +cmd
. 458329 IN NS k.root-servers.net.
. 458329 IN NS a.root-servers.net.
. 458329 IN NS l.root-servers.net.
. 458329 IN NS d.root-servers.net.
. 458329 IN NS h.root-servers.net.
. 458329 IN NS g.root-servers.net.
. 458329 IN NS e.root-servers.net.
. 458329 IN NS j.root-servers.net.
. 458329 IN NS b.root-servers.net.
. 458329 IN NS i.root-servers.net.
. 458329 IN NS f.root-servers.net.
. 458329 IN NS c.root-servers.net.
. 458329 IN NS m.root-servers.net.
. 506517 IN RRSIG NS 8 0 518400 20170303050000
20170218040000 61045 .
T8Kn6kKy6E4D/dHpFlmUxiOuvXzJFCZY+YYXYC/1YOy9O/BuQMyj1Uz1
oauKI6VC8Gyyj64eOEyhDdByBLnoodW4mjKhJAwO2XcD7ceJM3k3ow7r
L3ucNlgykgNOzHaa5mXhxvpokdlbMkB201YWyA/keLK4MFHxuioxOMi8
BvfbeZxL1lrFmKSnirOTZrSu0Rp1WY/iLfyGjDopr2o6KrhVAeAT/Pei
hYriCPCMzfktY+5XlfMqkJO94tgbBhplyf9BJ5fi963mrhou42c/zEf5
K5Bebhjcg918ep3uIP/TUwphYGrkmQd4gDRkYcMw+op14cFuIMsj34qh 1VjXMA==
;; Received 1097 bytes from 127.0.1.1#53(127.0.1.1) in 3 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 30909 8 2
E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20170303170000
20170218160000 61045 .
USdYWCImq0xAMcTJrk1M0aCfzp6ki4t3/nYJQHPeD1c+zQ2tDiLpKjd4
Zg8pPFwO4Xg9y62Q8GzqjMOirlxBGT1kXzXZxv0K+gAnQSzvRTAgGJOO
iSTwZy6ulYcezT+KBU5slRSAnRbYasNGxA7TfTKPPwvjqkSRuR9EjKn/
MfSIPCSgAxFy7j2VBcWKMI0okkaSzkhaM/RU8M4DOxb/EcJFuvWpG+FN
BhSWnFVayHdhrhv7JuRapmErdRPUDa3yd2dQiubU76UjZWwNTMsF3wCa
UqDQ91uexMQ6PbXwKE8EfUIUoFyfAKokCmkjLgP2kWprWTYd1eHgQFbq FoHVNQ==
;; Received 870 bytes from 199.7.83.42#53(l.root-servers.net) in 21 ms
rentalventures.com. 172800 IN NS ns0.directnic.com.
rentalventures.com. 172800 IN NS ns1.directnic.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 -
CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400
20170222054758 20170215043758 31697 com.
NNx2YIhIaD8KiEqgcShLu5dW6dJNqKl58tK9JdpYxyCmQfF3zFB0Aipc
F5szExwFhpOgoboMdF1iBUqLYXPcsiw5mVFPXJ3o9yFHe+bNM99Edhbd
de47kxwoQv+CZEphCEo44aaiP8m0lVQPZR/d8QW5Ad6l1DjOpexzp65J 688=
EI0B1ES8NHJ3PI75DNM6Q7UPRNT20L00.com. 86400 IN NSEC3 1 1 0 -
EI0C3EE6CMLABJH5L7LMA90O4MS21GPO NS DS RRSIG
EI0B1ES8NHJ3PI75DNM6Q7UPRNT20L00.com. 86400 IN RRSIG NSEC3 8 2 86400
20170223055729 20170216044729 31697 com.
t4CnahnuitXZVVR0o3kdGvRkAchRGUzu1xDUbeqRBbzA3EElVpF4F34q
hLnKzaxIA0KTHondnFmBuKx7QRMXrbwu6w54DZE24rLdjoPuQFnq/0au
7RnBMFAtblu068ol4do6/C7Jl/8C/JQRG9l2i/3XbE6ApUCEz0juLAfD +9k=
;; Received 638 bytes from 192.41.162.30#53(l.gtld-servers.net) in 28 ms
rentalventures.com. 86400 IN TXT "v=spf1 mx ptr ~all"
rentalventures.com. 86400 IN NS ns0.directnic.com.
rentalventures.com. 86400 IN NS ns1.directnic.com.
;; Received 145 bytes from 74.117.218.20#53(ns1.directnic.com) in 58 ms
So I'm seeing a valid looking spf for rentalventures.com. That's a
_long_ ttl though, something in the low hours would be more normal.
Also note that if you ever need to 'decode' and SO nslookup will do that :
nslookup -type=soa rentalventures.com
Server: 127.0.1.1
Address: 127.0.1.1#53
Non-authoritative answer:
rentalventures.com
origin = ns0.directnic.com
mail addr = hostmaster.ns0.directnic.com
serial = 1320151988
refresh = 28800
retry = 14400
expire = 604800
minimum = 86400
You would expect to see the 'serial' increment after any changes.
David.
On Sat, Feb 18, 2017 at 1:47 AM, ac via TriLUG <trilug at trilug.org> wrote:
> On Fri, 17 Feb 2017 16:42:28 -0500
> Brian McCullough via TriLUG <trilug at trilug.org> wrote:
>> On Fri, Feb 17, 2017 at 04:42:32PM -0500, Aaron Schrab wrote:
>> > At 15:34 -0500 17 Feb 2017, Brian McCullough via TriLUG
>> > <trilug at trilug.org> wrote:
>> > >I log on to their web site, and try to add a TXT record for the SPF
>> > >record. Apparently I am successful.
>> > I'm not familiar with their web interface, but thinking that it
>> > might be a thin interface on top of normal zone files and being
>> > aware of the most common pitfall there I tried:
>> > 1128$ dig +short @ns1.directnic.com rentalventures.com txt
>> > 1129$ dig +short @ns1.directnic.com
>> > rentalventures.com.rentalventures.com txt "v=spf1 mx ptr ~all"
>> > Note the doubled domain in the second, successful query. You likely
>> > need to add a trailing `.` on the name in that interface to
>> > indicate that it's fully qualified rather than needing to have the
>> > zone appended. You may also be able to use just `@` (without the
>> > quotes) for the name; at least with BIND that's a shortcut for the
>> > zone name.
>> Good guess, but I suspect that I shot myself in the foot, again. I
>> have no control over the tail end ( domain name ) of the record, but
>> did enter "*" before that.
>>
>> I will remove it, and see how things change.
>> Nope, no change. Oh, well.
>> I have learned a lot, and yes, I am well aware of the timeouts
>> involved. I will come back to this tomorrow afternoon, and see if we
>> are having any more success with Yahoo mail.
>> Thank you all,
>> Brian
>>
> For those of you, that may be wondering why this friggin ac dude is
> replying to posts out of date order, and multiple times, you may want
> to turn on 'threads' in your mutt or other real email client... for
> example, in thread view the post that i am replying to now, is right at
> the bottom, so, if I change my email client, to "date" view' my posts
> and replies follow all below each other :)
> It seems for this mailing list, I may have to do that or it starts
> looking like I am insane :)
>
> Regarding the actual thread reply:
> yes, the "@" is translated by the package 'bind-utils' and you can use
> it as per above for the +short @ -- BUT - the steps and where you do
> the @ is where this issue is as different resolvers used to give
> different answers, up to just now :)
>
> so, you can DIG @ a nameserver
>
> But, not all nameservers are equal... some are authoritative(find them
> in the WHOIS as they are delegated by the parent zone - or dig @source)
> and some are resolvers, etc (and YES, I do know this is an over
> simplification, but I am trying to peel away at the basics so that the
> mystery goes away :) )
>
> So, when you get that, then dig +nocmd +noall +answer should give you
> the TTL etc - but you can also simply see the seconds by the number to
> the right of the domain, in the answer (and keep hitting whatever
> esolver(s) untill you get an average even if they are round robin...)
>
> anyway, as I am sure with one or two people on this list, dns has no
> mysteries for me anymore...
>
> Andre
>
>
> --
> See pics of me, naked, here: http://south.me
> I am also @ https://about.me/andrecoetzee
>
>
>
> --
> This message was sent to: dbrain at gmail.com <dbrain at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/dbrain%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list