Subj : Merciless.... To : Michiel van der Vlist From : Benny Pedersen Date : Sat May 30 2015 08:55:06 Hello Michiel! 30 May 2015 00:55, Michiel van der Vlist wrote to Björn Felten: BF>> I know. But somewhere along the line felten.yi.org seems to end up BF>> with my Telia DNS for incoming calls. And I don't think yi.org is to BF>> blame. in linux shell: dig +trace felten.yi.org ----- felten.yi.org.trace begins ----- ; <<>> DiG 9.10.1-P1 <<>> +trace felten.yi.org ;; global options: +cmd .. 3600000 IN NS B.ROOT-SERVERS.NET. .. 3600000 IN NS I.ROOT-SERVERS.NET. .. 3600000 IN NS A.ROOT-SERVERS.NET. .. 3600000 IN NS F.ROOT-SERVERS.NET. .. 3600000 IN NS C.ROOT-SERVERS.NET. .. 3600000 IN NS M.ROOT-SERVERS.NET. .. 3600000 IN NS L.ROOT-SERVERS.NET. .. 3600000 IN NS J.ROOT-SERVERS.NET. .. 3600000 IN NS H.ROOT-SERVERS.NET. .. 3600000 IN NS D.ROOT-SERVERS.NET. .. 3600000 IN NS E.ROOT-SERVERS.NET. .. 3600000 IN NS G.ROOT-SERVERS.NET. .. 3600000 IN NS K.ROOT-SERVERS.NET. ;; Received 489 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms org. 172800 IN NS d0.org.afilias-nst.org. org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS b2.org.afilias-nst.org. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS c0.org.afilias-nst.info. org. 172800 IN NS a0.org.afilias-nst.info. org. 86400 IN DS 21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0 D90F01BA org. 86400 IN DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 org. 86400 IN RRSIG DS 8 1 86400 20150608170000 20150529160000 48613 . aXVv6U6uphltIoEn3rzuCCgn77hn4lH9mshCPGPZEjyjYI6C1x3SZIXw UTIYp5ZKPdXWtPu6OHeGmjylsTZjbT5p21yAJDsWnP/CeUxeMCF736n6 tc7aWFoUF0+OsaPOog1D6zav2u5SNV/L/ytd9abk39y6XxLfvvlRIvCy olo= ;; Received 687 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 38 ms yi.org. 86400 IN NS connubialis.crackerjack.net. yi.org. 86400 IN NS fumo-viridus.crackerjack.net. h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20150620065928 20150530055928 34023 org. VwGw+QySf1tWeEiURK9UzUae8Fpc+9LUeIIAd/X3Tm992P8iI31lE/ra T8Yj8ZAVWuNe7dfpQ/TVkVgfeIh6LVZbr9Pn7gk+ieM9DLNWHNoKyjTe Ko3icTTY0PTpMgG9bZhcCd/u8KvOdNgoV0BesqU3/hxWOSAPWx6RGaCL nyM= fqe9tq6hgmscbl5spes4jias4eipqk0h.org. 86400 IN NSEC3 1 1 1 D399EAAB FQFU956OE1IMCDBOCIH7FHIMDOUDP7I7 NS DS RRSIG fqe9tq6hgmscbl5spes4jias4eipqk0h.org. 86400 IN RRSIG NSEC3 7 2 86400 20150615155725 20150525145725 34023 org. fRD5SjVb9gSj1m26ywhPK0kukOjQo7vT0D6uyJWXBYVOpQBqvAX1KmgK DtLF52UyvNjDFwAo5tntn1e5sCaZ63s56uH7LTLychlutbdPf4zZkuAi MDqbq18ypTFOZ8ntBVYtXf+r0RpIsHh1V/GdHZUd3ZxC8j6yJEx8jCMz N4g= ;; Received 603 bytes from 199.249.112.1#53(a2.org.afilias-nst.info) in 40 ms felten.yi.org. 86400 IN A 90.231.158.147 yi.org. 604800 IN NS connubialis.crackerjack.net. yi.org. 604800 IN NS fumo-viridus.crackerjack.net. ;; Received 147 bytes from 50.57.171.191#53(connubialis.crackerjack.net) in 133 ms ----- felten.yi.org.trace ends ----- long ttl on felten.yi.org and missing DS :=) so DNSSEC is disabled while all others is ready, ttl on felten should be max 43200, the others is fine with ttl still org tld have not solved the DS problem with your dns provider :( just that yi.org have longer ttl then org ttl, so yi.org here have ttl from org not from its own ttl on yi.org, in other words yi.org cant have longer ttl then org tld, i will just argue that org tld have to short ttl here, not a fault of yi.org :=) MvdV> Odd. How could Telia DNS be involved at all, unless the caller was a MvdV> customer of Telia? possible telia hijack dns pkts ? dig +trace shows that if thay do MvdV>>> Of course this is not a serious problem. Yet... BF>> ACK that! +1 MvdV> Having said that: All else being the same, my preference goes to MvdV> providers offering full IPv6 on all their services... such as http://www.linode.com/ ? :=) Regards Benny .... there can only be one way of life, and it works :) --- Msged/LNX 6.2.0 (Linux/3.18.12-gentoo (i686)) * Origin: duggi.junc.org where qico is waiting (1:261/38.20) .