Problem with WorldNIC servers?

113 views
Skip to first unread message

Barry Margolin

unread,
Apr 21, 2005, 7:37:41 PM4/21/05
to
A number of our customers have recently reported problems resolving names
in domains hosted by worldnic.com nameservers, such as slccu.org and
mastersofdesign.com. When I investigated, I found that occasionally the
worldnic.com servers will respond to a query with an empty response with
the Truncated flag set. The problem on our end is that the DNS proxy in
our firewall seems to ignore the Truncated flag, rather than retry using
TCP (I've reported this bug to development), so we cache the NOANSWER
response (but we have a hard-coded 60-second negative cache TTL, so the
problem usually clears up shortly).

What I can't understand is why these responses are occurring in the first
place. It doesn't happen consistently, and I haven't found a pattern to
it. None of the responses are very large, so there's no reason they
should need to be truncated. And when a response is truncated, the server
is supposed to fill in as much as it can, not send an empty response. The
servers all claim to be running BIND 9.2.2. Here's a tcpdump showing one
of these:

# dig mail.mastersofdesign.com a @ns70.worldnic.com
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.2.1 <<>> mail.mastersofdesign.com a @ns70.worldnic.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39478
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mastersofdesign.com. IN A

;; ANSWER SECTION:
mail.mastersofdesign.com. 7200 IN A 207.190.248.78

;; AUTHORITY SECTION:
mastersofdesign.com. 7200 IN NS NS70.WORLDNIC.com.
mastersofdesign.com. 7200 IN NS NS69.WORLDNIC.com.

;; Query time: 39 msec
;; SERVER: 216.168.225.210#53(ns70.worldnic.com)
;; WHEN: Thu Apr 21 14:24:47 2005
;; MSG SIZE rcvd: 125

14:24:47.328456 67.98.223.11.1038 > 216.168.225.210.53: 58932+ A?
mail.mastersofdesign.com. (
42) (DF) (ttl 64, id 0)
4500 0046 0000 4000 4011 5dbe 4362 df0b E..F..@.@.].Cb..
d8a8 e1d2 040e 0035 0032 37d6 e634 0100 .......5.27..4..
0001 0000 0000 0000 046d 6169 6c0f 6d61 .........mail.ma
7374 6572 736f 6664 6573 6967 6e03 636f stersofdesign.co
6d00 0001 0001 m.....
14:24:47.369828 216.168.225.210.53 > 67.98.223.11.1038: 58932*| q:
mail.mastersofdesign.com.
0/0/0 (42) (DF) (ttl 52, id 0)
4500 0046 0000 4000 3411 69be d8a8 e1d2 E..F..@.4.i.....
4362 df0b 0035 040e 0032 0000 e634 8780 Cb...5...2...4..
0001 0000 0000 0000 046d 6169 6c0f 6d61 .........mail.ma
7374 6572 736f 6664 6573 6967 6e03 636f stersofdesign.co
6d00 0001 0001 m.....
14:24:47.370663 67.98.223.11.35872 > 216.168.225.210.53: S
3829790512:3829790512(0) win 5840
<mss 1460,nop,nop,sackOK,nop,wscale 0> (DF) (ttl 64, id 4297)
4500 0034 10c9 4000 4006 4d12 4362 df0b E..4..@.@.M.Cb..
d8a8 e1d2 8c20 0035 e445 f730 0000 0000 .......5.E.0....
8002 16d0 1393 0000 0204 05b4 0101 0402 ................
0103 0300 ....
14:24:47.407443 216.168.225.210.53 > 67.98.223.11.35872: S
2193147184:2193147184(0) ack 38297
90513 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0> (DF) (ttl 37, id
4297)
4500 0034 10c9 4000 2506 6812 d8a8 e1d2 E..4..@.%.h.....
4362 df0b 0035 8c20 82b8 c530 e445 f731 Cb...5.....0.E.1
8012 16d0 cb98 0000 0204 05b4 0101 0402 ................
0103 0300 ....
14:24:47.407514 67.98.223.11.35872 > 216.168.225.210.53: . ack 1 win 5840
(DF) (ttl 64, id 42
98)
4500 0028 10ca 4000 4006 4d1d 4362 df0b E..(..@.@.M.Cb..
d8a8 e1d2 8c20 0035 e445 f731 82b8 c531 .......5.E.1...1
5010 16d0 0c64 0000 P....d..
14:24:47.407739 67.98.223.11.35872 > 216.168.225.210.53: P 1:45(44) ack 1
win 5840 (DF) (ttl
64, id 4299)
4500 0054 10cb 4000 4006 4cf0 4362 df0b E..T..@.@.L.Cb..
d8a8 e1d2 8c20 0035 e445 f731 82b8 c531 .......5.E.1...1
5018 16d0 717c 0000 002a 9a36 0100 0001 P...q|...*.6....
0000 0000 0000 046d 6169 6c0f 6d61 7374 .......mail.mast
6572 736f 6664 6573 6967 6e03 636f 6d00 ersofdesign.com.
0001 0001 ....
14:24:47.446285 216.168.225.210.53 > 67.98.223.11.35872: . 1:128(127) ack
45 win 512 (ttl 52,
id 1794)
4500 00a7 0702 0000 3406 a266 d8a8 e1d2 E.......4..f....
4362 df0b 0035 8c20 82b8 c531 e445 f75d Cb...5.....1.E.]
5010 0200 dba1 0000 007d 9a36 8500 0001 P........}.6....
0001 0002 0000 046d 6169 6c0f 6d61 7374 .......mail.mast
6572 736f 6664 6573 6967 6e03 636f 6d00 ersofdesign.com.
0001 0001 c00c 0001 0001 0000 1c20 0004 ................
cfbe f84e c011 0002 0001 0000 1c20 0010 ...N............
044e 5337 3008 574f 524c 444e 4943 c021 .NS70.WORLDNIC.!
c011 0002 0001 0000 1c20 0007 044e 5336 .............NS6
39c0 4bc6 9bd9 9a36 9700 1800 0000 0004 9.K....6........
cfbe f84e c011 00 ...N...
14:24:47.446392 67.98.223.11.35872 > 216.168.225.210.53: . ack 128 win
5840 (DF) (ttl 64, id
4300)
4500 0028 10cc 4000 4006 4d1b 4362 df0b E..(..@.@.M.Cb..
d8a8 e1d2 8c20 0035 e445 f75d 82b8 c5b0 .......5.E.]....
5010 16d0 0bb9 0000

Barry Margolin, CISSP
Sr. Technical Support Engineer
Symantec Corporation
barry_m...@symantec.com
781-530-2367


Network_Admin_2000

unread,
Apr 23, 2005, 2:04:39 PM4/23/05
to
Several Websites in the Atlanta area that are using Network Soulution
for DNS hosting are also still having issues. The problem apears to be
affecting only Bellsouth DSL DNS servers. Other ISP DNS server are able
to use the WORLDNIC DNS servers. If Bellsouth DSL customers change
their DNS to another ISP's DNS server, they should be able to access
the affected sites.

Guido Roeskens

unread,
Apr 26, 2005, 5:02:03 AM4/26/05
to
Posted on NaNOG mailing list April 22nd:

I have been told by a Network Solutions hosting customer that the NSI
name servers are down. This is (obviously) affecting their mail & web.

Since WORLDNIC.com is NSI, this would make sense.

Guido

Reply all
Reply to author
Forward
0 new messages