[105458] in North American Network Operators' Group
SV: APNIC dns glitch ?
daemon@ATHENA.MIT.EDU (Martin Hannigan)
Tue Jun 24 06:08:04 2008
Date: Tue, 24 Jun 2008 10:04:43 -0000
From: "Martin Hannigan" <hannigan@verneglobal.com>
To: "Danny Thomas" <d.thomas@its.uq.edu.au>, <nanog@merit.edu>
X-Skyrr-MailScanner-From: hannigan@verneglobal.com
Errors-To: nanog-bounces@nanog.org
=20
APNIC made an announcement on an operator list this morning that is =
probably relevant to your issue:
=20
+++include
=20
Some services provided by APNIC were unavailable this morning due to a
disruption to our international connectivity.
This occurred between 07:00 Australian Eastern Standard Time (AEST)
and approximately 11:20 AEST.
Major services affected were:
- www.apnic.net <http://www.apnic.net/>=20
- MyAPNIC
- email
- Whois
- Reverse DNS (partial)
Services provided by ns3.apnic.net <http://ns3.apnic.net/> and =
sec3.apnic.net <http://sec3.apnic.net/> remained
resolvable.
Unfortunately, we were not able to announce this situation when it
occurred due to the loss of connectivity.
+++end
=20
=20
=20
--
Martin Hannigan hannigan@verneglobal.com =
<mailto:hannigan@verneglobal.com>=20
Verne Global http://www.verneglobal.com =
<http://www.verneglobal.com/>=20
Keflavik, Iceland
________________________________
Fra: Danny Thomas [mailto:d.thomas@its.uq.edu.au]
Sendt: ma 23-jun-08 22:54
Til: nanog@merit.edu
Emne: APNIC dns glitch ?
I thought I'd sent this a couple of hours ago
APNIC are aware of the problem and
things have partially recovered though the arin and ripe
name-servers still SERVFAIL
the second run of our delegation-checking script this morning
started complaining about our 203.in-addr zones and it seems
there is an issue with apnic.net
the delegation shows 4 entries spread across 3 domains which
is good, albeit all are under the same registry.
Sometimes cumin.apnic.net and innie.apnic.net. are not
reachable, or give a REFUSED response, or give a response
with no A records nor any additional section.
Unfortunately both tinnie.arin.net and ns-sec.ripe.net
return SERVFAIL, as if they had not been able to perform
a zone transfer for a while (assuming AXFR is the replication
mechanism).
I don't have ipv6 connectivity, but that's not likely to help.
I don't think this will significantly impact reverse dns
lookups as I think the dns is spread across other RIR's
seems there was a different type of issue in May
http://www.bauani.org/thinkings/2008/05/issue-with-apnic-dns-nameservers.=
html
Danny Thomas
# dig @I.GTLD-SERVERS.net apnic.net +norec
; <<>> DiG 9.4.2 <<>> @I.GTLD-SERVERS.net apnic.net +norec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5460
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 5
;; QUESTION SECTION:
;apnic.net. IN A
;; AUTHORITY SECTION:
apnic.net. 172800 IN NS cumin.apnic.net.
apnic.net. 172800 IN NS ns-sec.ripe.net.
apnic.net. 172800 IN NS tinnie.apnic.net.
apnic.net. 172800 IN NS tinnie.arin.net.
;; ADDITIONAL SECTION:
cumin.apnic.net. 172800 IN A 202.12.29.59
ns-sec.ripe.net. 172800 IN A 193.0.0.196
ns-sec.ripe.net. 172800 IN AAAA 2001:610:240:0:53::4
tinnie.apnic.net. 172800 IN A 202.12.29.60
tinnie.arin.net. 172800 IN A 168.143.101.18
dig @202.12.29.59 apnic.net any +norec
; <<>> DiG 9.4.2 <<>> @202.12.29.59 apnic.net any +norec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 33930
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
# dig @202.12.29.59 apnic.net any
; <<>> DiG 9.4.2 <<>> @202.12.29.59 apnic.net any
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40744
;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;apnic.net. IN ANY
;; ANSWER SECTION:
apnic.net. 3600 IN SOA cumin.apnic.net. =
dns-admin.apnic.net.=20
2008062101 3600 1800 604800 3600
apnic.net. 3600 IN NS cumin.apnic.net.
apnic.net. 3600 IN NS ns-sec.ripe.net.
apnic.net. 3600 IN NS tinnie.arin.net.
apnic.net. 3600 IN NS tinnie.apnic.net.
apnic.net. 3600 IN MX 10 kombu.apnic.net.
apnic.net. 3600 IN MX 25 karashi.apnic.net.
apnic.net. 3600 IN MX 35 fennel.apnic.net.
;; Query time: 3 msec
;; SERVER: 202.12.29.59#53(202.12.29.59)
;; WHEN: Tue Jun 24 10:35:13 2008
;; MSG SIZE rcvd: 235
dig @193.0.0.196 apnic.net any +norec
; <<>> DiG 9.4.2 <<>> @193.0.0.196 apnic.net any +norec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37668
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;apnic.net. IN ANY
# dig @168.143.101.18 apnic.net ns
; <<>> DiG 9.4.2 <<>> @168.143.101.18 apnic.net ns
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41014
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;apnic.net. IN NS
