[33781] in North American Network Operators' Group
Re: Name server problems? or did Microsoft forget to pay their bill again?
daemon@ATHENA.MIT.EDU (Greg A. Woods)
Wed Jan 24 03:27:07 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@weird.com (Greg A. Woods)
To: nanog@merit.edu
In-Reply-To: <20010123232209.F26035@haybaler.sackheads.org>
Reply-To: nanog@merit.edu (North America Network Operators Group Mailing List)
Message-Id: <20010124082147.E11E25@proven.weird.com>
Date: Wed, 24 Jan 2001 03:21:47 -0500 (EST)
Errors-To: owner-nanog-outgoing@merit.edu
When will all the idiots who think they know how to configure DNS, but
obviously don't, learn that they can't get away with having all their
nameservers on the same network no matter how well connected that
network might appear to be under the best of conditions, or how many
different directions the fiber leaves the building/campus?
As you can see for MICROSOFT.COM everything's apparently in one place,
network geography-wise:
Domain servers in listed order:
DNS4.CP.MSFT.NET 207.46.138.11
DNS5.CP.MSFT.NET 207.46.138.12
DNS6.CP.MSFT.NET 207.46.138.20
DNS7.CP.MSFT.NET 207.46.138.21
Those addresses might be in a /16 in allocation:
Microsoft (NETBLK-MICROSOFT-GLOBAL-NET) MICROSOFT-GLOBAL-NET
207.46.0.0 - 207.46.255.255
and whois.ra.net shows a /18 for their routing:
$ whois -h whois.ra.net 207.46.138.11
Route: 207.46.128.0/18
descr: MS-CP
origin: AS8070
mnt-by: MICROSOFT-MAINT-CW
changed: judithsh@microsoft.com 20001024
source: CW
but I'd almost be willing to bet that all those machines are in the same
building, and maybe even in the same room (and if not they're probably
at least all on the same campus). Even if they have tunnels routing
these addresses to machines in diverse physical locales, they don't seem
to have managed to eliminate any significant number of the serious
failure scenarios.
Seems I can at the moment get to *one* of their nameservers:
$ host -C microsoft.com
microsoft.com NS DNS4.CP.MSFT.NET
Nameserver DNS4.CP.MSFT.NET not responding
microsoft.com SOA record not found at DNS4.CP.MSFT.NET, try again
microsoft.com NS DNS5.CP.MSFT.NET
Nameserver DNS5.CP.MSFT.NET not responding
microsoft.com SOA record not found at DNS5.CP.MSFT.NET, try again
microsoft.com NS DNS7.CP.MSFT.NET
dns.cp.msft.net msnhst.microsoft.com (2001012306 900 600 7200000 7200)
!!! microsoft.com SOA primary dns.cp.msft.net is not advertised via NS
microsoft.com NS DNS6.CP.MSFT.NET
Nameserver DNS6.CP.MSFT.NET not responding
microsoft.com SOA record not found at DNS6.CP.MSFT.NET, try again
but it's not one that's registered for MSNBC.COM....
Domain servers in listed order:
DNS4.CP.MSFT.NET 207.46.138.11
DNS5.CP.MSFT.NET 207.46.138.12
$ host -C msnbc.com
msnbc.com NS DNS4.CP.MSFT.NET
Nameserver DNS4.CP.MSFT.NET not responding
msnbc.com SOA record not found at DNS4.CP.MSFT.NET, try again
msnbc.com NS DNS5.CP.MSFT.NET
Nameserver DNS5.CP.MSFT.NET not responding
msnbc.com SOA record not found at DNS5.CP.MSFT.NET, try again
I can however eventually (took one retry and quite a few seconds!) get
an answer for www.mnbc.com it seems:
$ host -a www.msnbc.com
www.msnbc.com CNAME msnbc.com
msnbc.com NS DNS4.CP.MSFT.NET
msnbc.com NS DNS5.CP.MSFT.NET
msnbc.com A 207.46.238.109
msnbc.com A 207.46.238.23
msnbc.com A 207.46.238.24
msnbc.com A 207.46.238.26
msnbc.com A 207.46.150.205
msnbc.com A 207.46.150.254
Wow! Would you look at that! They may even have their web servers more
diversely placed on the network than they do their nameservers!
If only Microsoft were the only ones that made this kind of inevitably
fatal (at least from a DNS point of view) mistake..... :-(
One would think that a company with the obvious resources and power they
have would have registered nameservers on every major backbone on the
planet, and then some (right up to the maximum possible!). I don't want
my nameservers to disappear from any part of the net at any time, and
I'm sure they don't either. I've only got three for my home domain
(with really only two separate network paths to them), but I'm not a
multi-national corporation either!
Oh, and just as I'm about to send this off I see one more server cough
up replies (guess that's where I got the msnbc.com A RRs from too):
$ host -C msnbc.com
msnbc.com NS DNS5.CP.MSFT.NET
Nameserver DNS5.CP.MSFT.NET not responding
msnbc.com SOA record not found at DNS5.CP.MSFT.NET, try again
msnbc.com NS DNS4.CP.MSFT.NET
dns.cp.msft.net msnhst.microsoft.com (2001012205 1800 900 7200000 3600)
!!! msnbc.com SOA primary dns.cp.msft.net is not advertised via NS
$ host -C microsoft.com
microsoft.com NS DNS5.CP.MSFT.NET
Nameserver DNS5.CP.MSFT.NET not responding
microsoft.com SOA record not found at DNS5.CP.MSFT.NET, try again
microsoft.com NS DNS7.CP.MSFT.NET
Nameserver DNS7.CP.MSFT.NET not responding
microsoft.com SOA record not found at DNS7.CP.MSFT.NET, try again
microsoft.com NS DNS6.CP.MSFT.NET
dns.cp.msft.net msnhst.microsoft.com (2001012306 900 600 7200000 7200)
!!! microsoft.com SOA primary dns.cp.msft.net is not advertised via NS
microsoft.com NS DNS4.CP.MSFT.NET
dns.cp.msft.net msnhst.microsoft.com (2001012306 900 600 7200000 7200)
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
