[80130] in North American Network Operators' Group
Re: Problems with NS*.worldnic.com
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Tue Apr 26 09:59:00 2005
Date: Tue, 26 Apr 2005 13:58:29 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <17006.17297.628188.539625@roam.psg.com>
To: Randy Bush <randy@psg.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Tue, 26 Apr 2005, Randy Bush wrote:
> lots of folk sent email to me and not the list. most report
> worldnic responding with tcp 53 and not udp. would love to
> hear confirmation on list. can think of a number of causes,
> one possible, but just a stab in the dark, would be an
> intentional hack as a defense to a spoofed-ip attack.
>
> what are some names known to be hosted on worldnic?
we had problems reported with:
www.calairmail.com
www.holidaycardwebsite.com
I did some poking around lastnight with dig and some local unix hosts that
I hadn't tried this before on and got no change to tcp :( (so no truncate
and returned results via UDP) though today I see:
morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns7.worldnic.com
;; Truncated, retrying in TCP mode.
and failures (which is PROBABLY my silly iptables config...)
morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns8.worldnic.com
; <<>> DiG 9.2.2rc1 <<>> www.holidaycardwebsite.com. @ns8.worldnic.com
;; global options: printcmd
interesting that both servers aren't doing the same thing?
