Quoting russell@coker.com.au (russell@coker.com.au):
On Tuesday, 16 October 2018 10:16:04 AM AEDT Rick Moen via luv-talk wrote:
Quoting Kim Oldfield (luv@oldfield.wattle.id.au):
They are using 2 DNS names (which happen to translate into 2 IP addresses). Do you know what technology (load balancers, anycast, etc) they are (not) using so you can substantiate your claim that are violating the RFC?
No, for all I know, they're both massively redundant anycast network clusters spread all over multiple geographic areas, networks, and power grid segments, the way many of the 13 root nameservers are.
Of course, this _does_ happen to be Bluehost, Inc., which has a long history as a singularly technically deficient and inept firm, particularly since being acquired and massively downsized. In light of which, I will sleep soundly in the face of doubts about my being unfair. ;->
Also FWIW I've setup monitoring scripts to check all zones that I'm remotely involved with for being resolvable via 8.8.8.8. I configured such scripts to not alert me unless it's down for more than 5 minutes, because 8.8.8.8 falsely saying that an entry doesn't exist is something that happens periodically.
Sounds extremely useful. Of course, 8.8.8.8 would be returning the result from cache, so this tells you only whether that one nameserver still has the RR with an expired time to live, right? That's valuable information, of course -- just different from knowing whether the authoritative nameservers are running & returning correct zone information, whether they are still authoritative, and whether glue records exist in the parent zones. Coincidentally, I happen to have written a (fugly) shell script for a similar need: My server (linuxmafia.com aka unixmercenary.net aka hugin.imat.com) lives at my house with an ASDL line as uplink. This past Tuesday, the firm AT&T, which is NOT my ISP but rather (in USA technical jargon) the 'ILEC' (incumbent local exchange carrier) shot in the foot my _actual_ ISP small, highly competent, highly technical firm Raw Bandwidth Communications (the 'CLEC' = competitive local exchange carrier -- taking my entire household's ADSL service offline for 2 days and 7 hours. As a matter of ethics on Tuesday, I sent mail from my fallback mail account to everyone ns1.linuxmafia.com does do authoritative DNS for, advising of downtime. Two days later, when AT&T fixed its hapless gaffe at the local exchange off and restore service, I needed to send matching mail, saying DNS service was back. But I wanted to do it semi-automatically with a script that (1) would tally up a set of all authoritative nameservers for a domain, (2) query each of them for their zonefile S/N for that domain, and (3) report that value for each nameserver. It was the usual Ops rule: Any time you're going to do a bunch of commands more than twice, it's time to script it. Here (pro bono publico) is what I came up with: Date: Fri, 26 Oct 2018 01:18:43 -0700 From: Rick Moen <rick@linuxmafia.com> To: Duncan MacKinnon <duncan1@gmail.com> Subject: ns1.linuxmafia.com downtime ended Thursday ~3pm local Greetings! This is an advisory about ns1.linuxmafia.com DNS nameserver downtime having ended. Root cause: AT&T (_not_ my ISP) sabotaged my ASDL at their local exchange around 8am Tueday, then took about 2 days and 7 hours to find and fix their problem. All services are back. ns1.linuxmafia.com is back to doing auth. nameservice, as arranged, for the following domains of yours: bluedreamz.com (master) substancez.com (master) substancez.net (master) substancez.org (master) Evidence below is via fugly shell script ~/bin/testns that I just cranked out: #!/bin/bash domain=$1 for ns in $(whois $domain | grep "Name Server" | \ awk '{ print $3 }' | tr '\r\n' ' '); do echo -n $ns 'is '; dig +short @"$ns". $domain. SOA | awk '{print $3}'; done :r! bin/testns bluedreamz.com NS1.LINUXMAFIA.COM is 2010060700 NS1.SVLUG.ORG is 2010060700 :r! bin/testns substancez.com NS1.LINUXMAFIA.COM is 2011052000 NS1.SVLUG.ORG is 2011052000 :r! bin/testns substancez.net NS1.LINUXMAFIA.COM is 2011052000 NS1.SVLUG.ORG is 2011052000 :r! bin/testns substancez.org NS1.LINUXMAFIA.COM is 2010060700 NS1.SVLUG.ORG is 2010060700