cancel
Showing results for 
Search instead for 
Did you mean: 

DNS problems resolving dyn.plus.net due to incorrect server config

nickleverton2
Dabbler
Posts: 11
Thanks: 1
Registered: ‎03-03-2014

DNS problems resolving dyn.plus.net due to incorrect server config

There seems to be a problem with the Plusnet DNS zone configuration for dyn.plus.net.  This is the zone which serves up the address queries for Plusnet's own dynamic DNS broadband connections. All queries on this zone fail, because the zone is incorrectly configured (a "lame delegation") on Plusnet's authoritative DNS servers.

This is a problem because it means that reverse address lookups by remote servers fail.  These lookups are often performed for security reasons, as here.  Log is from a remote server I run which, amongst other measures, uses rDNS to exempt UK connections from rate limiting and port blocking:

Mar 21 08:44:19 warren sshd[32464]: warning: /etc/hosts.allow, line 14: can't verify hostname: getaddrinfo(97.178.31.213.dyn.plus.net, AF_INET) failed
Mar 21 08:44:20 warren sshd[32464]: reverse mapping checking getaddrinfo for 97.178.31.213.dyn.plus.net [213.31.178.97] failed - POSSIBLE BREAK-IN ATTEMPT!

 

This problem arises because any queries on Plusnet's dyn.plus.net zone fail, example here performed via Google DNS server:

$ dig @8.8.8.8 97.178.31.213.dyn.plus.net

; <<>> DiG 9.9.5-9+deb8u14-Debian <<>> @8.8.8.8 97.178.31.213.dyn.plus.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47154
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

(note "ANSWER: 0" - the query cannot be resolved).

 

According to squish.net, the reason for this is that the zone is delegated to nameservers which don't answer but just refer the query onto each other, one of several causes of "lame referral"

Traversing for 97.178.31.213.dyn.plus.net type A starting at the root(s)

Results

37.5% Lame referral received from ns1.force9.net (195.166.128.16) to ns1.force9.net (195.166.128.16)

37.5% Lame referral received from ns1.force9.net (195.166.128.16) to ns2.force9.net (195.166.128.17)

25.0% Lame referral received from ns2.force9.net (195.166.128.17) to ns2.force9.net (195.166.128.17)

 

On checking with your own nameservers this is indeed the case:

 

dig @ns1.force9.net 97.178.31.213.dyn.plus.net

; <<>> DiG 9.9.5-9+deb8u14-Debian <<>> @ns1.force9.net 97.178.31.213.dyn.plus.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18909
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;97.178.31.213.dyn.plus.net. IN A

;; AUTHORITY SECTION:
31.213.dyn.plus.net. 43200 IN NS ns2.force9.net.
31.213.dyn.plus.net. 43200 IN NS ns1.force9.net.

;; ADDITIONAL SECTION:
ns1.force9.net. 86400 IN A 195.166.128.16
ns2.force9.net. 86400 IN A 195.166.128.17

 

Please could you pass this on to the relevant ops people and get them to fix their zone configuration, please ?

Moderator's note by Mike (Mav): Post released from Spam Filter.

2 REPLIES 2
Mav
Moderator
Moderator
Posts: 22,359
Thanks: 4,724
Fixes: 514
Registered: ‎06-04-2007

Re: DNS problems resolving dyn.plus.net due to incorrect server config

Moderator's Note(s)

Thread moved from Fibre Broadband to Everything Else.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

MasterOfReality
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 1,640
Fixes: 57
Registered: ‎26-03-2018

Re: DNS problems resolving dyn.plus.net due to incorrect server config

Hi @nickleverton2 

 

I can see that you have raised this via a ticket on your account as well - I can confirm that our Network Amdin team have moved your ticket into their own work pool, so I should expect you'll get a reply from one of them via that support platform shortly. 

 

Kind Regards, 

MoR