[wplug] Very strange DNS activity

[Poyner, Brandon]

> 6# dig treas.tpaq.treasury.gov
> 
> ; <<>> DiG 8.3 <<>> treas.tpaq.treasury.gov 
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63387
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      treas.tpaq.treasury.gov, type = A, class = IN
> 
> ;; AUTHORITY SECTION:
> tpaq.treasury.gov.      2h54m59s IN SOA  st3dns.usmint.gov. 
> hostmaster.st3dns.usmint.gov. (
>                                         2005072814      ; serial
>                                         8H              ; refresh
>                                         2H              ; retry
>                                         1W              ; expiry
>                                         1D )            ; minimum
> 
> 
> ;; Total query time: 20 msec
> ;; FROM: pa-plum1b-166.pit.adelphia.net to SERVER: 68.168.160.2

The name server nscache1.pittpa.adelphia.net returned a NXDOMAIN
(non-existent domain) for treas.tpaq.treasury.gov.  You can see that it
had done the recursion up to the tpaq.treasury.gov name servers, as it
returned the SOA for that domain.  You get a similar answer if you "dig
@ns1.google.com blah.google.com"  I suspect the error was on the
government's side.

Brandon Poyner
Network Engineer III
CCAC - College Office
412-237-3086