[wplug] Very strange DNS activity
Devin Lee Drew
dLd at pobox.com
Thu Jul 28 14:40:43 EDT 2005
On Jul 28, 2005, at 11:09 AM, Bill Moran wrote:
> Patrick Wagstrom <pwagstro at andrew.cmu.edu> wrote:
>
>
>> On Thu, 2005-07-28 at 12:40 -0400, Bill Moran wrote:
>>
>>> I'd be grateful to anyone who can explain what the government is
>>> doing with
>>> their DNS. It appears as if www.treas.gov is an alias for
>>> treas.tpaq.treasury.gov, but treas.tpaq.treasury.gov does not have a
>>> DNS record.
>>>
>>> However, if you go to www.treas.gov in a web browser, all works
>>> well.
>>>
>>> Anyone have enough DNS-fu to explain this oddity?
>>>
>>
>> Looks like a problem with your setup. Everything looks kosher here.
>>
>
> [snip]
>
> Looks like it was a transient problem, as I can no longer reproduce
> it.
>
> I suspected this might be the case, since the expiry times on the
> records
> was set to 20 seconds (which is normally insane, but a nice idea while
> switching DNS entries around).
[snip]
The following may be an indication of an understaffing issue? Anyway,
it probably means that they are changing records and you got caught
in a propagation snafu.
http://www.dotgov.gov/
--
NOTICE: All unpaid .Gov domain names must be paid for via credit card
ASAP or they will be subject to service interruption.
You have reached the General Services Administration (GSA) website
for domain name registration for the U.S. government. Since 1997, we
have been proud to manage the .gov and .fed.US top-level domains.
--
There is a whois record webtool at that site. My command line "whois
treas.gov" keeps giving "whois: gov.whois-servers.net: connect:
Connection timed out"
https://www.dotgov.gov/whois.aspx
Currently, TREAS.GOV is not available for registration.
TREAS.GOV
Department of the Treasury
TTB
Domain Name: TREAS.GOV
Status: Active
Technical POC:
(703) 747-9222
Domain servers in listed order:
NS1.TREAS.GOV 199.196.144.3
NS2.TREAS.GOV 199.196.144.4
NS21.TREAS.GOV 199.196.132.3
To follow up on strange DNS information it is good to do your 'dig'
against a name server that you get from whois. This gave me the same
ANSWER SECTION as Patrick, as it should.
Devin --No master of DNS-fu -- you now know my main move -- Drew
$ dig @NS1.TREAS.GOV www.treas.gov
; <<>> DiG 9.3.0 <<>> @NS1.TREAS.GOV www.treas.gov
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61003
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.treas.gov. IN A
;; ANSWER SECTION:
www.treas.gov. 10 IN CNAME treas.tpaq.treasury.gov.
treas.tpaq.treasury.gov. 30 IN A 66.77.70.101
;; AUTHORITY SECTION:
tpaq.treasury.gov. 84896 IN NS st3dns.usmint.gov.
tpaq.treasury.gov. 84896 IN NS dn3dns.usmint.gov.
;; ADDITIONAL SECTION:
dn3dns.usmint.gov. 2096 IN A 66.77.122.131
st3dns.usmint.gov. 2096 IN A 208.45.143.103
;; Query time: 106 msec
;; SERVER: 199.196.144.3#53(NS1.TREAS.GOV)
;; WHEN: Thu Jul 28 11:00:23 2005
;; MSG SIZE rcvd: 162
More information about the wplug
mailing list