[LEDE-DEV] Lack of DNS robustness for openwrt.org

Arjen de Korte build+openwrt at de-korte.org
Mon May 7 11:34:21 PDT 2018 

Citeren Jo-Philipp Wich <jo at mein.io>:

> Hi Bjørn,
>
> the current timings of the DO zone are:
>
> ;; ANSWER SECTION:
> openwrt.org.		1800 IN	SOA ns1.digitalocean.com. hostmaster.openwrt.org. (
> 				1525688668 ; serial
> 				10800      ; refresh (3 hours)
> 				3600       ; retry (1 hour)
> 				604800     ; expire (1 week)
> 				1800       ; minimum (30 minutes)
> 				)

This all looks fine, but what slightly worries me that the nameservers  
listed in the Whois information for openwrt.org still mention the old  
ones:

> whois openwrt.org

Domain Name: OPENWRT.ORG
Registry Domain ID: D104186352-LROR
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://www.tucows.com
Updated Date: 2018-05-06T20:40:09Z
[...]
Name Server: ARRAKIS.DUNE.HU
Name Server: BELATEGEUSE.DUNE.HU
Name Server: SOAPSTONE.YURI.ORG.UK

I've switched nameservers for several of my domains (including .org)  
and I recall this never took more than a few hours. It could be I'm  
impatient, but as of now, when running a trace, the above are still  
listed as the openwrt.org nameservers. Of course, *caches* would show  
stale data for up to a day, but running 'dig soa +trace openwrt.org'  
should resolve to the DO nameservers by now.

> dig +trace openwrt.org @resolver1.opendns.com

; <<>> DiG 9.11.2 <<>> +trace openwrt.org @resolver1.opendns.com
;; global options: +cmd
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
.                       518400  IN      NS      d.root-servers.net.
.                       518400  IN      NS      e.root-servers.net.
.                       518400  IN      NS      f.root-servers.net.
.                       518400  IN      NS      g.root-servers.net.
.                       518400  IN      NS      h.root-servers.net.
.                       518400  IN      NS      i.root-servers.net.
.                       518400  IN      NS      j.root-servers.net.
.                       518400  IN      NS      k.root-servers.net.
.                       518400  IN      NS      l.root-servers.net.
.                       518400  IN      NS      m.root-servers.net.
;; Received 239 bytes from 208.67.222.222#53(resolver1.opendns.com) in 6 ms

org.                    172800  IN      NS      b2.org.afilias-nst.org.
org.                    172800  IN      NS      d0.org.afilias-nst.org.
org.                    172800  IN      NS      a2.org.afilias-nst.info.
org.                    172800  IN      NS      b0.org.afilias-nst.org.
org.                    172800  IN      NS      a0.org.afilias-nst.info.
org.                    172800  IN      NS      c0.org.afilias-nst.info.
org.                    86400   IN      DS      9795 7 2  
3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891B FE7FF8E5
org.                    86400   IN      DS      9795 7 1  
364DFAB3DAF254CAB477B5675B10766DDAA24982
org.                    86400   IN      RRSIG   DS 8 1 86400  
20180520170000 20180507160000 39570 .  
XKyDB9S0mMInUMOgX8U0H3/Kjvrj4AuiYRfnxyYUMD/LLOQhTSRv/xKQ  
OWl2jQB7wq3hQEecQn+Zd/410BxtWZ4xxv8dYRKqt8m9HEZzG/b0gDje  
wOqOANWZ8v7StnYlNWUFvS11q0rG0yFubSy+TO6aIQQ4aHA7ZmqPGfzq  
CbfqWv6ynMfNtdzQJS4+3kZlTmYKUqZrEAL3o3/7qD5cmSp7buqI8W5j  
/oTV3Ku74Xo1RDd6RXSZi8aYXKYu6PJ6N82o73OEPzqhWVgjX8KC4aOP  
VoQajzCX5YFAlYXpjtcgJti0/3HqeVqnpHtPF8sSroDCnUFIB+IlNBy2 b0M5lg==
;; Received 813 bytes from 2001:500:12::d0d#53(g.root-servers.net) in 37 ms

openwrt.org.            86400   IN      NS      arrakis.dune.hu.
openwrt.org.            86400   IN      NS      belategeuse.dune.hu.
openwrt.org.            86400   IN      NS      soapstone.yuri.org.uk.
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB  
H9PARR669T6U8O1GSG9E1LMITK4DEM0T  NS SOA RRSIG DNSKEY NSEC3PARAM
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400  
20180528183058 20180507173058 1862 org.  
J1DhIPJyQfBjOpsQYwFcQC2vZcgxohyH+56fQvSKNKd86uvtk5szsjlS  
GpbkcA03uSqpNNuaj5lj+MzfedQvaHfxxVKQI+3cEsBqPVfN9oAvu2Lv  
wKVsIIaAm8sS0/l8DR4Xryz+5DAjZCfdjZq+sRNbDYc8dGpsQXkCZfRe StY=
6tvuefea073v78a07f9tbfq3d98qfrud.org. 86400 IN NSEC3 1 1 1 D399EAAB  
6U03DTEM7DQG048778H41JO23I0SKBJT  A RRSIG
6tvuefea073v78a07f9tbfq3d98qfrud.org. 86400 IN RRSIG NSEC3 7 2 86400  
20180522152438 20180501142438 1862 org.  
BuA1elggJfC0Gax9Rzfb+GKx5S9NWbleZKWskqIqjLsS6tVVqvB46Q/M  
OYg2kav8gBg2zOv7zNywOKuQH4W4hYfVwqTVnb/iE2r2pHefEDh21ZZD  
RcrdfqJ082D7tvPe+/31qZdtjwashQ+R3Gr0WZLRhA+o4NK2Gwp/8ZGX Irs=
;; Received 623 bytes from 199.19.53.1#53(c0.org.afilias-nst.info) in 6 ms

;; Received 40 bytes from 78.47.151.105#53(soapstone.yuri.org.uk) in 16 ms

They still don't.

> Regards,
> Jo
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

More information about the Lede-dev mailing list