Не резолвится домен *.kg весь

All Activity

Reply to this topic

Sergey_kha

Posted January 1, 2015

а у вас домены с киргизии резолвятся?

например www.gov.kg?

google dns говорить *** google-public-dns-b.google.com can't find www.gov.kg: Server failed

локальные днс (bind9) тоже самое

downforeveryone говорить что тоже лежит It's not just you! http://www.gov.kg looks down from here.

но приетом яндекс все успешно резолвит

> www.gov.kg

Server: secondary.dns.yandex.ru

Address: 77.88.8.1

Non-authoritative answer:

Name: www.gov.kg

Address: 212.112.98.152

и так со всем *,kz

Вопрос а как увас и что за фигня????

Share this post

Link to post

Share on other sites

kayot

Posted January 1, 2015

У меня резолвятся.

Что интересно, гугловый 8.8.8.8 не резолвит, а 8.8.4.4 - на ура.

Share this post

Link to post

Share on other sites

Ivan_83

Posted January 1, 2015

Unbound заюзайте.

Там проблемы с таймаутами на некоторых днс по пути.

REQUESTING DNS record for www.gov.kg

Results: founded: 9 records, request time: 0
DNS head:  Size	=398
	ID	=38902
	Flags	=[QR=1, OPCODE=0, AA=0, TC=0, RD=1, RA=0, Z=0, AD=0, CD=0, RCODE=0]
	QDCount=1
	ANCount=0
	NSCount=5
	ARCount=4
Win32 DNS error 0: Операция успешно завершена.


Server: KG, Type=2 (NS), Class=1, TTL=172800, server: KG.CCTLD.AUTHDNS.RIPE.NET
Server: KG, Type=2 (NS), Class=1, TTL=172800, server: NS.KG
Server: KG, Type=43 (DS), Class=1, TTL=86400
Server: KG, Type=43 (DS), Class=1, TTL=86400
Server: KG, Type=46 (RRSIG), Class=1, TTL=86400
Server: KG.CCTLD.AUTHDNS.RIPE.NET, Type=1 (A), Class=1, TTL=172800, address: 193.0.9.84
Server: NS.KG, Type=1 (A), Class=1, TTL=172800, address: 195.38.160.36
Server: KG.CCTLD.AUTHDNS.RIPE.NET, Type=28 (AAAA), Class=1, TTL=172800, address: 2001.67c.e0.0.0.0.0.84
OPT_RR: UDPPayloadSize=1472, Flags= [DO=0], Version=192, ExRCode=5, RRDataSize=0

Results: founded: 9 records, request time: 0
DNS head:  Size	=534
	ID	=39011
	Flags	=[QR=1, OPCODE=0, AA=0, TC=0, RD=1, RA=0, Z=0, AD=0, CD=1, RCODE=0]
	QDCount=1
	ANCount=0
	NSCount=5
	ARCount=4
Win32 DNS error 0: Операция успешно завершена.


Server: GOV.KG, Type=2 (NS), Class=1, TTL=86400, server: NS.KG
Server: GOV.KG, Type=2 (NS), Class=1, TTL=86400, server: AS.ASIAINFO.KG
Server: GOV.KG, Type=2 (NS), Class=1, TTL=86400, server: KG.CCTLD.AUTHDNS.RIPE.NET
Server: GOV.KG, Type=47 (NSEC), Class=1, TTL=86400
Server: GOV.KG, Type=46 (RRSIG), Class=1, TTL=10197
Server: AS.ASIAINFO.KG, Type=1 (A), Class=1, TTL=86400, address: 195.38.160.38
Server: NS.KG, Type=1 (A), Class=1, TTL=86400, address: 195.38.160.36
Server: NS.KG, Type=46 (RRSIG), Class=1, TTL=10197
OPT_RR: UDPPayloadSize=4096, Flags= [DO=0], Version=0, ExRCode=16, RRDataSize=0

Results: founded: 10 records, request time: 0
DNS head:  Size	=247
	ID	=48075
	Flags	=[QR=1, OPCODE=0, AA=0, TC=0, RD=1, RA=0, Z=0, AD=0, CD=1, RCODE=0]
	QDCount=1
	ANCount=0
	NSCount=5
	ARCount=5
Win32 DNS error 0: Операция успешно завершена.


Server: WWW.GOV.KG, Type=2 (NS), Class=1, TTL=86400, server: NS2.ELCAT.KG
Server: WWW.GOV.KG, Type=2 (NS), Class=1, TTL=86400, server: NS1.ELCAT.KG
Server: WWW.GOV.KG, Type=2 (NS), Class=1, TTL=86400, server: NS.UD.GOV.KG
Server: WWW.GOV.KG, Type=2 (NS), Class=1, TTL=86400, server: GH-NS.BISHKEK.SU
Server: WWW.GOV.KG, Type=2 (NS), Class=1, TTL=86400, server: NS2.UD.GOV.KG
Server: NS.UD.GOV.KG, Type=1 (A), Class=1, TTL=86400, address: 212.112.98.155
Server: NS1.ELCAT.KG, Type=1 (A), Class=1, TTL=18000, address: 212.42.96.1
Server: NS2.UD.GOV.KG, Type=1 (A), Class=1, TTL=86400, address: 212.112.98.156
Server: NS2.ELCAT.KG, Type=1 (A), Class=1, TTL=18000, address: 212.42.96.2
OPT_RR: UDPPayloadSize=4096, Flags= [DO=0], Version=0, ExRCode=16, RRDataSize=0
DNS head:  Size	=39
	ID	=48169
	Flags	=[QR=1, OPCODE=0, AA=0, TC=0, RD=1, RA=0, Z=0, AD=0, CD=1, RCODE=5]
	QDCount=1
	ANCount=0
	NSCount=0
	ARCount=1
Win32 DNS error 9005: Операция DNS отвергнута.


OPT_RR: UDPPayloadSize=4096, Flags= [DO=0], Version=0, ExRCode=16, RRDataSize=0
ERROR 9005: Операция DNS отвергнута.

DNS head:  Size	=39
	ID	=48231
	Flags	=[QR=1, OPCODE=0, AA=0, TC=0, RD=1, RA=0, Z=0, AD=0, CD=1, RCODE=5]
	QDCount=1
	ANCount=0
	NSCount=0
	ARCount=1
Win32 DNS error 9005: Операция DNS отвергнута.


OPT_RR: UDPPayloadSize=4096, Flags= [DO=0], Version=0, ExRCode=16, RRDataSize=0
ERROR 9005: Операция DNS отвергнута.


REQUEST COMPLETE, FOUND, results: hops: 7, total time: 405
DNS head:  Size	=44
	ID	=48309
	Flags	=[QR=1, OPCODE=0, AA=1, TC=0, RD=1, RA=0, Z=0, AD=0, CD=0, RCODE=0]
	QDCount=1
	ANCount=1
	NSCount=0
	ARCount=0
Win32 DNS error 0: Операция успешно завершена.


Server: WWW.GOV.KG, Type=1 (A), Class=1, TTL=86400, address: 212.112.98.152
==================================================================================

REQUEST COMPLETE, FOUND, results: hops: 7, total time: 405
Server: WWW.GOV.KG, Type=1 (A), Class=1, TTL=86400, address: 212.112.98.152
==================================================================================
DONE

Share this post

Link to post

Share on other sites

ipaddr.ru

Posted January 1, 2015

В DNSSEC зону надо переподписывать регулярно.

01-Jan-2015 10:39:40.705 lame-servers: no valid RRSIG resolving 'kg/DNSKEY/IN': 195.38.160.36#53
01-Jan-2015 10:39:41.031 lame-servers: no valid RRSIG resolving 'kg/DNSKEY/IN': 193.0.9.84#53
01-Jan-2015 10:39:41.197 lame-servers: no valid RRSIG resolving 'kg/DNSKEY/IN': 2001:67c:e0::84#53
01-Jan-2015 10:39:41.197 lame-servers: broken trust chain resolving 'kg/NS/IN': 2001:67c:e0::84#53

Share this post

Link to post

Share on other sites

OKyHb

Posted March 12, 2015

Чёрт, этот dnssec не такой простой.

Кто может объяснить, что за проблемы у rbc.ua? (по тому же dnsviz)

Share this post

Link to post

Share on other sites

Нет проблем у rbc.ua. Потому как не подписана у них зона и в родительской зоне нет ничего, относящегося к DNSSEC. Есть остатки DLV, но им давно никто не пользуется - примерно с тех пор, как подписали рут-зону.

Share this post

Link to post

Share on other sites

OKyHb

Posted March 12, 2015

А у меня всё ещё осталась опция "dlv-anchor-file" в конфиге unbound. И, видимо, из-за этого и не работало.

Правильно понимаю, что её можно спокойно выпиливать?

Share this post

Link to post

Share on other sites

ipaddr.ru

Posted March 12, 2015

Полагаю, да. Достаточно одного ключа для рут-зоны. Главное - не пропустить момент смены ключей, который уже на горизонте.

Share this post

Link to post

Share on other sites

OKyHb

Posted March 12, 2015

Понял, спасибо за консультацию :)

Share this post

Link to post

Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

× Pasted as rich text. Paste as plain text instead

Only 75 emoji are allowed.

× Your link has been automatically embedded. Display as a link instead

× Your previous content has been restored. Clear editor

× You cannot paste images directly. Upload or insert images from URL.

Insert image from URL

Followers 0

Go to topic listing Программное обеспечение, биллинг и *unix системы

Sign In

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Join the conversation