[sf-lug] DNS, my IP address, bclug.ca, ... (some bits from SF-LUG meeting)
Michael Paoli
michael.paoli at berkeley.edu
Sun May 5 14:23:55 PDT 2024
https://www.wiki.balug.org/wiki/doku.php?id=system:what_is_my_ip_address
Yes, can get your IP address (as seen on The Internet) also via DNS,
see newly added entry for kw.bclug.ca on the above.
$ dig -4 -p 53535 +short @kw.bclug.ca. A
96.86.170.226
$
// but bit of intermittent DNS issue with [kw.]bclug.ca.
// so also for the moment ...
$ dig +short kw.bclug.ca. A
199.212.143.222
$ dig -p 53535 @199.212.143.222 my.ip +short
96.86.170.226
$
// Anyway, see also balug.org entries, including, e.g. via ssh.
// There are also other entries on there for obtaining one's IP address
// via DNS.
// Authoritative for ca.?:
$ dig +short ca. NS
any.ca-servers.ca.
c.ca-servers.ca.
j.ca-servers.ca.
d.ca-servers.ca.
// Authority for bclug.ca. says ...?:
$ dig +noall +authority +norecurse @any.ca-servers.ca. bclug.ca. NS
bclug.ca. 86400 IN NS ns2.dnsowl.com.
bclug.ca. 86400 IN NS ns-34-a.gandi.net.
bclug.ca. 86400 IN NS ns1.dnsowl.com.
// Do the authoritatives for bclug.ca. agree on NS? No.
// NS at authority and authoritatives should agree.
$ dig +noall +answer +norecurse @ns2.dnsowl.com. bclug.ca. NS
bclug.ca. 172800 IN NS ns1.dnsowl.com.
bclug.ca. 172800 IN NS ns2.dnsowl.com.
bclug.ca. 172800 IN NS ns3.dnsowl.com.
$ dig +noall +answer +norecurse @ns1.dnsowl.com. bclug.ca. NS
bclug.ca. 172800 IN NS ns1.dnsowl.com.
bclug.ca. 172800 IN NS ns2.dnsowl.com.
bclug.ca. 172800 IN NS ns3.dnsowl.com.
$ dig +noall +answer +norecurse @ns2.dnsowl.com. bclug.ca. NS
bclug.ca. 172800 IN NS ns1.dnsowl.com.
bclug.ca. 172800 IN NS ns2.dnsowl.com.
bclug.ca. 172800 IN NS ns3.dnsowl.com.
$ dig +noall +answer +norecurse @ns-34-a.gandi.net. bclug.ca. NS
bclug.ca. 10800 IN NS ns-34-a.gandi.net.
bclug.ca. 10800 IN NS ns-221-c.gandi.net.
bclug.ca. 10800 IN NS ns-124-b.gandi.net.
$ whois bclug.ca | grep -i 'name.*server'
Name Server: ns-34-a.gandi.net
Name Server: ns1.dnsowl.com
Name Server: ns2.dnsowl.com
$ expr 24 \* 3600
86400
$
// So, once NS authorities for bclug.ca. are adjusted to agree
// (registrant data via registrar), 24 hours 'till should be all well
// (or at least consistent).
$ dig +short +norecurse @ns-34-a.gandi.net. bclug.ca. SOA
ns1.gandi.net. hostmaster.gandi.net. 1714608000 10800 3600 604800 10800
$ dig +short +norecurse @ns1.dnsowl.com. bclug.ca. SOA
ns1.dnsowl.com. hostmaster.dnsowl.com. 1714939305 7200 1800 1209600 600
$
// guessing/presuming SOA SERIAL is seconds since UNIX epoch (a common
// practice, and especially with Dynamic DNS (DDNS) which is quite
// commonly used).
$ date -Iseconds -d @1714608000; date -Iseconds -d @1714939305
2024-05-01T17:00:00-07:00
2024-05-05T13:01:45-07:00
$
// So, looks like presumabably gandi has the older, presumed out-of-date,
// DNS data (vestigial, and presuming no longer intending to be using
// that).
$
// some DNS presentation materials:
// https://www.mpaoli.net/~michael/unix/DNS/
// Handy checking program I use a lot (but it defaults to domains of
// interest to me)
// https://www.mpaoli.net/~michael/bin/DNS_CK
// https://dnsvis.net/ is also excellent DNS analysis too, especially
// for DNSSEC, but also even quite good in general on DNS, see, e.g.:
// https://dnsviz.net/d/bclug.ca/Zjfzgw/servers/
$ (for NS in ns1.dnsowl.com. ns-34-a.gandi.net.; do dig +noall +answer
+nottl @"$NS" bclug.ca. MX | sed -e 's/$/ ;;'"$NS"/; done)
bclug.ca. IN MX 10 lists.bclug.ca. ;;ns1.dnsowl.com.
bclug.ca. IN MX 20 mail.bclug.ca. ;;ns1.dnsowl.com.
bclug.ca. IN MX 20 mail.bclug.ca. ;;ns-34-a.gandi.net.
bclug.ca. IN MX 10 lists.bclug.ca. ;;ns-34-a.gandi.net.
$ (for NS in ns1.dnsowl.com. ns-34-a.gandi.net.; do dig +noall +answer
+nottl @"$NS" bclug.ca. TXT | sed -e 's/$/ ;;'"$NS"/; done)
bclug.ca. IN TXT "v=spf1 +ip4:199.212.143.222
+ip4:69.172.190.161 +ip6:2607:5300:203:b716::1:2
+ip6:2602:2bb:1:1:4c0e:e496:e98d:60e7 +a -all" ;;ns1.dnsowl.com.
bclug.ca. IN TXT "v=spf1 +ip4:199.212.143.222
+ip4:69.172.190.161 +ip6:2607:5300:203:b716::1:2
+ip6:2602:2bb:1:1:4c0e:e496:e98d:60e7 +a -all" ;;ns-34-a.gandi.net.
$ (for NS in ns1.dnsowl.com. ns-34-a.gandi.net.; do dig +noall +answer
+nottl @"$NS" bclug.ca. AXFR; done)
; Transfer failed.
; Transfer failed.
$
// And rather expected, typically AXFR source IPs restricted.
$
// And materials on vi:
// https://www.mpaoli.net/~michael/unix/vi/
$ dig @ns-34-a.gandi.net. _domainkey.bclug.ca. | fgrep -e NX -e ANSWER
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
// Didn't get NXDOMAIN, record(s) out there, at or under that domain,
// got NXDOMAIN, no there there, not only no such domain, but also
// nothing under it.
// So, differing data at and/or under _domainkey.bclug.ca.
$ dig @ns1.dnsowl.com. _domainkey.bclug.ca. | fgrep -e NX -e ANSWER
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47560
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
$
More information about the sf-lug
mailing list